Discrete Logarithms in GF(P) Using the Number Field Sieve

@article{Gordon1993DiscreteLI,
  title={Discrete Logarithms in GF(P) Using the Number Field Sieve},
  author={Daniel M. Gordon},
  journal={SIAM J. Discret. Math.},
  year={1993},
  volume={6},
  pages={124-138}
}
  • D. M. Gordon
  • Published 1 February 1993
  • Mathematics, Computer Science
  • SIAM J. Discret. Math.
Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time $L_n [1/3; c]$, where \[ L_n [ v ;c ] = \exp \left\{ ( c + o ( 1 ) ) ( \log n )^v ( \log \log n )^{1 - v } \right\} \] for $n \to \infty $.This paper presents an algorithm to solve the discrete logarithm problem for $GF ( p )$ with heuristic expected running time $L_p [ 1/3; 3^{2/3}]$. For umbers of a special form, there is an asymptotically slower but more practical version of… 
The Number Field Sieve in the Medium Prime Case
TLDR
It is deduced that computing discrete logarithms have heuristic complexity $L_{p^n}(1/3)$ in all finite fields.
An Algorithm to Solve the Discrete Logarithm Problem with the Number Field Sieve
TLDR
Another algorithm to solve the discrete logarithm problem in $\mathbb{F}^{*}_{p}$ for p prime is presented and its running time is estimated to be 1.09018, which coincides with the best known theoretical running time for factoring integers, obtained by Coppersmith.
A General Polynomial Selection Method and New Asymptotic Complexities for the Tower Number Field Sieve Algorithm
TLDR
This method, which the authors call Algorithm-$$\mathcal {C}$$, extends a previous polynomial selection method proposed at Eurocrypt 2016 to the tower number field case and obtains new asymptotic complexities that may have consequences to the selection of key sizes for pairing based cryptography.
Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case
TLDR
The most important modification is done in the polynomial selection step, which determines the cost of the whole algorithm: if one knows how to select good polynomials to tackle discrete logarithms in F, exTNFS allows to use this method when tackling NFS whenever $$ gcd \eta ,\kappa =1$$.
The Multiple Number Field Sieve with Conjugation and Generalized Joux-Lercier Methods
TLDR
This paper designs the best asymptotic algorithm to compute discrete logarithms in the medium characteric case of the Number Field Sieve with the Conjugation Method and leads to an improvement on the asymPTotic complexities in the boundary case between medium and high characteristic finite fields.
Using number fields to compute logarithms in finite fields
TLDR
The number field sieve factoring algorithm is conjectured to factor a number the size of q in the same amount of time when restricted to finite fields of an arbitrary but fixed degree.
Computing Individual Discrete Logarithms Faster in GF(p n ) with the NFS-DL Algorithm
TLDR
The first part of individual DL: the booting step is optimized, by reducing dramatically the size of the preimage norm, hence the running-time of the booted step is much improved and the method is very efficient for small extension fields with $$2 \le n \le 6$$ and applies to any $$n > 1$$, in medium and large characteristic.
Extended Tower Number Field Sieve with Application to Finite Fields of Arbitrary Composite Extension Degree
TLDR
The generalization shows that exTNFS algorithm can be also adapted to the setting with an arbitrary composite n maintaining its best asymptotic complexity, and emphasizes that the keysize of pairing-based cryptosystems should be updated following to the algorithm if the embedding degree n remains composite.
A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic
TLDR
A new discrete logarithm algorithm is presented, in the same vein as in recent works by Joux, using an asymptotically more efficient descent approach, that gives a quasi-polynomial heuristic complexity for the discrete logrithm problem in finite field of small characteristic.
Improvements to the number field sieve for non-prime finite fields
We propose various strategies for improving the computation of discrete logarithms in non-prime fields of medium to large characteristic using the Number Field Sieve. This includes new methods for
...
...

References

SHOWING 1-10 OF 28 REFERENCES
Factoring integers with the number field sieve
In 1990, the ninth Fermat number was factored into primes by means of a new algorithm, the “number field sieve”, which was proposed by John Pollard. The present paper is devoted to the description
A rigorous time bound for factoring integers
In this paper a probabilistic algorithm is exhibited that factors any positive integer n into prime factors in expected time at most Ln[2, 1 + o()] for n oo, where L,[a, b] = exp(b(logx)a(loglogx)l
Discrete Logarithms in Finite Fields and Their Cryptographic Significance
  • A. Odlyzko
  • Computer Science, Mathematics
    EUROCRYPT
  • 1984
TLDR
This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n), finding that in order to be safe from attacks using these algorithms, the value of n for which GF( 2n) is used in a cryptosystem has to be very large and carefully chosen.
Factoring integers with elliptic curves
TLDR
This paper is devoted to the description and analysis of a new algorithm to factor positive integers that depends on the use of elliptic curves and it is conjectured that the algorithm determines a non-trivial divisor of a composite number n in expected time at most K( p)(log n)2.
Factoring numbers using singular integers
Recently, A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse and J .M. Pollard [5,6] have introduced a new algorithm for factoring integers of special form. Based on earlier work of Coppersmith, Odlyzko
Searching for primitive roots in finite fields
  • V. Shoup
  • Mathematics, Computer Science
    STOC '90
  • 1990
TLDR
A solution to the problem of how to deterministically generate in polynomial time a subset of GF(pn) that contains a primitive root, i.e., an element that generates the multiplicative group of nonzero elements in GF(PN) is presented.
Factoring polynomials over large finite fields*
TLDR
Some of the known algorithms for factoring polynomials over finite fields are reviewed and a new deterministic procedure for reducing the problem of factoring an arbitrary polynomial over the Galois field GF(p m) is presented.
Computation of Discrete Logarithms in Prime Fields
  • A. B.
  • Computer Science, Mathematics
TLDR
This paper describes an implementation of a discrete logarithm algorithm which shows that primes of under 200 bits, such as that in the Sun system, are very insecure.
...
...