# Solving Discrete Logarithms on a 170-Bit MNT Curve by Pairing Reduction

@inproceedings{Guillevic2016SolvingDL, title={Solving Discrete Logarithms on a 170-Bit MNT Curve by Pairing Reduction}, author={Aurore Guillevic and François Morain and Emmanuel Thom{\'e}}, booktitle={SAC}, year={2016} }

Pairing based cryptography is in a dangerous position following the breakthroughs on discrete logarithms computations in finite fields of small characteristic. Remaining instances are built over finite fields of large characteristic and their security relies on the fact that the embedding field of the underlying curve is relatively large. How large is debatable. The aim of our work is to sustain the claim that the combination of degree 3 embedding and too small finite fields obviously does not…

## 10 Citations

Secure and Efficient Pairing at 256-Bit Security Level

- Computer Science, MathematicsACNS
- 2017

This paper focuses on the five candidate pairing-friendly curves from the Barreto-Lynn-Scott and Kachisa-Schaefer-Scott families as the 256-bit secure pairing- friendly curves and shows the revised bitlength that the DLP is computationally infeasible against the efficient NFS algorithms for each candidate Pair-friendly curve.

Updating key size estimations for pairings Razvan Barbulescu

- Mathematics, Computer Science
- 2019

This work studies the best attacks against some of the most popular pairings and proposes new key sizes using an analysis which is more precise than the analysis in a recent article of Menezes, Sarkar and Singh.

Sieve algorithms for the discrete logarithm in medium characteristic finite fields. (Algorithmes de crible pour le logarithme discret dans les corps finis de moyenne caractéristique)

- Computer Science, Mathematics
- 2017

This thesis proposes and study two new sieve algorithms allowing us to treat any dimensions, with an emphasis on the three-dimensional case, and provides a complete implementation of the relation collection for some variants of the NFS in three dimensions.

Updating Key Size Estimations for Pairings

- Mathematics, Computer ScienceJournal of Cryptology
- 2018

This work studies the best attacks against some of the most popular pairings and proposes new key sizes using an analysis which is more precise than the analysis in a recent article of Menezes, Sarkar and Singh.

FAME: Fast Attribute-based Message Encryption

- Computer Science, MathematicsCCS
- 2017

This paper proposes the first fully secure ciphertext-policy and key-policy ABE schemes based on a standard assumption on Type-III pairing groups, which do not put any restriction on policy type or attributes.

Extended Tower Number Field Sieve with Application to Finite Fields of Arbitrary Composite Extension Degree

- Computer Science, MathematicsPublic Key Cryptography
- 2016

The generalization shows that exTNFS algorithm can be also adapted to the setting with an arbitrary composite n maintaining its best asymptotic complexity, and emphasizes that the keysize of pairing-based cryptosystems should be updated following to the algorithm if the embedding degree n remains composite.

A unified polynomial selection method for the (tower) number field sieve algorithm

- Computer ScienceAdv. Math. Commun.
- 2019

The current work presents a unified polynomial selection method which is called Algorithm, which is lower than that of all previous algorithms; for the extended tower number field sieve (exTNFS) and the multiple extended TNFS (MexTNFS), there are finite fields for which using the polynomials selected by Algorithm provides the best asymptotic complexity.

A Generalisation of the Conjugation Method for Polynomial Selection for the Extended Tower Number Field Sieve Algorithm

- MathematicsIACR Cryptol. ePrint Arch.
- 2016

The present work generalises the polynomial selection method of Jeong and Kim for all composite n and achieves complexity which is lower than all previously proposed methods.

Scalable practical byzantine fault tolerance with short-lived signature schemes

- Computer Science, MathematicsCASCON
- 2018

This work proposes an efficient short-lived signature based PBFT variant, which utilizes short-length cryptographic keys to sign/verify messages in PBFT for a short period of time and blockchain-aided key distribution mechanisms to update those keys periodically.

Compact aggregate short-lived signatures for consortium consensus protocols

- Computer Science, Mathematics2019 14th International Conference on Computer Engineering and Systems (ICCES)
- 2019

This paper fully review and analysis some cryptographic techniques used in designing a distributed consensus protocol that is efficient, decentralized, and flexible as a framework which are already used in blockchain, and re-examine non-interactive signature and public key aggregation in digital signature on different messages types.

## References

SHOWING 1-10 OF 70 REFERENCES

Reducing elliptic curve logarithms to logarithms in a finite field

- Mathematics, Computer ScienceSTOC '91
- 1991

The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logariths problem in the multiplicative group of an extension of the underlying finite field, thus providing a probabilistic subexponential time algorithm for the former problem.

Solving a Discrete Logarithm Problem with Auxiliary Input on a 160-Bit Elliptic Curve

- Computer Science, MathematicsPublic Key Cryptography
- 2012

The experimental results of Cheon's algorithm are reported, which have succeeded to solve DLPwAI on a pairing-friendly elliptic curve of 160-bit order in 1314 core days and implications on cryptographic schemes are discussed.

The Tower Number Field Sieve

- Computer Science, MathematicsASIACRYPT
- 2015

A new NFS variant for SNFS computations is presented, which is better for some cryptographically relevant cases, according to a precise comparison of norm sizes, an adaptation of Schirokauer's variant of NFS based on tower extensions.

Improving NFS for the Discrete Logarithm Problem in Non-prime Finite Fields

- Computer Science, MathematicsEUROCRYPT
- 2015

Two new methods are designed for the hardness of the discrete logarithm problem in fields GF(\(p^n\)) where \(n\) is a small integer greater than \(1\) and modifying the asymptotic complexity and paving the way for record-breaking computations.

A Taxonomy of Pairing-Friendly Elliptic Curves

- Mathematics, Computer ScienceJournal of Cryptology
- 2009

This paper gives a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature and provides recommendations as to which pairing- friendly curves to choose to best satisfy a variety of performance and security requirements.

The Special Number Field Sieve in 𝔽pn - Application to Pairing-Friendly Constructions

- Mathematics, Computer SciencePairing
- 2013

The Special Number Field Sieve is extended to compute discrete logarithms in Fpn, where p has an adequate sparse representation and the improved algorithm works for the whole range of applicability of the Number field Sieve.

Collecting relations for the Number Field Sieve in GF p p 6 q

- Mathematics, Computer Science
- 2016

This work investigates thoroughly the case in Fp6 with the Number Field Sieve of cryptosystems based on the discrete logarithm problem in non-prime finite fields, as are the torus-based or pairing-based ones, with special-q and various enumeration strategies.

Collecting relations for the Number Field Sieve in GF(p6)

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2016

This work investigates thoroughly the case in GF(p^6) with the Number Field Sieve to assess the security of cryptosystems based on the discrete logarithm problem in non-prime finite fields, as are the torus-based or pairing-based ones.

Breaking Pairing-Based Cryptosystems Using η T Pairing over GF(397)

- Mathematics, Computer ScienceASIACRYPT
- 2012

The function field sieve (FFS) for breaking paring-based cryptosystems using the ηT pairing over GF(397) is implemented for the medium prime case, and several improvements of the FFS are proposed.

Pairing-Friendly Elliptic Curves of Prime Order

- Mathematics, Computer ScienceSelected Areas in Cryptography
- 2005

This paper describes a method to construct elliptic curves of prime order and embedding degree k = 12 and shows that the ability to handle log(D)/log(r) ~ (q–3)/(q–1) enables building curves with ρ ~ q/(q-1).