Solving a 676-bit Discrete Logarithm Problem in GF(36n)

@article{Hayashi2010SolvingA6,
  title={Solving a 676-bit Discrete Logarithm Problem in GF(36n)},
  author={Takuya Hayashi and Naoyuki Shinohara and Lihua Wang and Shin'ichiro Matsuo and Masaaki Shirase and Tsuyoshi Takagi},
  journal={IEICE Trans. Fundam. Electron. Commun. Comput. Sci.},
  year={2010},
  volume={95-A},
  pages={204-212}
}
Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The ηT pairing on supersingular curves over GF(3n) is particularly popular since it is efficiently implementable. Taking into account the Menezes-Okamoto-Vanstone (MOV) attack, the discrete logarithm problem (DLP) in GF(36n) becomes a concern for the security of cryptosystems using ηT pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the… 
View via Publisher
link.springer.com
25 Citations
Highly Influential Citations
1
Background Citations
5
Methods Citations
4
Results Citations
1

25 Citations

Citation Type

Citation Type

Key Length Estimation of Pairing-Based Cryptosystems Using η T Pairing
TLDR
This paper estimates the time complexity of solving the DLP for the extension degrees n=97,163, 193,239,313,353,509, when the improved FFS is used, and presents several new computable estimation formulas to compute the explicit number of special polynomials used in theImproved FFS.
An Experiment of Number Field Sieve for Discrete Logarithm Problem over GF(p 12)
TLDR
A lattice sieve of more than two dimensions is constructed, and parameter sizes such as the dimension of sieving and the size of sieves region from some experiments of the multi-dimensional sieving are discussed.
Breaking Pairing-Based Cryptosystems Using η T Pairing over GF(397)
TLDR
The function field sieve (FFS) for breaking paring-based cryptosystems using the ηT pairing over GF(397) is implemented for the medium prime case, and several improvements of the FFS are proposed.
Pairings in Cryptology: efficiency, security and applications
TLDR
This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements for cryptology;ency and security.
Quantum Computing for Discrete Logarithms
  • S. Yan
  • Computer Science, Mathematics
  • 2015
TLDR
In this chapter, this chapter discusses the quantum computing methods for solving the Discrete Logarithm Problem (DLP) and its extension Elliptic Curve DiscretelogarithM Problem (ECDLP).
FPGA Implementation of Various Elliptic Curve Pairings over Odd Characteristic Field with Non Supersingular Curves
TLDR
An FPGA implementation that supports various parameter settings of pairings on non supersingular pairing-friendly curves for which Montgomery reduction, cyclic vector multiplication algorithm, projective coordinates, and Tate pairing have been combinatorially applied is shown.
Relation Collection for the Function Field Sieve
TLDR
This paper presents the algorithmic and arithmetic techniques which were put together as part of a new public implementation of FFS, aimed at medium-to record-sized computations.
Computing Discrete Logarithms
TLDR
This chapter describes some cryptographically relevant DLPs and presents some of the key ideas and constructions behind the most efficient algorithms known that solve them, as well as introducing elliptic curves and pairings over finite fields and consider various discrete logarithm algorithms.
Selecting polynomials for the Function Field Sieve
TLDR
A sieving procedure which computes, the most costly to evaluate of the three functions, and experimental evidence that, defined as + + 1, predicts the eciency of any polynomial.
Algorithms for discrete logarithm in finite fields
TLDR
This thesis focuses on the notion of smoothness and on ECM, the fastest known smoothness test, and on an improvement to the algorithm by analyzing the Galois properties of the division polynomials, and presents NFS and its related algorithm on function fields.
...
...

References

SHOWING 1-10 OF 34 REFERENCES
The Function Field Sieve in the Medium Prime Case
TLDR
This approach is an alternative to a recent paper of Granger and Vercauteren for computing discrete logarithms in tori, using efficient torus representations, and shows that when q is not too large, a very efficient L(1/3) variation of the function field sieve can be used.
Reducing elliptic curve logarithms to logarithms in a finite field
TLDR
The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logariths problem in the multiplicative group of an extension of the underlying finite field, thus providing a probabilistic subexponential time algorithm for the former problem.
Oracle-Assisted Static Diffie-Hellman Is Easier Than Discrete Logarithms
TLDR
This paper extends Joux-Naccache-Thome's e -th root algorithm to the static Diffie-Hellman problem ( sdhp), and explores the applicability of the technique to various cryptosystems.
Algorithms and Arithmetic Operators for Computing the ηT Pairing in Characteristic Three
TLDR
This paper describes the implementation of a compact coprocessor for the field F397 given by F3[x]/(x97+x12+2), which compares favorably with other solutions described in the open literature.
The Function Field Sieve Is Quite Special
TLDR
Improvements to the function field sieve (FFS) for the discrete logarithm problem in Fpn, when p is small are described and it is argued that this construction has better properties than the construction of Adleman and Huang.
Function Field Sieve in Characteristic Three
TLDR
The efficiency of the function field sieve to compute discrete logarithms in the finite fields \(\mathbb{F}_{3n}\), motivated by attacks on identity based encryption systems using supersingular elliptic curves is investigated.
Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three
TLDR
This work examines the use of normal basis arithmetic in characteristic three in an attempt to get the best of both worlds: an efficient method for computing the Tate pairing that requires no precomputation and that may also be implemented in hardware to accelerate devices such as smart-cards.
Massively Parallel Computation of Discrete Logarithms
TLDR
An aggressive attempt to discover the size of fields of characteristic two for which the computation of discrete logarithms is feasible, and shows that fields as large as GF(2503) can definitely be attacked.
The Special Function Field Sieve
TLDR
A modification of Adleman and Huang's method which runs conjecturally in expected time Lp, which is conjectured to compute a logarithm in a prime field whose cardinality p is of the form $r^e-s$, with r and s small in absolute value.
A comparison of MNT curves and supersingular curves
TLDR
This paper compares both the security and performance issues related to the choice of MNT curves against supersingular curves in characteristic three, for pairing based systems using the BLS signature scheme and the Boneh–Franklin encryption scheme.
...
...