Abstract
We show that a Magma implementation of Joux’s \(L[1/4+o(1)]\) algorithm can be used to compute discrete logarithms in the 1303-bit finite field \({\mathbb F}_{3^{6 \cdot 137}}\) and the 1551-bit finite field \({\mathbb F}_{3^{6 \cdot 163}}\) with very modest computational resources. Our \({\mathbb F}_{3^{6 \cdot 137}}\) implementation was the first to illustrate the effectiveness of Joux’s algorithm for computing discrete logarithms in small-characteristic finite fields that are not Kummer or twisted-Kummer extensions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
More generally, one could consider fields \({\mathbb F}_{q^{kn}}\) where \(n \le 2q+1\). We focus on the case \(k=3\) since our target fields are \({\mathbb F}_{3^{6n}}\) with \(n \in \{137,163\}\), which we will embed in \({\mathbb F}_{(3^4)^{3 \cdot n}}\).
- 3.
For our \({\mathbb F}_{3^{6 \cdot 137}}\) and \({\mathbb F}_{3^{6 \cdot 163}}\) computations, we have \(q=3^4\) and used \(q'=3^3\), so \(s=1\) and \(\deg R = 5\).
- 4.
More precisely, since \(C\) has at most 34 prime factors, each of which is greater than the ten-millionth prime \(p=179424673\), the probability that \(g\) is a generator is at least \((1-\frac{1}{p})^{34} > 0.99999981\).
References
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \(\mathbb{F}_{3^{6 \cdot 509}}\) for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 20–44. Springer, Heidelberg (2014)
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \({\mathbb{F}}_{3^{6 \cdot 1429}}\) and \({\mathbb{F}}_{2^{4 \cdot 3041}}\) for discrete logarithm cryptography. Finite Fields and Their Applications (to appear)
Barbulescu, R., Bouvier, C., Detrey, J., Gaudry, P., Jeljeli, H., Thomé, E., Videau, M., Zimmermann, P.: Discrete logarithm in GF(2\(^{809}\)) with FFS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 221–238. Springer, Heidelberg (2014)
Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Beuchat, J., Detrey, J., Estibals, N., Okamoto, E., Rodríguez-Henríquez, F.: Fast architectures for the \(\eta _T\) pairing over small-characteristic supersingular elliptic curves. IEEE Trans. Comput. 60, 266–281 (2011)
Blake, I., Fuji-Hara, R., Mullin, R., Vanstone, S.: Computing logarithms in finite fields of characteristic two. SIAM J. Algebraic Discrete Methods 5, 276–285 (1984)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17, 297–319 (2004)
Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30, 587–594 (1984)
Coppersmith, D.: Solving homogeneous linear equations over \(GF(2)\) via block Wiedemann algorithm. Math. Comput. 62, 333–350 (1994)
The Cunningham Project. http://homes.cerias.purdue.edu/ssw/cun/
Faugère, J.: A new efficient algorithm for computing Gröbner bases (\(F_4\)). J. Pure Appl. Algebra 139, 61–88 (1999)
Frey, G., Rück, H.: A remark concerning \(m\)-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)
Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)
Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the function field sieve and the impact of higher splitting probabilities. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 109–128. Springer, Heidelberg (2013)
Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 136–152. Springer, Heidelberg (2014)
Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves (or how to solve discrete logarithms in \({\mathbb{F}}_{2^{4 \cdot 1223}}\) and \({\mathbb{F}}_{2^{12 \cdot 367}}\)). http://eprint.iacr.org/2014/119
Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit Secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014)
Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three. IEEE Trans. Comput. 54, 852–860 (2005)
Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. LMS J. Comput. Math. 9, 64–85 (2006)
Granger, R., Zumbrägel, J.: On the security of supersingular binary curves. presentation at ECC 2013 (16 September 2013)
Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing over GF(3\(^{97}\)). In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 43–60. Springer, Heidelberg (2012)
Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 355–380. Springer, Heidelberg (2014)
Joux, A.: Discrete logarithm in \(GF(2^{6128})\), Number Theory List (21 May 21 2013)
Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)
Joux, A., Pierrot, C.: Improving the polynomial time precomputation of frobenius representation discrete logarithm algorithms. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 378–397. Springer, Heidelberg (2014)
Magma v2.19-7. http://magma.maths.usyd.edu.au/magma/
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)
Pollard, J.: Monte Carlo methods for index computation mod \(p\). Math. Comput. 32, 918–924 (1978)
Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 228–244. Springer, Heidelberg (2012)
Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32, 54–62 (1986)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Magma Script for Verifying the \({\mathbb F}_{3^{6 \cdot 137}}\) discrete log
B Magma Script for Verifying the \({\mathbb F}_{3^{6 \cdot 163}}\) discrete log
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F. (2015). Computing Discrete Logarithms in \({\mathbb F}_{3^{6 \cdot 137}}\) and \({\mathbb F}_{3^{6 \cdot 163}}\) Using Magma. In: Koç, Ç., Mesnager, S., Savaş, E. (eds) Arithmetic of Finite Fields. WAIFI 2014. Lecture Notes in Computer Science(), vol 9061. Springer, Cham. https://doi.org/10.1007/978-3-319-16277-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-16277-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16276-8
Online ISBN: 978-3-319-16277-5
eBook Packages: Computer ScienceComputer Science (R0)