Skip to main content
SpringerLink
Log in

Cryptanalysis of Pairing-Based Cryptosystems Over Small Characteristic Fields

  • Conference paper
  • First Online:
The Impact of Applications on Mathematics

Part of the book series: Mathematics for Industry ((MFI,volume 1))

  • 964 Accesses

Abstract

There are many useful cryptographic schemes which use bilinear pairings. In particular, \(\eta _T\) pairing over small characteristic fields, such as GF \((2^n)\) and GF \((3^n)\), is one of the most efficient algorithms from the implementation point of view. The security of pairing-based cryptosystems using \(\eta _T\) pairing over GF \((2^n)\) (resp. GF \((3^n)\)) relies on the hardness of the discrete logarithm problem over GF \((2^{4n})\) (resp. GF \((3^{6n})\)). However, new index calculus methods proposed by Joux and Barbulescu et al. allow us to solve these problems in quasi-polynomial time. Recent experimental results show that these methods are quite practical, implying that the \(\eta _T\) pairing over GF \((2^n)\) and GF \((3^n)\) is unsuitable for pairing-based cryptosystems. In this paper, we survey the recent progress on index calculus methods and related experimental results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    When \(a, b, c, d \in {GF}(q)\), (3) yields a trivial equation. This is the reason why we need to embed the original DLP to the DLP over \( GF(q^{2n})\).

References

  1. Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Computing discrete logarithms in \(F_{3^{6 \cdot 137}}\) using magma. IACR Cryptology ePrint Archive, Report 2014/057 (2014)

    Google Scholar 

  2. Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \(F_{3^{6\cdot 509}}\) for discrete logarithm cryptography. In: Cao Z., Zhang F. (eds.) Proceedings of 6th International Conference on Pairing-based Cryptography (Pairing 2013). Lecture Notes in Computer Science, vol. 8365, pp. 20–44. Springer, Berlin (2013)

    Google Scholar 

  3. Adleman, L.M.: The function field sieve. In: Adleman L.M., Huang M.D.A. (eds.) Proceedings of 1st Algorithmic Number Theory Symposium (ANTS-I). Lecture Notes in Computer Science, vol. 877, pp. 108–121. Springer, Berlin (1994)

    Google Scholar 

  4. Ahmadi, O., Hankerson, D., Menezes, A.: Software implementation of arithmetic in \(F_{3^m}\). In: Carlet C., Sunar B. (eds.) Proceedings of 1st International Workshop on the Arithmetic of Finite Fields (WAIFI 2007). Lecture Notes in Computer Science, vol. 4547, pp. 85–102. Springer, Berlin (2007)

    Google Scholar 

  5. Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. IACR Cryptology ePrint Archive, Report 2013/400 (2013)

    Google Scholar 

  6. Barreto, P.S.L.M., Galbraith, S.D., O’Eigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Des., Codes Crypt. 42(3), 239–271 (2007)

    Article  MATH  Google Scholar 

  7. Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung M. (ed.) Proceedings of Advances in Cryptology: CRYPTO 2002, 22nd Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 2442, pp. 354–368. Springer, Berlin (2002)

    Google Scholar 

  8. Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel B., Tavares S.E. (eds.) Proceedings of Selected Areas in Cryptography 2005 (SAC 2005). Lecture Notes in Computer Science, vol. 3897, pp. 319–331. Springer, Berlin (2005)

    Google Scholar 

  9. Beuchat, J.L., Brisebarre, N., Detrey, J., Okamoto, E.: Arithmetic operators for pairing-based cryptography. In: Paillier P., Verbauwhede I. (eds.) Proceedings of 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007). Lecture Notes in Computer Science, vol. 4727, pp. 239–255. Springer, Berlin (2007)

    Google Scholar 

  10. Beuchat, J.L., Brisebarre, N., Detrey, J., Okamoto, E., Shirase, M., Takagi, T.: Algorithms and arithmetic operators for computing the \(\eta _T\) pairing in characteristic three. IEEE Trans. Comput. 57(11), 1454–1468 (2008)

    Article  MathSciNet  Google Scholar 

  11. Beuchat, J.L., Brisebarre, N., Shirase, M., Takagi, T., Okamoto, E.: A coprocessor for the final exponentiation of the \(\eta _T\) pairing in characteristic three. In: Carlet C., Sunar B. (eds.) Proceedings of 1st International Workshop on the Arithmetic of Finite Fields (WAIFI 2007). Lecture Notes in Computer Science, vol. 4547, pp. 25–39. Springer, Berlin (2007)

    Google Scholar 

  12. Boneh, D., Crescenzo, G.D., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin C., Camenisch J. (eds.) Proceedings of Advances in Cryptology: EUROCRYPT 2004, 23rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 3027, pp. 506–522. Springer, Berlin (2004)

    Google Scholar 

  13. Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: Kilian J. (ed.) Proceedings of Advances in Cryptology: CRYPTO 2001, 21st Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 2139, pp. 213–229. Springer, Berlin (2001)

    Google Scholar 

  14. Galbraith, S.D., Hess, F., Vercauteren, F.: Aspects of pairing inversion. IEEE Trans. Inf. Theory 54(12), 5719–5728 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  15. Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Discrete logarithms in \({GF}(2^{1971})\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;f7755cbe.1302

  16. Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Discrete logarithms in \({GF}(2^{6120})\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;fe9605d9.1304

  17. Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the function field sieve and the impact of higher splitting probabilities—application to discrete logarithms in \(F_{2^{1971}}\) and \(F_{2^{3164}}\). In: Canetti R., Garay J.A. (eds.) Proceedings of Advances in Cryptology:- CRYPTO 2013, 33rd Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 8043, pp. 109–128. Springer, Berlin (2013)

    Google Scholar 

  18. Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. IACR Cryptology ePrint Archive, Report 2013/306 (2013)

    Google Scholar 

  19. Granger, R., Kleinjung, T., Zumbrägel, J.: Discrete logarithms in \({GF}(2^{9234})\). Number Theory Mailng List (2014). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;49bb494e.1305

  20. Granger, R., Kleinjung, T., Zumbrägel, J.: Discrete logarithms in the jacobian of genus 2 supersingular curve over \({GF}(2^{367})\). Number Theory Mailng List (2014). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;23651c2.1401

  21. Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three. IEEE Trans. Comput. 54(7), 852–860 (2005)

    Article  Google Scholar 

  22. Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using \(\eta _T\) pairing over \({GF}(3^{97})\). In: Wang X., Sako K. (eds.) Proceedings of 18th Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2012). Lecture Notes in Computer Science, vol. 7658, pp. 43–60. Springer, Berlin (2012)

    Google Scholar 

  23. Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595–4602 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  24. Joux, A.: Discrete logarithms in \({GF}(2^{4080})\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;71e65785.1303

  25. Joux, A.: Discrete logarithms in \(GF(2^{6168}) [=GF((2^{257})^{24})]\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;49bb494e.1305

  26. Joux, A.: A new index calculus algorithm with complexity \(L(1/4+o(1))\) in very small characteristic. IACR Cryptology ePrint Archive, Report 2013/095 (2013)

    Google Scholar 

  27. Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay S. (ed.) Proceedings of Advances in Cryptology: EUROCRYPT 2006, 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 4004, pp. 254–270. Springer, Berlin (2006)

    Google Scholar 

  28. Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith S.D., Paterson K.G. (eds.) Proceedings of 2nd International Conference on Pairing-based Cryptography (Pairing 2008). Lecture Notes in Computer Science, vol. 5209, pp. 126–135. Springer, Berlin (2008)

    Google Scholar 

  29. Kawahara, Y., Aoki, K., Takagi, T.: Faster implementation of \(\eta _T\) pairing over \(GF(3^m)\) using minimum number of logical instructions for \({GF}(3)\)-addition. In: Galbraith S.D., Paterson K.G. (eds.) Proceedings of 2nd International Conference on Pairing-based Cryptography (Pairing 2008). Lecture Notes in Computer Science, vol. 5209, pp. 282–296. Springer, Berlin (2008)

    Google Scholar 

  30. Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639–1646 (1993)

    Article  MATH  MathSciNet  Google Scholar 

  31. Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin T. (ed.) Proceedings of Advances in Cryptology: CRYPTO 2010, 30th Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 6223, pp. 191–208. Springer, Berlin (2010)

    Google Scholar 

  32. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer R. (ed.) Proceedings of Advances in Cryptology: EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 3494, pp. 457–473. Springer, Berlin (2005)

    Google Scholar 

  33. Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \(\eta _T\) pairing. In: Ryan M.D., Smyth B., Wang G. (eds.) Proceedings of 8th International Conference on Information Security Practice and Experience (ISPEC 2012). Lecture Notes in Computer Science, vol. 7232, pp. 228–244. Springer, Berlin (2012)

    Google Scholar 

  34. Vercauteren, F.: The hidden root problem. In: Galbraith S.D., Paterson K.G. (eds.) Proceedings of 2nd International Conference on Pairing-based Cryptography (Pairing 2008). Lecture Notes in Computer Science, vol. 5209, pp. 89–99. Springer, Berlin (2008)

    Google Scholar 

  35. Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Cryptology 17(4), 277–296 (2004)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Mathematics for Industry, Kyushu University, 744, Motooka, Nishi-ku, Fukuoka, 819-0395, Japan

    Takuya Hayashi

Authors
  1. Takuya Hayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takuya Hayashi .

Editor information

Editors and Affiliations

  1. Institute for Mathematics and Industry, Kyushu University, Fukuoka, Japan

    Masato Wakayama

  2. CSIRO (Commonwealth Scientific and Industrial Research Organisation), Canberra, Aust Capital Terr, Australia

    Robert S. Anderssen

  3. School of Mathematical Sciences, Fudan University, Shanghai, China

    Jin Cheng

  4. Kyushu University, Fukuoka, Japan

    Yasuhide Fukumoto

  5. Institute of Natural and Mathematical Sciences, Massey University, Palmerston North, Auckland, New Zealand

    Robert McKibbin

  6. Institute of Mathematics, Free University of Berlin, Berlin, Germany

    Konrad Polthier

  7. Kyushu University, Fukuoka, Japan

    Tsuyoshi Takagi

  8. Department of Mathematics, National University of Singapore, Singapore, Singapur, Singapore

    Kim-Chuan Toh

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Japan

About this paper

Cite this paper

Hayashi, T. (2014). Cryptanalysis of Pairing-Based Cryptosystems Over Small Characteristic Fields. In: Wakayama, M., et al. The Impact of Applications on Mathematics. Mathematics for Industry, vol 1. Springer, Tokyo. https://doi.org/10.1007/978-4-431-54907-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-4-431-54907-9_12

  • Published:

  • Publisher Name: Springer, Tokyo

  • Print ISBN: 978-4-431-54906-2

  • Online ISBN: 978-4-431-54907-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation