Abstract
There are many useful cryptographic schemes which use bilinear pairings. In particular, \(\eta _T\) pairing over small characteristic fields, such as GF \((2^n)\) and GF \((3^n)\), is one of the most efficient algorithms from the implementation point of view. The security of pairing-based cryptosystems using \(\eta _T\) pairing over GF \((2^n)\) (resp. GF \((3^n)\)) relies on the hardness of the discrete logarithm problem over GF \((2^{4n})\) (resp. GF \((3^{6n})\)). However, new index calculus methods proposed by Joux and Barbulescu et al. allow us to solve these problems in quasi-polynomial time. Recent experimental results show that these methods are quite practical, implying that the \(\eta _T\) pairing over GF \((2^n)\) and GF \((3^n)\) is unsuitable for pairing-based cryptosystems. In this paper, we survey the recent progress on index calculus methods and related experimental results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
When \(a, b, c, d \in {GF}(q)\), (3) yields a trivial equation. This is the reason why we need to embed the original DLP to the DLP over \( GF(q^{2n})\).
References
Adj, G., Menezes, A., Oliveira, T., RodrÃguez-HenrÃquez, F.: Computing discrete logarithms in \(F_{3^{6 \cdot 137}}\) using magma. IACR Cryptology ePrint Archive, Report 2014/057 (2014)
Adj, G., Menezes, A., Oliveira, T., RodrÃguez-HenrÃquez, F.: Weakness of \(F_{3^{6\cdot 509}}\) for discrete logarithm cryptography. In: Cao Z., Zhang F. (eds.) Proceedings of 6th International Conference on Pairing-based Cryptography (Pairing 2013). Lecture Notes in Computer Science, vol. 8365, pp. 20–44. Springer, Berlin (2013)
Adleman, L.M.: The function field sieve. In: Adleman L.M., Huang M.D.A. (eds.) Proceedings of 1st Algorithmic Number Theory Symposium (ANTS-I). Lecture Notes in Computer Science, vol. 877, pp. 108–121. Springer, Berlin (1994)
Ahmadi, O., Hankerson, D., Menezes, A.: Software implementation of arithmetic in \(F_{3^m}\). In: Carlet C., Sunar B. (eds.) Proceedings of 1st International Workshop on the Arithmetic of Finite Fields (WAIFI 2007). Lecture Notes in Computer Science, vol. 4547, pp. 85–102. Springer, Berlin (2007)
Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. IACR Cryptology ePrint Archive, Report 2013/400 (2013)
Barreto, P.S.L.M., Galbraith, S.D., O’Eigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Des., Codes Crypt. 42(3), 239–271 (2007)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung M. (ed.) Proceedings of Advances in Cryptology: CRYPTO 2002, 22nd Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 2442, pp. 354–368. Springer, Berlin (2002)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel B., Tavares S.E. (eds.) Proceedings of Selected Areas in Cryptography 2005 (SAC 2005). Lecture Notes in Computer Science, vol. 3897, pp. 319–331. Springer, Berlin (2005)
Beuchat, J.L., Brisebarre, N., Detrey, J., Okamoto, E.: Arithmetic operators for pairing-based cryptography. In: Paillier P., Verbauwhede I. (eds.) Proceedings of 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007). Lecture Notes in Computer Science, vol. 4727, pp. 239–255. Springer, Berlin (2007)
Beuchat, J.L., Brisebarre, N., Detrey, J., Okamoto, E., Shirase, M., Takagi, T.: Algorithms and arithmetic operators for computing the \(\eta _T\) pairing in characteristic three. IEEE Trans. Comput. 57(11), 1454–1468 (2008)
Beuchat, J.L., Brisebarre, N., Shirase, M., Takagi, T., Okamoto, E.: A coprocessor for the final exponentiation of the \(\eta _T\) pairing in characteristic three. In: Carlet C., Sunar B. (eds.) Proceedings of 1st International Workshop on the Arithmetic of Finite Fields (WAIFI 2007). Lecture Notes in Computer Science, vol. 4547, pp. 25–39. Springer, Berlin (2007)
Boneh, D., Crescenzo, G.D., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin C., Camenisch J. (eds.) Proceedings of Advances in Cryptology: EUROCRYPT 2004, 23rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 3027, pp. 506–522. Springer, Berlin (2004)
Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: Kilian J. (ed.) Proceedings of Advances in Cryptology: CRYPTO 2001, 21st Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 2139, pp. 213–229. Springer, Berlin (2001)
Galbraith, S.D., Hess, F., Vercauteren, F.: Aspects of pairing inversion. IEEE Trans. Inf. Theory 54(12), 5719–5728 (2008)
Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Discrete logarithms in \({GF}(2^{1971})\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;f7755cbe.1302
Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Discrete logarithms in \({GF}(2^{6120})\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;fe9605d9.1304
Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the function field sieve and the impact of higher splitting probabilities—application to discrete logarithms in \(F_{2^{1971}}\) and \(F_{2^{3164}}\). In: Canetti R., Garay J.A. (eds.) Proceedings of Advances in Cryptology:- CRYPTO 2013, 33rd Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 8043, pp. 109–128. Springer, Berlin (2013)
Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. IACR Cryptology ePrint Archive, Report 2013/306 (2013)
Granger, R., Kleinjung, T., Zumbrägel, J.: Discrete logarithms in \({GF}(2^{9234})\). Number Theory Mailng List (2014). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;49bb494e.1305
Granger, R., Kleinjung, T., Zumbrägel, J.: Discrete logarithms in the jacobian of genus 2 supersingular curve over \({GF}(2^{367})\). Number Theory Mailng List (2014). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;23651c2.1401
Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three. IEEE Trans. Comput. 54(7), 852–860 (2005)
Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using \(\eta _T\) pairing over \({GF}(3^{97})\). In: Wang X., Sako K. (eds.) Proceedings of 18th Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2012). Lecture Notes in Computer Science, vol. 7658, pp. 43–60. Springer, Berlin (2012)
Hess, F., Smart, N.P., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595–4602 (2006)
Joux, A.: Discrete logarithms in \({GF}(2^{4080})\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;71e65785.1303
Joux, A.: Discrete logarithms in \(GF(2^{6168}) [=GF((2^{257})^{24})]\). Number Theory Mailng List (2013). http://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;49bb494e.1305
Joux, A.: A new index calculus algorithm with complexity \(L(1/4+o(1))\) in very small characteristic. IACR Cryptology ePrint Archive, Report 2013/095 (2013)
Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay S. (ed.) Proceedings of Advances in Cryptology: EUROCRYPT 2006, 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 4004, pp. 254–270. Springer, Berlin (2006)
Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith S.D., Paterson K.G. (eds.) Proceedings of 2nd International Conference on Pairing-based Cryptography (Pairing 2008). Lecture Notes in Computer Science, vol. 5209, pp. 126–135. Springer, Berlin (2008)
Kawahara, Y., Aoki, K., Takagi, T.: Faster implementation of \(\eta _T\) pairing over \(GF(3^m)\) using minimum number of logical instructions for \({GF}(3)\)-addition. In: Galbraith S.D., Paterson K.G. (eds.) Proceedings of 2nd International Conference on Pairing-based Cryptography (Pairing 2008). Lecture Notes in Computer Science, vol. 5209, pp. 282–296. Springer, Berlin (2008)
Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639–1646 (1993)
Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin T. (ed.) Proceedings of Advances in Cryptology: CRYPTO 2010, 30th Annual International Cryptology Conference. Lecture Notes in Computer Science, vol. 6223, pp. 191–208. Springer, Berlin (2010)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer R. (ed.) Proceedings of Advances in Cryptology: EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 3494, pp. 457–473. Springer, Berlin (2005)
Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \(\eta _T\) pairing. In: Ryan M.D., Smyth B., Wang G. (eds.) Proceedings of 8th International Conference on Information Security Practice and Experience (ISPEC 2012). Lecture Notes in Computer Science, vol. 7232, pp. 228–244. Springer, Berlin (2012)
Vercauteren, F.: The hidden root problem. In: Galbraith S.D., Paterson K.G. (eds.) Proceedings of 2nd International Conference on Pairing-based Cryptography (Pairing 2008). Lecture Notes in Computer Science, vol. 5209, pp. 89–99. Springer, Berlin (2008)
Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Cryptology 17(4), 277–296 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Japan
About this paper
Cite this paper
Hayashi, T. (2014). Cryptanalysis of Pairing-Based Cryptosystems Over Small Characteristic Fields. In: Wakayama, M., et al. The Impact of Applications on Mathematics. Mathematics for Industry, vol 1. Springer, Tokyo. https://doi.org/10.1007/978-4-431-54907-9_12
Download citation
DOI: https://doi.org/10.1007/978-4-431-54907-9_12
Published:
Publisher Name: Springer, Tokyo
Print ISBN: 978-4-431-54906-2
Online ISBN: 978-4-431-54907-9
eBook Packages: EngineeringEngineering (R0)