Designs, Codes and Cryptography

, Volume 78, Issue 1, pp 73–85 | Cite as

Technical history of discrete logarithms in small characteristic finite fields

The road from subexponential to quasi-polynomial complexity
  • Antoine Joux
  • Cécile Pierrot


Due to its use in cryptographic protocols such as the Diffie–Hellman key exchange, the discrete logarithm problem attracted a considerable amount of attention in the past 40 years. In this paper, we summarize the key technical ideas and their evolution for the case of discrete logarithms in small characteristic finite fields. This road leads from the original belief that this problem was hard enough for cryptographic purpose to the current state of the art where the algorithms are so efficient and practical that the problem can no longer be considered for cryptographic use.


Cryptography Discrete logarithms Finite fields 

Mathematics Subject Classification



  1. 1.
    Adj G., Menezes A., Oliveira T., Rodriguez-Henriquez F.: Weakness of \({{\mathbb{F}}_{3^{6\cdot 1429}}}\) for discrete logarithm cryptography. Cryptology ePrint Archive, Report 2013/737 (2013)
  2. 2.
    Adj G., Menezes A., Oliveira T., Rodríguez-Henríquez F.: Computing discrete logarithms in \({\mathbb{F}}_{3^{6{\cdot }137}}\) and \({\mathbb{F}}_{3^{6{\cdot }163}}\) using Magma. In: Arithmetic of Finite Fields: WAIFI’2014, pp. 3–22 (2014).Google Scholar
  3. 3.
    Adleman L.: A subexponential algorithm for the discrete logarithm problem with applications to cryptography. In: Proceedings of the 20th Annual Symposium on Foundations of Computer Science: FOCS’79, pp. 55–60 (1979).Google Scholar
  4. 4.
    Adleman L.M., Huang M.-D.A.: Function field sieve method for discrete logarithms over finite fields. Inf. Comput. 151(1–2), 5–16 (1999).Google Scholar
  5. 5.
    Barbulescu R., Bouvier C., Detrey J., Gaudry P., Jeljeli H., Thomé E., Videau M., Zimmermann P.: Discrete logarithm in \({GF}(2^{809})\) with FFS. In: Public-Key Cryptography, PKC 2014, pp. 221–238 (2014).Google Scholar
  6. 6.
    Barbulescu R., Gaudry P., Joux A., Thomé E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Advances in Cryptology: EUROCRYPT 2014, pp. 1–16 (2014).Google Scholar
  7. 7.
    Blake I.F., Mullin R.C., Vanstone S.A.: Computing logarithms in GF(\(2^n\)). In: Advances in Cryptology, CRYPTO’84, pp. 73–82 (1984).Google Scholar
  8. 8.
    Canfield E.R., Erdös P., Pomerance C.: On a problem of Oppenheim concerning factorisatio numerorum. J. Number Theory 17, 1–28 (1983).Google Scholar
  9. 9.
    Coppersmith D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30(4), 587–593 (1984).Google Scholar
  10. 10.
    Diffie W., Hellman M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976).Google Scholar
  11. 11.
    Göloglu F., Granger R., McGuire G., Zumbrägel J.: On the function field sieve and the impact of higher splitting probabilities. In: Advances in Cryptology: CRYPTO’2013, pp. 109–128 (2013).Google Scholar
  12. 12.
    Gordon D.M., McCurley K.S.: Massively parallel computation of discrete logarithms. In: Advances in Cryptology: CRYPTO’92, pp. 312–323 (1992).Google Scholar
  13. 13.
    Granger R., Kleinjung T., Zumbrägel J.: Breaking “128-bit secure” supersingular binary curves (or how to solve discrete logarithms in \({{\mathbb{F}}_{2^{4 \cdot 1223}}}\)). In: Advances in Cryptology: CRYPTO’2014 (Part II), pp. 126–145 (2014).Google Scholar
  14. 14.
    Granger R., Kleinjung T., Zumbrägel J.: On the powers of 2. Cryptology ePrint Archive, Report 2014/300 (2014)
  15. 15.
    Granger R., Kleinjung T., Zumbrägel J.: On the discrete logarithm problem in finite fields of fixed characteristic. Cryptology ePrint Archive, Report 2015/685 (2015)
  16. 16.
    Hellman M.E., Reyneri J.M.: Fast computation of discrete logarithms in GF(q). In: Advances in Cryptology: CRYPTO’82, pp. 3–13 (1982).Google Scholar
  17. 17.
    Huang M.-D., Narayanan A.K.: Finding primitive elements in finite fields of small characteristic. CoRR, arXiv:1304.1206 (2013).
  18. 18.
    Joux A.: Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields. In: Advances in Cryptology: EUROCRYPT’2013, pp. 177–193 (2013).Google Scholar
  19. 19.
    Joux A.: A new index calculus algorithm with complexity \({L}(1/4+o(1))\) in small characteristic. In: Selected Areas in Cryptography, SAC 2013, pp. 355–379 (2013).Google Scholar
  20. 20.
    Joux A., Lercier R.: The function field sieve is quite special. In: ANTS, pp. 431–445 (2002).Google Scholar
  21. 21.
    Joux A., Lercier R.: The function field sieve in the medium prime case. In: Advances in Cryptology: EUROCRYPT’2006, pp. 254–270 (2006).Google Scholar
  22. 22.
    Joux A., Pierrot C.: Improving the polynomial time precomputation of Frobenius representation discrete logarithm algorithms. In: Advances in Cryptology: ASIACRYPT’2014, pp. 378–397 (2014).Google Scholar
  23. 23.
    Joux A., Odlyzko A., Pierrot C.: The past, evolving present, and future of the discrete logarithm. In: Koç, C.K., (ed.) Open Problems in Mathematics and Computational Science, pp. 5–36. Springer International Publishing, Berlin (2014).Google Scholar
  24. 24.
    Lanczos C.: An iteration method for the solution of the eigenvalue problem of linear differential and integral operators. J. Res. Natl. Bur. Stand. 45(4), 255–282 (1950).Google Scholar
  25. 25.
    Lidl R., Niederreiter H.: Finite Fields. Encyclopaedia of Mathematics and Its Applications. Cambridge University Press, New York (1997).Google Scholar
  26. 26.
    Massierer M.: Some experiments investigating a possible \({L(1/4)}\) algorithm for the discrete logarithm problem in algebraic curves. Cryptology ePrint Archive, Report 2014/996 (2014)
  27. 27.
    Panario D., Gourdon X., Flajolet P.: An analytic approach to smooth polynomials over finite fields. In: ANTS, pp. 226–236 (1998).Google Scholar
  28. 28.
    Pomerance C.: Fast, rigorous factorization and discrete logarithm algorithms. In: Discrete Algorithms and Complexity, pp. 119–143. Academic Press, New York (1987).Google Scholar
  29. 29.
    Shinohara N., Shimoyama T., Hayashi T., Takagi T.: Key length estimation of pairing-based cryptosystems using eta pairing over \({GF}(3^{n})\). IEICE Trans. 97-A(1), 236–244 (2014).Google Scholar
  30. 30.
    Shoup V.: Lower bounds for discrete logarithms and related problems. In: EUROCRYPT, pp. 256–266 (1997).Google Scholar
  31. 31.
    von zur Gathen J., Panario D.: Factoring polynomials over finite fields: a survey. J. Symb. Comput. 31(1–2), 3–17 (2001).Google Scholar
  32. 32.
    Wiedemann D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32(1), 54–62 (1986).Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Sorbonne Universités, UPMC Université Paris 6, UMR 7606, LIP6ParisFrance
  2. 2.CryptoExperts and Chaire de Cryptologie de la Fondation de l’UPMCParisFrance
  3. 3.CNRS and Direction Générale de l’ArmementParisFrance

Personalised recommendations