Advertisement

The Function Field Sieve Is Quite Special

  • Antoine Joux
  • Reynald Lercier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2369)

Abstract

In this paper, we describe improvements to the function field sieve (FFS) for the discrete logarithm problem in \( \mathbb{F}p^n \) , when p is small. Our main contribution is a new way to build the algebraic function fields needed in the algorithm. With this new construction, the heuristic complexity is as good as the complexity of the construction proposed by Adleman and Huang [2], i.e L p n[1/3,c] = exp((c+ o(1))log(p n)1/3 log(log(p n))2/3) where c = (32/9)1/3. With either of these constructions the FFS becomes an equivalent of the special number field sieve used to factor integers of the form A N ± B. From an asymptotic point of view, this is faster than older algorithm such as Coppersmith’s algorithm and Adleman’s original FFS. From a practical viewpoint, we argue that our construction has better properties than the construction of Adleman and Huang. We demonstrate the efficiency of the algorithm by successfully computing discrete logarithms in a large finite field of characteristic two, namely \( \mathbb{F}2^{521} \) .

Keywords

Algebraic Function Irreducible Polynomial Discrete Logarithm Problem Rational Side Obstruction Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    L. M. Adleman. The function field sieve. In Proceedings of the ANTS-I conference, volume 877 of Lecture Notes in Computer Science, pages 108–121, 1994.Google Scholar
  2. 2.
    L. M. Adleman and M. A. Huang. Function field sieve method for discrete logarithms over finite fields. In Information and Computation, volume 151, pages 5–16. Academic Press, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    J. P. Buhler, H. W. Lenstra, Jr., and C. Pomerance. Factoring integers with the number field sieve. Pages 50–94 in [15].Google Scholar
  4. 4.
    F. Chabaud and R. Lercier. ZEN, User Manual. Available at http://-www.di.ens.fr/~zen/.
  5. 5.
    D. Coppersmith. Fast evaluation of logarithms in fields of characteristic two. IEEE transactions on information theory, IT-30(4):587–594, July 1984.Google Scholar
  6. 6.
    D. Coppersmith, A. Odlyzko, and R. Schroppel. Discrete logarithms in \( \mathbb{F}_p \) . Algorithmica, 1:1–15, 1986.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    T. Denny, O. Schirokauer, and D. Weber. Discrete Logarithms: The effectiveness of the Index Calculus Method. In Proceedings of the ANTS-II conference, volume 1122 of Lecture Notes in Computer Science, pages 337–361, 1996.Google Scholar
  8. 8.
    M. Elkenbracht-Huizing. An implementation of the number field sieve. Experimental Mathematics, 5(3):231–253, 1996.zbMATHMathSciNetGoogle Scholar
  9. 9.
    S. Gao and J. Howell. A general polynomial sieve. Designs, Codes and Cryptography, 18:149–157, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    R. Golliver, A. K. Lenstra, and K. McCurley. Lattice sieving and trial division. In Proceedings of the ANTS-I conference, volume 877 of Lecture Notes in Computer Science, pages 18–27. Springer-Verlag, 1994.Google Scholar
  11. 11.
    D. Gordon and K. McCurley. Massively parallel computation of discrete logarithms. In Advances in Cryptology — CRYPTO’92, volume 740 of Lecture Notes in Computer Science, pages 312–323. Springer-Verlag, 1993.Google Scholar
  12. 12.
    A. Joux and R. Lercier. Improvements to the general number field sieve for discrete logarithms in prime fields. Math. Comp., 2000. To appear. Preprint available at http://www.medicis.polytechnique.fr/~lercier/.
  13. 13.
    B. A. LaMacchia and A. M. Odlyzko. Computation of discrete logarithms in prime fields. Designs, Codes and Cryptography, 1:47–62, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    B. A. LaMacchia and A. M. Odlyzko. Solving large sparse systems over finite fields. In Advances in Cryptology — CRYPTO’90, volume 537 of Lecture Notes in Computer Science, pages 109–133. Springer-Verlag, 1991.Google Scholar
  15. 15.
    A. K. Lenstra and H. W. Lenstra, Jr., editors. The development of the number field sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.Google Scholar
  16. 16.
    R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, 1983.Google Scholar
  17. 17.
    R. Lovorn. Rigorous Subexponential Algorithms for Discrete Logarithms Over Finite Fields. PhD thesis, Univ. of Georgia, 1992.Google Scholar
  18. 18.
    R. Matsumoto. Using Cab curves in the function field sieve. IEICE Trans. Fundamentals, E82-A(3):551–552, march 1999.Google Scholar
  19. 19.
    A. M. Odlyzko. Discrete logarithms in finite fields and their cryptographic significance. In T. Beth, N. Cot, and I. Ingemarsson, editors, Advances in Cryptology — EUROCRYP’84, volume 209 of Lecture Notes in Computer Science, pages 224–314. Springer-Verlag, 1985. Available at http:/www.dtc.umn.edu/~odlyzko.Google Scholar
  20. 20.
    J.M. Pollard. The lattice sieve. Pages 43–49 in [15].Google Scholar
  21. 21.
    P. Montgomery S. Cavallar and H. te Riele. New record SNFS factorization. Available at http://listserv.nodak.edu/archives/nmbrthry.html, november 2000. Factorization of 2773 + 1.
  22. 22.
    O. Schirokauer. The special function field sieve. Preprint.Google Scholar
  23. 23.
    O. Schirokauer. Discrete logarithms and local units. Phil. Trans. R. Soc. Lond. A 345, pages 409–423, 1993.Google Scholar
  24. 24.
    R. D. Silverman. The Multiple Polynomial Quadratic Sieve. Math. Comp., 48:329–339, 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    E. Thomé. Computation of discrete logarithms in \( \mathbb{F}_{2^{607} } \) . In Advances in Cryptology — ASIACRYPT’2001, volume 2248 of Lecture Notes in Computer Science, pages107–124. Springer-Verlag, 2001.CrossRefGoogle Scholar
  26. 26.
    E. Thomé. Discrete logarithms in \( \mathbb{F}_{2^{607} } \) . Available at http://listserv.nodak.-edu/archives/nmbrthry.html, february 2002.
  27. 27.
    D. Weber and Th. Denny. The solution of McCurley’s discrete log challenge. In H. Krawczyk, editor, Advances in Cryptology — CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 458–471. Springer-Verlag, 1998.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Antoine Joux
    • 1
  • Reynald Lercier
    • 2
  1. 1.DCSSI Crypto LabParis 07 SPFrance
  2. 2.CELARBruzFrance

Personalised recommendations