The Special Number Field Sieve in \(\mathbb{F}_{p^{n}}\)

Application to Pairing-Friendly Constructions
  • Antoine Joux
  • Cécile Pierrot
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8365)


In this paper, we study the discrete logarithm problem in finite fields related to pairing-based curves. We start with a precise analysis of the state-of-the-art algorithms for computing discrete logarithms that are suitable for finite fields related to pairing-friendly constructions. To improve upon these algorithms, we extend the Special Number Field Sieve to compute discrete logarithms in \(\mathbb{F}_{p^{n}}\), where p has an adequate sparse representation. Our improved algorithm works for the whole range of applicability of the Number Field Sieve.


Elliptic Curve Elliptic Curf Discrete Logarithm Problem Linear Polynomial High Security Level 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BF03]
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  2. [BLS03]
    Barreto, P.S.L.M., Lynn, B., Scott, M.: On the selection of pairing-friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BLS04]
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17(4), 297–319 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  4. [BN05]
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. [CC03]
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap diffie-hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. [FST10]
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptology 23(2), 224–280 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  7. [Gor93]
    Gordon, D.M.: Discrete logarithms in GF(p) using the number field sieve. SIAM J. Discrete Math. 6(1), 124–138 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  8. [HT11]
    Hayasaka, K., Takagi, T.: An experiment of number field sieve over gF(p) of low hamming weight characteristic. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 191–200. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. [JL06]
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. [JLSV06]
    Joux, A., Lercier, R., Smart, N.P., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. [Jou04]
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptology 17(4), 263–276 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  12. [Kal97]
    Kalkbrener, M.: An upper bound on the number of monomials in determinants of sparse matrices with symbolic entries. Mathematica Pannonica 8, 73–82 (1997)zbMATHMathSciNetGoogle Scholar
  13. [KM05]
    Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: IMA Int. Conf., pp. 13–36 (2005)Google Scholar
  14. [LV01]
    Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptology 14(4), 255–293 (2001)zbMATHMathSciNetGoogle Scholar
  15. [Nat03]
    National Institute of Standards and Technology. Special publication 800-56: Recommendation on key establishment schemes, Draft 2.0 (2003)Google Scholar
  16. [Pat02]
    Paterson, K.G.: Id-based signatures from pairings on elliptic curves. IACR Cryptology ePrint Archive, 2002:4 (2002)Google Scholar
  17. [Sch08]
    Schirokauer, O.: The impact of the number field sieve on the discrete logarithm problem in finite fields. Algorithmic Number Theory 44 (2008)Google Scholar
  18. [Sch10]
    Schirokauer, O.: The number field sieve for integers of low weight. Math. Comput. 79(269), 583–602 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  19. [SK03]
    Sakai, R., Kasahara, M.: Id based cryptosystems with pairing on elliptic curve. IACR Cryptology ePrint Archive, 2003:54 (2003)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Antoine Joux
    • 1
    • 2
    • 4
    • 5
    • 6
  • Cécile Pierrot
    • 3
    • 4
    • 5
    • 6
  1. 1.CryptoExpertsFrance
  2. 2.Chaire de Cryptologie de la Fondation de l’UPMCParisFrance
  3. 3.Laboratoire PRISMUniversité de Versailles Saint-QuentinVersaillesFrance
  4. 4.UPMC, Univ Paris 06, LIP6France
  5. 5.PolSys ProjectINRIA, Paris-Rocquencourt CenterFrance
  6. 6.CNRS, UMR 7606, LIP6France

Personalised recommendations