Advertisement

Faster Index Calculus for the Medium Prime Case Application to 1175-bit and 1425-bit Finite Fields

  • Antoine Joux
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)

Abstract

Many index calculus algorithms generate multiplicative relations between smoothness basis elements by using a process called Sieving. This process allows us to quickly filter potential candidate relations, without spending too much time to consider bad candidates. However, from an asymptotic point of view, there is not much difference between sieving and straightforward testing of candidates. The reason is that even when sieving, some small amount of time is spent for each bad candidate. Thus, asymptotically, the total number of candidates contributes to the complexity.

In this paper, we introduce a new technique: Pinpointing, which allows us to construct multiplicative relations much faster, thus reducing the asymptotic complexity of relations’ construction. Unfortunately, we only know how to implement this technique for finite fields which contain a medium-sized subfield. When applicable, this method improves the asymptotic complexity of the index calculus algorithm in the cases where the sieving phase dominates. In practice, it gives a very interesting boost to the performance of state-of-the-art algorithms. We illustrate the feasability of the method with discrete logarithm records in two medium prime finite fields, the first of size 1175 bits and the second of size 1425 bits.

References

  1. 1.
    Adleman, L.M., Huang, M.-D.A.: Function field sieve method for discrete logarithms over finite fields. In: Information and Computation, vol. 151, pp. 5–16. Academic Press (1999)Google Scholar
  2. 2.
    Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Transactions on Information Theory IT-30(4), 587–594 (1984)Google Scholar
  3. 3.
    Coppersmith, D., Odlyzko, A.M., Schroeppel, R.: Discrete logarithms in GF(p). Algorithmica 1(1), 1–15 (1986)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Couveignes, J.-M., Lercier, R.: Galois invariant smoothness basis. In: Hirschfeld, J., Chaumine, J., Rolland, R. (eds.) Algebraic Geometry and its Applications, Proceedings of the First SAGA Conference, May 7-11. Number Theory and Its Applications, vol. 5, pp. 142–167. World Scientific, Papeete (2007)Google Scholar
  5. 5.
    Das, A., Veni Madhavan, C.E.: On the cubic sieve method for computing discrete logarithms over prime fields. Int. J. Comput. Math. 82(12), 1481–1495 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Diem, C.: The GHS attack in odd characteristic. J. Ramanujan Math. Soc. 18(1), 1–32 (2003)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Gaudry, P.: An algorithm for solving the discrete log problem on hyperelliptic curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symbolic Computation (2008)Google Scholar
  9. 9.
    Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology 15(1), 19–46 (2002)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Gaudry, P., Thomé, E., Thériault, N., Diem, C.: A double large prime variation for small genus hyperelliptic index calculus. Mathematics of Computation 76, 475–492 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Gordon, D.M.: Discrete logarithms in GF(p) using the number field sieve. SIAM J. Discrete Math. 6(1), 124–138 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Hart, W.: Re: Discrete logarithms in a 1175-bit finite field. NMBRTHRY list (January 2013)Google Scholar
  13. 13.
    Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using η T pairing over gF(397). In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 43–60. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Joux, A.: Discrete logarithms in a 1175-bit finite field. NMBRTHRY list (December 2012)Google Scholar
  15. 15.
    Joux, A.: Faster index calculus for the medium prime case. Application to 1175-bit and 1425-bit finite fields. Cryptology ePrint Archive, Report 2012/720 (2012)Google Scholar
  16. 16.
    Joux, A.: Discrete logarithms in a 1425-bit finite field. NMBRTHRY list (January 2013)Google Scholar
  17. 17.
    Joux, A., Lercier, R.: Discrete logarithms in GF(370 80130). NMBRTHRY list (November 2005)Google Scholar
  18. 18.
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Arjen, K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Heidelberg (1993)Google Scholar
  20. 20.
    Murphy, B.A.: Polynomial selection for the number field sieve integer factorisation algorithm. PhD thesis, Australian national university (1999)Google Scholar
  21. 21.
    Panario, D., Gourdon, X., Flajolet, P.: An Analytic Approach to Smooth Polynomials over Finite Fields. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 226–236. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block wiedemann algorithm. J. Symb. Comput. 33(5), 757–775 (2002)zbMATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Antoine Joux
    • 1
  1. 1.Laboratoire PRISMCryptoExperts and Université de Versailles Saint-Quentin-en-YvelinesVersailles CedexFrance

Personalised recommendations