A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic

  • Razvan Barbulescu
  • Pierrick Gaudry
  • Antoine Joux
  • Emmanuel Thomé
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8441)

Abstract

The difficulty of computing discrete logarithms in fields \(\mathbb{F}_{q^k}\) depends on the relative sizes of k and q. Until recently all the cases had a sub-exponential complexity of type L(1/3), similar to the factorization problem. In 2013, Joux designed a new algorithm with a complexity of L(1/4 + ε) in small characteristic. In the same spirit, we propose in this article another heuristic algorithm that provides a quasi-polynomial complexity when q is of size at most comparable with k. By quasi-polynomial, we mean a runtime of nO(logn) where n is the bit-size of the input. For larger values of q that stay below the limit \(L_{q^k}(1/3)\), our algorithm loses its quasi-polynomial nature, but still surpasses the Function Field Sieve. Complexity results in this article rely on heuristics which have been checked experimentally.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adj, G., et al.: Weakness of \(\mathbb{F}_{3^{6 \cdot 509}}\) for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 20–44. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  2. 2.
    Adleman, L.: A subexponential algorithm for the discrete logarithm problem with applications to cryptography. In: 20th Annual Symposium on Foundations of Computer Science, pp. 55–60. IEEE (1979)Google Scholar
  3. 3.
    Adleman, L.: The function field sieve. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  4. 4.
    Blake, I.F., Fuji-Hara, R., Mullin, R.C., Vanstone, S.A.: Computing logarithms in finite fields of characteristic two. SIAM J. Alg. Disc. Meth. 5(2), 276–285 (1984)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Cheng, Q., Wan, D., Zhuang, J.: Traps to the BGJT-algorithm for discrete logarithms. Cryptology ePrint Archive, Report 2013/673 (2013), http://eprint.iacr.org/2013/673/
  6. 6.
    Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Transactions on Information Theory 30(4), 587–594 (1984)CrossRefMATHMathSciNetGoogle Scholar
  7. 7.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Discrete logarithm in GF(21971) (February 2013), Announcement to the NMBRTHRY listGoogle Scholar
  9. 9.
    Göloglu, F., Granger, R., McGuire, G., Zumbrägel, J.: Discrete logarithm in GF(26120) (April 2013), Announcement to the NMBRTHRY listGoogle Scholar
  10. 10.
    Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the Function Field Sieve and the Impact of Higher Splitting Probabilities. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 109–128. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Gordon, D.M.: Discrete logarithms in GF(p) using the number field sieve. SIAM Journal on Discrete Mathematics 6(1), 124–138 (1993)CrossRefMATHMathSciNetGoogle Scholar
  12. 12.
    Joux, A.: Discrete logarithm in GF(21778) (February 2013), Announcement to the NMBRTHRY listGoogle Scholar
  13. 13.
    Joux, A.: Discrete logarithm in GF(24080) (March 2013), Announcement to the NMBRTHRY listGoogle Scholar
  14. 14.
    Joux, A.: Discrete logarithm in GF(26168) (May 2013), Announcement to the NMBRTHRY listGoogle Scholar
  15. 15.
    Joux, A.: Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 177–193. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  16. 16.
    Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in very small characteristic. Cryptology ePrint Archive, Report 2013/095 (2013)Google Scholar
  17. 17.
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Joux, A., Lercier, R., Smart, N., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Panario, D., Gourdon, X., Flajolet, P.: An analytic approach to smooth polynomials over finite fields. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 226–236. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Pohlig, S., Hellman, M.: An improved algorithm for computing logarithms over GF(p) and its cryptographic signifiance. IEEE Transactions on Information Theory 24(1), 106–110 (1978)CrossRefMATHMathSciNetGoogle Scholar
  21. 21.
    Stinson, D.R.: Combinatorial designs: constructions and analysis. Springer (2003)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Razvan Barbulescu
    • 1
  • Pierrick Gaudry
    • 1
  • Antoine Joux
    • 2
    • 3
  • Emmanuel Thomé
    • 1
  1. 1.Inria, CNRSUniversity of LorraineFrance
  2. 2.CryptoExpertsParisFrance
  3. 3.Chaire de Cryptologie de la Fondation UPMCSorbonne Universités, UPMC Univ Paris 06, CNRS UMR 7606, LIP 6France

Personalised recommendations