Advertisement

New Complexity Trade-Offs for the (Multiple) Number Field Sieve Algorithm in Non-Prime Fields

  • Palash Sarkar
  • Shashank SinghEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9665)

Abstract

The selection of polynomials to represent number fields crucially determines the efficiency of the Number Field Sieve (NFS) algorithm for solving the discrete logarithm in a finite field. An important recent work due to Barbulescu et al. builds upon existing works to propose two new methods for polynomial selection when the target field is a non-prime field. These methods are called the generalised Joux-Lercier (GJL) and the Conjugation methods. In this work, we propose a new method (which we denote as \(\mathcal {A}\)) for polynomial selection for the NFS algorithm in fields \(\mathbb {F}_{Q}\), with \(Q=p^n\) and \(n>1\). The new method both subsumes and generalises the GJL and the Conjugation methods and provides new trade-offs for both n composite and n prime. Let us denote the variant of the (multiple) NFS algorithm using the polynomial selection method “X” by (M)NFS-X. Asymptotic analysis is performed for both the NFS-\(\mathcal {A}\) and the MNFS-\(\mathcal {A}\) algorithms. In particular, when \(p=L_Q(2/3,c_p)\), for \(c_p\in [3.39,20.91]\), the complexity of NFS-\(\mathcal {A}\) is better than the complexities of all previous algorithms whether classical or MNFS. The MNFS-\(\mathcal {A}\) algorithm provides lower complexity compared to NFS-\(\mathcal {A}\) algorithm; for \(c_p\in (0, 1.12] \cup [1.45,3.15]\), the complexity of MNFS-\(\mathcal {A}\) is the same as that of the MNFS-Conjugation and for \(c_p\notin (0, 1.12] \cup [1.45,3.15]\), the complexity of MNFS-\(\mathcal {A}\) is lower than that of all previous methods.

References

  1. 1.
    Adleman, L.M.: The function field sieve. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Adleman, L.M., Huang, M.-D.A.: Function field sieve method for discrete logarithms over finite fields. Inf. Comput. 151(1–2), 5–16 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bai, S., Bouvier, C., Filbois, A., Gaudry, P., Imbert, L., Kruppa, A., Morain, F., Thomé, E., Zimmermann, P.: CADO-NFS, an implementation of the number field sieve algorithm. CADO-NFS, Release 2.1.1 (2014). http://cado-nfs.gforge.inria.fr/
  4. 4.
    Barbulescu, R.: An appendix for a recent paper of Kim. IACR Cryptology ePrint Archive 2015:1076 (2015)Google Scholar
  5. 5.
    Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Improving NFS for the discrete logarithm problem in non-prime finite fields. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 129–155. Springer, Heidelberg (2015)Google Scholar
  6. 6.
    Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Iwata, T., et al. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 31–55. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48800-3_2 CrossRefGoogle Scholar
  8. 8.
    Barbulescu, R., Pierrot, C.: The multiple number field sieve for medium and high characteristic finite fields. LMS J. Comput. Math. 17, 230–246 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3–4), 235–265 (1997). Computational algebra and number theory (London, 1993)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Gaudry, P., Grmy, L., Videau, M.: Collecting relations for the number field sieve in \(\text{GF}(p^6)\). Cryptology ePrint Archive, Report 2016/124 (2016). http://eprint.iacr.org/
  11. 11.
    Gordon, D.M.: Discrete logarithms in \(\text{ GF }(p)\) using the number field sieve. SIAM J. Discrete Math. 6, 124–138 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Granger, R., Kleinjung, T., Zumbrägel, J.: Discrete logarithms in \(\text{ GF }(2^{9234})\). NMBRTHRY list, January 2014Google Scholar
  13. 13.
    Guillevic, A.: Computing individual discrete logarithms faster in GF(\(p^n\)). Cryptology ePrint Archive, Report 2015/513, (2015). http://eprint.iacr.org/
  14. 14.
    Joux, A.: Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 177–193. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 355–379. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  16. 16.
    Joux, A., Lercier, R.: The function field sieve is quite special. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 431–445. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Joux, A., Lercier, R.: Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method. Math. Comput. 72(242), 953–967 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Joux, A., Lercier, R., Smart, N.P., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Joux, A., Pierrot, C.: The special number field sieve in \(\mathbb{F}_{p^{n}}\). In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 45–61. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  21. 21.
    Kalkbrener, M.: An upper bound on the number of monomials in determinants of sparse matrices with symbolic entries. Math. Pannonica 8(1), 73–82 (1997)MathSciNetzbMATHGoogle Scholar
  22. 22.
    Kim, T.: Extended tower number field sieve: a new complexity for medium prime case. IACR Cryptology ePrint Archive, 2015:1027 (2015)Google Scholar
  23. 23.
    Matyukhin, D.: Effective version of the number field sieve for discrete logarithm in a field GF\((p^k)\). Trudy po Discretnoi Matematike 9, 121–151 (2006). (in Russian), 2006. http://m.mathnet.ru/php/archive.phtml?wshow=paper&jrnid=tdm&paperid=144&option_lang=eng
  24. 24.
    Pierrot, C.: The multiple number field sieve with conjugation and generalized joux-lercier methods. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 156–170. Springer, Heidelberg (2015)Google Scholar
  25. 25.
    Sarkar, P., Singh, S.: Fine tuning the function field sieve algorithm for the medium prime case. IEEE Transactions on Information Theory, 99: 1–1 (2016)Google Scholar
  26. 26.
    Schirokauer, O.: Discrete logarithms and local units. Philosophical Transactions: Physical Sciences and Engineering 345, 409–423 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Schirokauer, O.: Using number fields to compute logarithms in finite fields. Math. Comp. 69(231), 1267–1283 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Schirokauer, O.: Virtual logarithms. J. Algorithms 57(2), 140–147 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Stein, W.A., et al.: Sage Mathematics Software. The Sage Development Team (2013). http://www.sagemath.org

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations