[Adl79]
L.M. Adleman, A subexponential algorithm for the discrete logarithm problem with applications to cryptography (abstract), in FOCS (1979), pp. 55–60
[AFK89]
M. Abadi, J. Feigenbaum, J. Kilian, On hiding information from an oracle. J. Comput. Syst. Sci.
39(1), 21–50 (1989)
CrossRefMATHMathSciNet[AH99]
L.M. Adleman, M.-D.A. Huang, Function field sieve method for discrete logarithms over finite fields. Inf. Comput.
151(1–2), 5–16 (1999)
CrossRefMATHMathSciNet[BBG05]
D. Boneh, X. Boyen, E.-J. Goh, Hierarchical identity based encryption with constant size ciphertext, in EUROCRYPT (2005), pp. 440–456
[BD94]
M. Burmester, Y. Desmedt, A secure and efficient conference key distribution system (extended abstract), in EUROCRYPT (1994), pp. 275–286
[BF03]
D. Boneh, M.K. Franklin, Identity-based encryption from the Weil pairing. SIAM J. Comput.
32(3), 586–615 (2003)
CrossRefMATHMathSciNet[BGJT13]
R. Barbulescu, P. Gaudry, A. Joux, E. Thomé, A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. CoRR (2013). abs/1306.4244
[BLS04]
D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol.
17(4), 297–319 (2004)
MATHMathSciNet[BLS11]
D.J. Bernstein, T. Lange, P. Schwabe, On the correct use of the negation map in the Pollard Rho method, in Public Key Cryptography (2011), pp. 128–146
[BP14]
R. Barbulescu, C. Pierrot, The multiple number field sieve for medium and high characteristic finite fields. IACR Cryptol. ePrint Arch. 2014, 147 (2014)
[CEP83]
E.R. Canfield, P. Erdös, C. Pomerance, On a problem of Oppenheim concerning factorisatio numerorum. J. Number Theory
17, 1–28 (1983)
CrossRefMATHMathSciNet[CGH00]
R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited. CoRR (2000). cs.CR/0010019
[CHK12]
J.H. Cheon, J. Hong, M. Kim, Accelerating Pollard’s Rho algorithm on finite fields. J. Cryptol.
25(2), 195–242 (2012)
CrossRefMATHMathSciNet[Cop84]
D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory
30(4), 587–593 (1984)
CrossRefMATHMathSciNet[COS86]
D. Coppersmith, A.M. Odlyzko, R. Schroeppel, Discrete logarithms in GF(p). Algorithmica
1(1), 1–15 (1986)
CrossRefMATHMathSciNet[Den82]
D.E. Denning,
Cryptography and Data Security (Addison-Wesley, Reading, 1982)
MATH[Den02]
A.W. Dent, Adapting the weaknesses of the random oracle model to the generic group model, in ASIACRYPT (2002), pp. 100–109
[DH76]
W. Diffie, M.E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory
22(6), 644–654 (1976)
CrossRefMATHMathSciNet[DK13]
C. Diem, S. Kochinke, Computing discrete logarithms with special linear systems. Preprint (2013)
[DOW92]
W. Diffie, P.C. Oorschot, M.J. Wiener, Authentication and authenticated key exchanges. Des. Codes Cryptogr.
2(2), 107–125 (1992)
CrossRefMathSciNet[EGT11]
A. Enge, P. Gaudry, E. Thomé, An
L(1∕3) discrete logarithm algorithm for low degree curves. J. Cryptol.
24(1), 24–41 (2011)
CrossRefMATH[FJM13]
P.-A. Fouque, A. Joux, C. Mavromati, Multi-user collisions: applications to discrete logs, Even-Mansour and prince. IACR Cryptol. ePrint Arch. 2013, 761 (2013)
[FPPR12]
J.-C. Faugère, L. Perret, C. Petit, G. Renault, Improving the complexity of index calculus algorithms in elliptic curves over binary fields, in EUROCRYPT (2012), pp. 27–44
[FR94]
G. Frey, H. Georg Rück, A remark concerning
m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput.
62, 865–874 (1994)
MATH[FS86]
A. Fiat, A. Shamir, How to prove yourself: practical solutions to identification and signature problems, in CRYPTO (1986), pp. 186–194
[Gam85]
T. El Gamal, A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory
31(4), 469–472 (1985)
CrossRefMATH[GGMZ13]
F. Göloglu, R. Granger, G. McGuire, J. Zumbrägel, On the function field sieve and the impact of higher splitting probabilities—application to discrete logarithms in and, in CRYPTO (2) (2013), pp. 109–128
[GHS02]
P. Gaudry, F. Hess, N.P. Smart, Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol.
15(1), 19–46 (2002)
CrossRefMathSciNet[GKZ14]
R. Granger, T. Kleinjung, J. Zumbrägel, On the powers of 2. Cryptology ePrint Archive, Report 2014/300 (2014)
[Gor93]
D.M. Gordon, Discrete logarithms in GF(
p) using the number field sieve. SIAM J. Discrete Math.
6(1), 124–138 (1993)
CrossRefMATHMathSciNet[GTTD07]
P. Gaudry, E. Thomé, N. Thériault, C. Diem, A double large prime variation for small genus hyperelliptic index calculus. Math. Comput.
76(257), 475–492 (2007)
CrossRefMATH[HR82]
M.E. Hellman, J.M. Reyneri, Fast computation of discrete logarithms in GF(q), in CRYPTO (1982), pp. 3–13
[JL02]
A. Joux, R. Lercier, The function field sieve is quite special, in ANTS (2002), pp. 431–445
[JL03]
A. Joux, R. Lercier, Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method. Math. Comput.
72(242), 953–967 (2003)
MATHMathSciNet[JL06]
A. Joux, R. Lercier, The function field sieve in the medium prime case, in EUROCRYPT (2006), pp. 254–270
[JLSV06]
A. Joux, R. Lercier, N.P. Smart, F. Vercauteren, The number field sieve in the medium prime case, in CRYPTO (2006), pp. 326–344
[JN03]
A. Joux, K. Nguyen, Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups. J. Cryptol.
16(4), 239–247 (2003)
CrossRefMATHMathSciNet[Jou04]
A. Joux, A one round protocol for tripartite Diffie-Hellman. J. Cryptol.
17(4), 263–276 (2004)
MATHMathSciNet[Jou13a]
A. Joux, Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields, in EUROCRYPT (2013), pp. 177–193
[Jou13b]
A. Joux, A new index calculus algorithm with complexity \(L(1/4 + o(1))\) in very small characteristic. IACR Cryptol. ePrint Arch. 2013, 95 (2013)
[JP13]
A. Joux, C. Pierrot, The special number field sieve in finite fields - application to pairing-friendly constructions, in Pairing (2013), pp. 45–61
[JV12]
A. Joux, V. Vitse, Cover and decomposition index calculus on elliptic curves made practical—application to a previously unreachable curve over \(\mathbb{F}_{p^{6}}\), in EUROCRYPT (2012), pp. 9–26
[Kra22]
M. Kraïtchik,
Théorie des nombres (Gauthier-Villars, Paris, 1922)
MATH[KS01]
F. Kuhn, R. Struik, Random walks revisited: extensions of Pollard’s Rho algorithm for computing multiple discrete logarithms, in Selected Areas in Cryptography (2001), pp. 212–229
[LO90]
B.A. LaMacchia, A.M. Odlyzko, Solving large sparse linear systems over finite fields, in CRYPTO (1990), pp. 109–133
[MOV93]
A. Menezes, T. Okamoto, S.A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory
39(5), 1639–1646 (1993)
CrossRefMATHMathSciNet[MW96]
U.M. Maurer, S. Wolf, Diffie-Hellman oracles, in CRYPTO (1996), pp. 268–282
[Odl85]
A.M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance. Adv. Cryptol.
209, 224–314 (1985)
CrossRefMathSciNet[Pai99]
P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in EUROCRYPT (1999), pp. 223–238
[PGF98]
D. Panario, X. Gourdon, P. Flajolet, An analytic approach to smooth polynomials over finite fields, in ANTS (1998), pp. 226–236
[PH78]
S.C. Pohlig, M.E. Hellman, An improved algorithm for computing logarithms over gf(p) and its cryptographic significance (corresp.). IEEE Trans. Inf. Theory 24(1), 106–110 (1978)
[Pol75]
J. Pollard, A Monte Carlo method for factorization. BIT Numer. Math.,
15, 331–334 (1975)
CrossRefMATHMathSciNet[Pol78]
J. Pollard, Monte Carlo methods for index computations mod p. Math. Comput., 32(143), 918–924 (1978)
[Pom87]
C. Pomerance, Discrete Algorithms and Complexity: Proceedings of the Japan-US Joint Seminar, June 4-6, 1986, Kyoto, Japan, D. S. Johnson, T. Nishizeki, A. Nozaki and H. S. Wilf (Editors), Academic Press, New York, (1987)
[PQ12]
C. Petit, J.-J. Quisquater, On polynomial systems arising from a Weil descent, in ASIACRYPT (2012), pp. 451–466
[QD89]
J.-J. Quisquater, J.-P. Delescaille, How easy is collision search. New results and applications to DES, in CRYPTO (1989), pp. 408–413
[Sch89]
C.-P. Schnorr, Efficient identification and signatures for smart cards, in CRYPTO (1989), pp. 239–252
[Sch00]
O. Schirokauer, Using number fields to compute logarithms in finite fields. Math. Comput.
69(231), 1267–1283 (2000)
CrossRefMATHMathSciNet[Sem04]
I. Semaev, Summation polynomials and the discrete logarithm problem on elliptic curves. IACR Cryptol. ePrint Arch. 2004, 31 (2004)
[Sha71]
D. Shanks, Class number, a theory of factorization and genera, in Proceedings of the Symposium on Pure Mathematics (1971), pp. 415–440
[Sho97a]
P.W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput.
26(5), 1484–1509 (1997)
CrossRefMATHMathSciNet[Sho97b]
V. Shoup, Lower bounds for discrete logarithms and related problems, in EUROCRYPT (1997), pp. 256–266
[SWD96]
O. Schirokauer, D. Weber, T.F. Denny, Discrete logarithms: the effectiveness of the index calculus method, in ANTS (1996), pp. 337–361
[Tes00]
E. Teske, On random walks for Pollard’s Rho method. Math. Comput.
70, 809–825 (2000)
CrossRefMathSciNet[vOW99]
P.C. van Oorschot, M.J. Wiener, Parallel collision search with cryptanalytic applications. J. Cryptol.
12(1), 1–28 (1999)
CrossRefMATH[Wie86]
D.H. Wiedemann, Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory
32(1), 54–62 (1986)
CrossRefMATHMathSciNet