Computing Discrete Logarithms in \({\mathbb F}_{3^{6 \cdot 137}}\) and \({\mathbb F}_{3^{6 \cdot 163}}\) Using Magma

  • Gora Adj
  • Alfred Menezes
  • Thomaz Oliveira
  • Francisco Rodríguez-Henríquez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9061)

Abstract

We show that a Magma implementation of Joux’s \(L[1/4+o(1)]\) algorithm can be used to compute discrete logarithms in the 1303-bit finite field \({\mathbb F}_{3^{6 \cdot 137}}\) and the 1551-bit finite field \({\mathbb F}_{3^{6 \cdot 163}}\) with very modest computational resources. Our \({\mathbb F}_{3^{6 \cdot 137}}\) implementation was the first to illustrate the effectiveness of Joux’s algorithm for computing discrete logarithms in small-characteristic finite fields that are not Kummer or twisted-Kummer extensions.

References

  1. 1.
    Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \(\mathbb{F}_{3^{6 \cdot 509}}\) for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 20–44. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  2. 2.
    Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \({\mathbb{F}}_{3^{6 \cdot 1429}}\) and \({\mathbb{F}}_{2^{4 \cdot 3041}}\) for discrete logarithm cryptography. Finite Fields and Their Applications (to appear)Google Scholar
  3. 3.
    Barbulescu, R., Bouvier, C., Detrey, J., Gaudry, P., Jeljeli, H., Thomé, E., Videau, M., Zimmermann, P.: Discrete logarithm in GF(2\(^{809}\)) with FFS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 221–238. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  4. 4.
    Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    Beuchat, J., Detrey, J., Estibals, N., Okamoto, E., Rodríguez-Henríquez, F.: Fast architectures for the \(\eta _T\) pairing over small-characteristic supersingular elliptic curves. IEEE Trans. Comput. 60, 266–281 (2011)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Blake, I., Fuji-Hara, R., Mullin, R., Vanstone, S.: Computing logarithms in finite fields of characteristic two. SIAM J. Algebraic Discrete Methods 5, 276–285 (1984)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17, 297–319 (2004)CrossRefMATHMathSciNetGoogle Scholar
  9. 9.
    Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30, 587–594 (1984)CrossRefMATHMathSciNetGoogle Scholar
  10. 10.
    Coppersmith, D.: Solving homogeneous linear equations over \(GF(2)\) via block Wiedemann algorithm. Math. Comput. 62, 333–350 (1994)MATHMathSciNetGoogle Scholar
  11. 11.
  12. 12.
    Faugère, J.: A new efficient algorithm for computing Gröbner bases (\(F_4\)). J. Pure Appl. Algebra 139, 61–88 (1999)CrossRefMATHMathSciNetGoogle Scholar
  13. 13.
    Frey, G., Rück, H.: A remark concerning \(m\)-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)MATHGoogle Scholar
  14. 14.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  15. 15.
    Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the function field sieve and the impact of higher splitting probabilities. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 109–128. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  16. 16.
    Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 136–152. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  17. 17.
    Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves (or how to solve discrete logarithms in \({\mathbb{F}}_{2^{4 \cdot 1223}}\) and \({\mathbb{F}}_{2^{12 \cdot 367}}\)). http://eprint.iacr.org/2014/119
  18. 18.
    Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit Secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  19. 19.
    Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three. IEEE Trans. Comput. 54, 852–860 (2005)CrossRefGoogle Scholar
  20. 20.
    Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. LMS J. Comput. Math. 9, 64–85 (2006)CrossRefMATHMathSciNetGoogle Scholar
  21. 21.
    Granger, R., Zumbrägel, J.: On the security of supersingular binary curves. presentation at ECC 2013 (16 September 2013)Google Scholar
  22. 22.
    Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing over GF(3\(^{97}\)). In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 43–60. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  23. 23.
    Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 355–380. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  24. 24.
    Joux, A.: Discrete logarithm in \(GF(2^{6128})\), Number Theory List (21 May 21 2013)Google Scholar
  25. 25.
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  26. 26.
    Joux, A., Pierrot, C.: Improving the polynomial time precomputation of frobenius representation discrete logarithm algorithms. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 378–397. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  27. 27.
  28. 28.
    Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)CrossRefMATHMathSciNetGoogle Scholar
  29. 29.
    Pollard, J.: Monte Carlo methods for index computation mod \(p\). Math. Comput. 32, 918–924 (1978)MATHMathSciNetGoogle Scholar
  30. 30.
    Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 228–244. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  31. 31.
    Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32, 54–62 (1986)CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Gora Adj
    • 1
  • Alfred Menezes
    • 2
  • Thomaz Oliveira
    • 1
  • Francisco Rodríguez-Henríquez
    • 1
  1. 1.Computer Science DepartmentCINVESTAV-IPNMexico CityMexico
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada

Personalised recommendations