EUROCRYPT 2016: Advances in Cryptology – EUROCRYPT 2016 pp 429-458

# New Complexity Trade-Offs for the (Multiple) Number Field Sieve Algorithm in Non-Prime Fields

• Palash Sarkar
• Shashank Singh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9665)

## Abstract

The selection of polynomials to represent number fields crucially determines the efficiency of the Number Field Sieve (NFS) algorithm for solving the discrete logarithm in a finite field. An important recent work due to Barbulescu et al. builds upon existing works to propose two new methods for polynomial selection when the target field is a non-prime field. These methods are called the generalised Joux-Lercier (GJL) and the Conjugation methods. In this work, we propose a new method (which we denote as $$\mathcal {A}$$) for polynomial selection for the NFS algorithm in fields $$\mathbb {F}_{Q}$$, with $$Q=p^n$$ and $$n>1$$. The new method both subsumes and generalises the GJL and the Conjugation methods and provides new trade-offs for both n composite and n prime. Let us denote the variant of the (multiple) NFS algorithm using the polynomial selection method “X” by (M)NFS-X. Asymptotic analysis is performed for both the NFS-$$\mathcal {A}$$ and the MNFS-$$\mathcal {A}$$ algorithms. In particular, when $$p=L_Q(2/3,c_p)$$, for $$c_p\in [3.39,20.91]$$, the complexity of NFS-$$\mathcal {A}$$ is better than the complexities of all previous algorithms whether classical or MNFS. The MNFS-$$\mathcal {A}$$ algorithm provides lower complexity compared to NFS-$$\mathcal {A}$$ algorithm; for $$c_p\in (0, 1.12] \cup [1.45,3.15]$$, the complexity of MNFS-$$\mathcal {A}$$ is the same as that of the MNFS-Conjugation and for $$c_p\notin (0, 1.12] \cup [1.45,3.15]$$, the complexity of MNFS-$$\mathcal {A}$$ is lower than that of all previous methods.

## References

1. 1.
Adleman, L.M.: The function field sieve. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)
2. 2.
Adleman, L.M., Huang, M.-D.A.: Function field sieve method for discrete logarithms over finite fields. Inf. Comput. 151(1–2), 5–16 (1999)
3. 3.
Bai, S., Bouvier, C., Filbois, A., Gaudry, P., Imbert, L., Kruppa, A., Morain, F., Thomé, E., Zimmermann, P.: CADO-NFS, an implementation of the number field sieve algorithm. CADO-NFS, Release 2.1.1 (2014). http://cado-nfs.gforge.inria.fr/
4. 4.
Barbulescu, R.: An appendix for a recent paper of Kim. IACR Cryptology ePrint Archive 2015:1076 (2015)Google Scholar
5. 5.
Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Improving NFS for the discrete logarithm problem in non-prime finite fields. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 129–155. Springer, Heidelberg (2015)Google Scholar
6. 6.
Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014)
7. 7.
Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Iwata, T., et al. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 31–55. Springer, Heidelberg (2015). doi:
8. 8.
Barbulescu, R., Pierrot, C.: The multiple number field sieve for medium and high characteristic finite fields. LMS J. Comput. Math. 17, 230–246 (2014)
9. 9.
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3–4), 235–265 (1997). Computational algebra and number theory (London, 1993)
10. 10.
Gaudry, P., Grmy, L., Videau, M.: Collecting relations for the number field sieve in $$\text{GF}(p^6)$$. Cryptology ePrint Archive, Report 2016/124 (2016). http://eprint.iacr.org/
11. 11.
Gordon, D.M.: Discrete logarithms in $$\text{ GF }(p)$$ using the number field sieve. SIAM J. Discrete Math. 6, 124–138 (1993)
12. 12.
Granger, R., Kleinjung, T., Zumbrägel, J.: Discrete logarithms in $$\text{ GF }(2^{9234})$$. NMBRTHRY list, January 2014Google Scholar
13. 13.
Guillevic, A.: Computing individual discrete logarithms faster in GF($$p^n$$). Cryptology ePrint Archive, Report 2015/513, (2015). http://eprint.iacr.org/
14. 14.
Joux, A.: Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 177–193. Springer, Heidelberg (2013)
15. 15.
Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 355–379. Springer, Heidelberg (2014)
16. 16.
Joux, A., Lercier, R.: The function field sieve is quite special. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 431–445. Springer, Heidelberg (2002)
17. 17.
Joux, A., Lercier, R.: Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method. Math. Comput. 72(242), 953–967 (2003)
18. 18.
Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)
19. 19.
Joux, A., Lercier, R., Smart, N.P., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006)
20. 20.
Joux, A., Pierrot, C.: The special number field sieve in $$\mathbb{F}_{p^{n}}$$. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 45–61. Springer, Heidelberg (2014)
21. 21.
Kalkbrener, M.: An upper bound on the number of monomials in determinants of sparse matrices with symbolic entries. Math. Pannonica 8(1), 73–82 (1997)
22. 22.
Kim, T.: Extended tower number field sieve: a new complexity for medium prime case. IACR Cryptology ePrint Archive, 2015:1027 (2015)Google Scholar
23. 23.
Matyukhin, D.: Effective version of the number field sieve for discrete logarithm in a field GF$$(p^k)$$. Trudy po Discretnoi Matematike 9, 121–151 (2006). (in Russian), 2006. http://m.mathnet.ru/php/archive.phtml?wshow=paper&jrnid=tdm&paperid=144&option_lang=eng
24. 24.
Pierrot, C.: The multiple number field sieve with conjugation and generalized joux-lercier methods. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 156–170. Springer, Heidelberg (2015)Google Scholar
25. 25.
Sarkar, P., Singh, S.: Fine tuning the function field sieve algorithm for the medium prime case. IEEE Transactions on Information Theory, 99: 1–1 (2016)Google Scholar
26. 26.
Schirokauer, O.: Discrete logarithms and local units. Philosophical Transactions: Physical Sciences and Engineering 345, 409–423 (1993)
27. 27.
Schirokauer, O.: Using number fields to compute logarithms in finite fields. Math. Comp. 69(231), 1267–1283 (2000)
28. 28.
Schirokauer, O.: Virtual logarithms. J. Algorithms 57(2), 140–147 (2005)
29. 29.
Stein, W.A., et al.: Sage Mathematics Software. The Sage Development Team (2013). http://www.sagemath.org