Skip to main content
SpringerLink
Log in

Technical history of discrete logarithms in small characteristic finite fields

The road from subexponential to quasi-polynomial complexity

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Due to its use in cryptographic protocols such as the Diffie–Hellman key exchange, the discrete logarithm problem attracted a considerable amount of attention in the past 40 years. In this paper, we summarize the key technical ideas and their evolution for the case of discrete logarithms in small characteristic finite fields. This road leads from the original belief that this problem was hard enough for cryptographic purpose to the current state of the art where the algorithms are so efficient and practical that the problem can no longer be considered for cryptographic use.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. This is illustrated by large-sized computations performed by many research groups in the past decades (see Table 1).

References

  1. Adj G., Menezes A., Oliveira T., Rodriguez-Henriquez F.: Weakness of \({{\mathbb{F}}_{3^{6\cdot 1429}}}\) for discrete logarithm cryptography. Cryptology ePrint Archive, Report 2013/737 (2013) http://eprint.iacr.org/.

  2. Adj G., Menezes A., Oliveira T., Rodríguez-Henríquez F.: Computing discrete logarithms in \({\mathbb{F}}_{3^{6{\cdot }137}}\) and \({\mathbb{F}}_{3^{6{\cdot }163}}\) using Magma. In: Arithmetic of Finite Fields: WAIFI’2014, pp. 3–22 (2014).

  3. Adleman L.: A subexponential algorithm for the discrete logarithm problem with applications to cryptography. In: Proceedings of the 20th Annual Symposium on Foundations of Computer Science: FOCS’79, pp. 55–60 (1979).

  4. Adleman L.M., Huang M.-D.A.: Function field sieve method for discrete logarithms over finite fields. Inf. Comput. 151(1–2), 5–16 (1999).

  5. Barbulescu R., Bouvier C., Detrey J., Gaudry P., Jeljeli H., Thomé E., Videau M., Zimmermann P.: Discrete logarithm in \({GF}(2^{809})\) with FFS. In: Public-Key Cryptography, PKC 2014, pp. 221–238 (2014).

  6. Barbulescu R., Gaudry P., Joux A., Thomé E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Advances in Cryptology: EUROCRYPT 2014, pp. 1–16 (2014).

  7. Blake I.F., Mullin R.C., Vanstone S.A.: Computing logarithms in GF(\(2^n\)). In: Advances in Cryptology, CRYPTO’84, pp. 73–82 (1984).

  8. Canfield E.R., Erdös P., Pomerance C.: On a problem of Oppenheim concerning factorisatio numerorum. J. Number Theory 17, 1–28 (1983).

  9. Coppersmith D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30(4), 587–593 (1984).

  10. Diffie W., Hellman M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976).

  11. Göloglu F., Granger R., McGuire G., Zumbrägel J.: On the function field sieve and the impact of higher splitting probabilities. In: Advances in Cryptology: CRYPTO’2013, pp. 109–128 (2013).

  12. Gordon D.M., McCurley K.S.: Massively parallel computation of discrete logarithms. In: Advances in Cryptology: CRYPTO’92, pp. 312–323 (1992).

  13. Granger R., Kleinjung T., Zumbrägel J.: Breaking “128-bit secure” supersingular binary curves (or how to solve discrete logarithms in \({{\mathbb{F}}_{2^{4 \cdot 1223}}}\)). In: Advances in Cryptology: CRYPTO’2014 (Part II), pp. 126–145 (2014).

  14. Granger R., Kleinjung T., Zumbrägel J.: On the powers of 2. Cryptology ePrint Archive, Report 2014/300 (2014) http://eprint.iacr.org/.

  15. Granger R., Kleinjung T., Zumbrägel J.: On the discrete logarithm problem in finite fields of fixed characteristic. Cryptology ePrint Archive, Report 2015/685 (2015) http://eprint.iacr.org/.

  16. Hellman M.E., Reyneri J.M.: Fast computation of discrete logarithms in GF(q). In: Advances in Cryptology: CRYPTO’82, pp. 3–13 (1982).

  17. Huang M.-D., Narayanan A.K.: Finding primitive elements in finite fields of small characteristic. CoRR, arXiv:1304.1206 (2013).

  18. Joux A.: Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields. In: Advances in Cryptology: EUROCRYPT’2013, pp. 177–193 (2013).

  19. Joux A.: A new index calculus algorithm with complexity \({L}(1/4+o(1))\) in small characteristic. In: Selected Areas in Cryptography, SAC 2013, pp. 355–379 (2013).

  20. Joux A., Lercier R.: The function field sieve is quite special. In: ANTS, pp. 431–445 (2002).

  21. Joux A., Lercier R.: The function field sieve in the medium prime case. In: Advances in Cryptology: EUROCRYPT’2006, pp. 254–270 (2006).

  22. Joux A., Pierrot C.: Improving the polynomial time precomputation of Frobenius representation discrete logarithm algorithms. In: Advances in Cryptology: ASIACRYPT’2014, pp. 378–397 (2014).

  23. Joux A., Odlyzko A., Pierrot C.: The past, evolving present, and future of the discrete logarithm. In: Koç, C.K., (ed.) Open Problems in Mathematics and Computational Science, pp. 5–36. Springer International Publishing, Berlin (2014).

  24. Lanczos C.: An iteration method for the solution of the eigenvalue problem of linear differential and integral operators. J. Res. Natl. Bur. Stand. 45(4), 255–282 (1950).

  25. Lidl R., Niederreiter H.: Finite Fields. Encyclopaedia of Mathematics and Its Applications. Cambridge University Press, New York (1997).

  26. Massierer M.: Some experiments investigating a possible \({L(1/4)}\) algorithm for the discrete logarithm problem in algebraic curves. Cryptology ePrint Archive, Report 2014/996 (2014) http://eprint.iacr.org/.

  27. Panario D., Gourdon X., Flajolet P.: An analytic approach to smooth polynomials over finite fields. In: ANTS, pp. 226–236 (1998).

  28. Pomerance C.: Fast, rigorous factorization and discrete logarithm algorithms. In: Discrete Algorithms and Complexity, pp. 119–143. Academic Press, New York (1987).

  29. Shinohara N., Shimoyama T., Hayashi T., Takagi T.: Key length estimation of pairing-based cryptosystems using eta pairing over \({GF}(3^{n})\). IEICE Trans. 97-A(1), 236–244 (2014).

  30. Shoup V.: Lower bounds for discrete logarithms and related problems. In: EUROCRYPT, pp. 256–266 (1997).

  31. von zur Gathen J., Panario D.: Factoring polynomials over finite fields: a survey. J. Symb. Comput. 31(1–2), 3–17 (2001).

  32. Wiedemann D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32(1), 54–62 (1986).

Download references

Author information

Authors and Affiliations

  1. Sorbonne Universités, UPMC Université Paris 6, UMR 7606, LIP6, 75005, Paris, France

    Antoine Joux & Cécile Pierrot

  2. CryptoExperts and Chaire de Cryptologie de la Fondation de l’UPMC, Paris, France

    Antoine Joux

  3. CNRS and Direction Générale de l’Armement, Paris, France

    Cécile Pierrot

Authors
  1. Antoine Joux
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cécile Pierrot
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antoine Joux.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the 25th Anniversary Issue.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Joux, A., Pierrot, C. Technical history of discrete logarithms in small characteristic finite fields. Des. Codes Cryptogr. 78, 73–85 (2016). https://doi.org/10.1007/s10623-015-0147-6

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-015-0147-6

Keywords

Mathematics Subject Classification

Search

Navigation