Lattice Enumeration for Tower NFS: A 521-Bit Discrete Logarithm Computation
نویسندگان
چکیده
The Tower variant of the Number Field Sieve (TNFS) is known to be asymptotically most efficient algorithm solve discrete logarithm problem in finite fields medium characteristics, when extension degree composite. A major obstacle an implementation TNFS collection algebraic relations, as it happens dimension greater than 2. This requires construction new sieving algorithms which remain grows. In this article, we overcome difficulty by considering a lattice enumeration adapt specific context. We also consider area, high-dimensional sphere, whereas previous for classical NFS considered orthotope. Our technique leads much smaller running time, despite larger search space, and even target, demonstrated record computation performed 521-bit field \({\mathbb F}_{p^6}\). target same form used recent zero-knowledge proofs some blockchains. first reported TNFS.
منابع مشابه
Computation of a 768-Bit Prime Field Discrete Logarithm
This paper reports on the number field sieve computation of a 768-bit prime field discrete logarithm, describes the different parameter optimizations and resulting algorithmic changes compared to the factorization of a 768-bit RSA modulus, and briefly discusses the cryptologic relevance of the result.
متن کاملA Kilobit Hidden SNFS Discrete Logarithm Computation
We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime p looks random, and p−1 has a 160-bit pri...
متن کاملSolving a 676-Bit Discrete Logarithm Problem in GF(36n)
Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The ηT pairing on supersingular curves over GF(3) is particularly popular since it is efficiently implementable. Taking into account the Menezes-Okamoto-Vanstone (MOV) attack, the discrete logarithm problem (DLP) in GF(3) becomes a concern for the security of cryptosystems using ηT pairing...
متن کاملImproving NFS for the Discrete Logarithm Problem in Non-prime Finite Fields
The aim of this work is to investigate the hardness of the discrete logarithm problem in fields GF(p) where n is a small integer greater than 1. Though less studied than the small characteristic case or the prime field case, the difficulty of this problem is at the heart of security evaluations for torus-based and pairing-based cryptography. The best known method for solving this problem is the...
متن کاملSolving a Discrete Logarithm Problem with Auxiliary Input on a 160-Bit Elliptic Curve
A discrete logarithm problem with auxiliary input (DLPwAI) is a problem to find α from G, αG, αG in an additive cyclic group generated by an element G of prime order r, and a positive integer d satisfying d|(r − 1). The infeasibility of this problem assures the security of some cryptographic schemes. In 2006, Cheon proposed a novel algorithm for solving DLPwAI (Cheon’s algorithm). This paper re...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2021
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-030-92062-3_3