Discrete logarithm in GF(2) with FFS

We give details on solving the discrete logarithm problem in the 202-bit prime order subgroup of F2809 using the Function Field Sieve algorithm (FFS). To our knowledge, this computation is the largest discrete logarithm computation so far in a binary field extension of prime degree. The Function Field Sieve is the traditional approach for solving these problems, and has been used in previous records for such fields, namely F2619 [3] and F2613 [8]. One should note that an adaptation of the newer L(1/4 + o(1), ·) algorithm by Joux [7] also applies to computations of this kind. Presently, the crossover point between the Function Field Sieve and this newer algorithm is not known, and the present computation contributes to giving an idea of the present state of the art of what may be computed using the Function Field Sieve. Most of the software used for this computation is freely available as part of the cado-nfs software suite [1] (although cado-nfs originally focuses on the Number Field Sieve, recent additions cover FFS as well). Various improvements over the different steps of the algorithm are covered in preprints by some of the authors of the present computation [2, 4, 5, 6]. We therefore keep this report very short and refer the interested reader to these articles for more detail.