Solving Discrete Logarithms on a 170-Bit MNT Curve by Pairing Reduction

نویسندگان

  • Aurore Guillevic
  • François Morain
  • Emmanuel Thomé
چکیده

Pairing based cryptography is in a dangerous position following the breakthroughs on discrete logarithms computations in finite fields of small characteristic. Remaining instances are built over finite fields of large characteristic and their security relies on the fact the embedding field of the underlying curve is relatively large. How large is debatable. The aim of our work is to sustain the claim that the combination of degree 3 embedding and too small finite fields obviously does not provide enough security. As a computational example, we solve the DLP on a 170-bit MNT curve, by exploiting the pairing embedding to a 508-bit, degree-3 extension of the base field.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction

We describe a Cell processor implementation of Pollard’s rho method to solve discrete logarithms in groups of elliptic curves over prime fields. The implementation was used on a cluster of PlayStation 3 game consoles to set a new record. We present in detail the underlying single instruction multiple data modular arithmetic.

متن کامل

Weakness of F36·509 for Discrete Logarithm Cryptography

In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F36·509 = F33054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previo...

متن کامل

Solving a Discrete Logarithm Problem with Auxiliary Input on a 160-Bit Elliptic Curve

A discrete logarithm problem with auxiliary input (DLPwAI) is a problem to find α from G, αG, αG in an additive cyclic group generated by an element G of prime order r, and a positive integer d satisfying d|(r − 1). The infeasibility of this problem assures the security of some cryptographic schemes. In 2006, Cheon proposed a novel algorithm for solving DLPwAI (Cheon’s algorithm). This paper re...

متن کامل

Solving the Discrete Logarithm of a 113-Bit Koblitz Curve with an FPGA Cluster

Using FPGAs to compute the discrete logarithms of elliptic curves is a well-known method. However, until to date only CPU clusters succeeded in computing new elliptic curve discrete logarithm records. This work presents a high-speed FPGA implementation that was used to compute the discrete logarithm of a 113-bit Koblitz curve. The core of the design is a fully unrolled, highly pipelined, self-s...

متن کامل

Weakness of 𝔽36·509 for Discrete Logarithm Cryptography

In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F36·509 = F33054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previo...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2016  شماره 

صفحات  -

تاریخ انتشار 2016