Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields
نویسندگان
چکیده
Since 2013 there have been several developments in algorithms for computing discrete logarithms in small-characteristic finite fields, culminating in a quasipolynomial algorithm. In this paper, we report on our successful computation of discrete logarithms in the cryptographically-interesting characteristic-three finite field F36·509 using these new algorithms; prior to 2013, it was believed that this field enjoyed a security level of 128 bits. We also show that a recent idea of Guillevic can be used to compute discrete logarithms in the cryptographically-interesting finite field F36·709 using essentially the same resources as we expended on the F36·509 computation. Finally, we argue that discrete logarithms in the finite field F36·1429 can feasibly be computed today; this is significant because this cryptographically-interesting field was previously believed to enjoy a security level of 192 bits.
منابع مشابه
Computing discrete logarithms in subfields of residue class rings
Recent breakthrough methods [GGMZ, Jou, BGJT] on computing discrete logarithms in small characteristic finite fields share an interesting feature in common with the earlier medium prime function field sieve method [JL]. To solve discrete logarithms in a finite extension of a finite field F, a polynomial h(x) ∈ F[x] of a special form is constructed with an irreducible factor g(x) ∈ F[x] of the d...
متن کاملIndiscreet logarithms in finite fields of small characteristic
Recently, several striking advances have taken place regarding the discrete logarithm problem (DLP) in finite fields of small characteristic, despite progress having remained essentially static for nearly thirty years, with the best known algorithms being of subexponential complexity. In this expository article we describe the key insights and constructions which culminated in two independent q...
متن کاملComputing Discrete Logarithms in 𝔽36...137 and 𝔽36...163 Using Magma
We show that a Magma implementation of Joux’s new L[1/4] algorithm can be used to compute discrete logarithms in the 1303-bit finite field F36·137 and the 1551-bit finite field F36·163 with very modest computational resources. Our F36·137 implementation was the first to illustrate the effectiveness of Joux’s algorithm for computing discrete logarithms in small-characteristic finite fields that ...
متن کاملOn the relation generation method of Joux for computing discrete logarithms
In [Jou], Joux devised an algorithm to compute discrete logarithms between elements in a certain subset of the multiplicative group of an extension of the finite field Fpn in time polynomial in p and n. Shortly after, Barbulescu, Gaudry, Joux and Thome [BGJT] proposed a descent algorithm that in (pn)O(log n) time projects an arbitrary element in F pn as a product of powers of elements in the af...
متن کاملFaster Individual Discrete Logarithms with the Qpa and Nfs Variants
Computing discrete logarithms in finite fields is a main concern in cryptography. The best algorithms known are the Number Field Sieve and its variants (special, high-degree, tower) in large and medium characteristic fields (e.g. GF(p2), GF(p12)); the Function Field Sieve and the Quasi Polynomialtime Algorithm in small characteristic finite fields (e.g. GF(36·509)). The last step of this family...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016