Abstract
We show that a Magma implementation of Joux’s \(L[1/4+o(1)]\) algorithm can be used to compute discrete logarithms in the 1303-bit finite field \({\mathbb F}_{3^{6 \cdot 137}}\) and the 1551-bit finite field \({\mathbb F}_{3^{6 \cdot 163}}\) with very modest computational resources. Our \({\mathbb F}_{3^{6 \cdot 137}}\) implementation was the first to illustrate the effectiveness of Joux’s algorithm for computing discrete logarithms in small-characteristic finite fields that are not Kummer or twisted-Kummer extensions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
More generally, one could consider fields \({\mathbb F}_{q^{kn}}\) where \(n \le 2q+1\). We focus on the case \(k=3\) since our target fields are \({\mathbb F}_{3^{6n}}\) with \(n \in \{137,163\}\), which we will embed in \({\mathbb F}_{(3^4)^{3 \cdot n}}\).
- 3.
For our \({\mathbb F}_{3^{6 \cdot 137}}\) and \({\mathbb F}_{3^{6 \cdot 163}}\) computations, we have \(q=3^4\) and used \(q'=3^3\), so \(s=1\) and \(\deg R = 5\).
- 4.
More precisely, since \(C\) has at most 34 prime factors, each of which is greater than the ten-millionth prime \(p=179424673\), the probability that \(g\) is a generator is at least \((1-\frac{1}{p})^{34} > 0.99999981\).
References
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \(\mathbb{F}_{3^{6 \cdot 509}}\) for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 20–44. Springer, Heidelberg (2014)
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \({\mathbb{F}}_{3^{6 \cdot 1429}}\) and \({\mathbb{F}}_{2^{4 \cdot 3041}}\) for discrete logarithm cryptography. Finite Fields and Their Applications (to appear)
Barbulescu, R., Bouvier, C., Detrey, J., Gaudry, P., Jeljeli, H., Thomé, E., Videau, M., Zimmermann, P.: Discrete logarithm in GF(2\(^{809}\)) with FFS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 221–238. Springer, Heidelberg (2014)
Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Beuchat, J., Detrey, J., Estibals, N., Okamoto, E., Rodríguez-Henríquez, F.: Fast architectures for the \(\eta _T\) pairing over small-characteristic supersingular elliptic curves. IEEE Trans. Comput. 60, 266–281 (2011)
Blake, I., Fuji-Hara, R., Mullin, R., Vanstone, S.: Computing logarithms in finite fields of characteristic two. SIAM J. Algebraic Discrete Methods 5, 276–285 (1984)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17, 297–319 (2004)
Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30, 587–594 (1984)
Coppersmith, D.: Solving homogeneous linear equations over \(GF(2)\) via block Wiedemann algorithm. Math. Comput. 62, 333–350 (1994)
The Cunningham Project. http://homes.cerias.purdue.edu/ssw/cun/
Faugère, J.: A new efficient algorithm for computing Gröbner bases (\(F_4\)). J. Pure Appl. Algebra 139, 61–88 (1999)
Frey, G., Rück, H.: A remark concerning \(m\)-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)
Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)
Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the function field sieve and the impact of higher splitting probabilities. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 109–128. Springer, Heidelberg (2013)
Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 136–152. Springer, Heidelberg (2014)
Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves (or how to solve discrete logarithms in \({\mathbb{F}}_{2^{4 \cdot 1223}}\) and \({\mathbb{F}}_{2^{12 \cdot 367}}\)). http://eprint.iacr.org/2014/119
Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit Secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014)
Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three. IEEE Trans. Comput. 54, 852–860 (2005)
Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. LMS J. Comput. Math. 9, 64–85 (2006)
Granger, R., Zumbrägel, J.: On the security of supersingular binary curves. presentation at ECC 2013 (16 September 2013)
Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing over GF(3\(^{97}\)). In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 43–60. Springer, Heidelberg (2012)
Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 355–380. Springer, Heidelberg (2014)
Joux, A.: Discrete logarithm in \(GF(2^{6128})\), Number Theory List (21 May 21 2013)
Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)
Joux, A., Pierrot, C.: Improving the polynomial time precomputation of frobenius representation discrete logarithm algorithms. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 378–397. Springer, Heidelberg (2014)
Magma v2.19-7. http://magma.maths.usyd.edu.au/magma/
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)
Pollard, J.: Monte Carlo methods for index computation mod \(p\). Math. Comput. 32, 918–924 (1978)
Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 228–244. Springer, Heidelberg (2012)
Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32, 54–62 (1986)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Magma Script for Verifying the \({\mathbb F}_{3^{6 \cdot 137}}\) discrete log
B Magma Script for Verifying the \({\mathbb F}_{3^{6 \cdot 163}}\) discrete log
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F. (2015). Computing Discrete Logarithms in \({\mathbb F}_{3^{6 \cdot 137}}\) and \({\mathbb F}_{3^{6 \cdot 163}}\) Using Magma. In: Koç, Ç., Mesnager, S., Savaş, E. (eds) Arithmetic of Finite Fields. WAIFI 2014. Lecture Notes in Computer Science(), vol 9061. Springer, Cham. https://doi.org/10.1007/978-3-319-16277-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-16277-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16276-8
Online ISBN: 978-3-319-16277-5
eBook Packages: Computer ScienceComputer Science (R0)