2014
DOI: 10.1007/978-3-642-55220-5_1
|View full text |Cite
|
Sign up to set email alerts
|

A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic

Abstract: The difficulty of computing discrete logarithms in fields F q k depends on the relative sizes of k and q. Until recently all the cases had a sub-exponential complexity of type L(1/3), similar to the factorization problem. In 2013, Joux designed a new algorithm with a complexity of L(1/4 + ǫ) in small characteristic. In the same spirit, we propose in this article another heuristic algorithm that provides a quasi-polynomial complexity when q is of size at most comparable with k. By quasi-polynomial, we mean a ru… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
207
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 189 publications
(208 citation statements)
references
References 15 publications
1
207
0
Order By: Relevance
“…The main reason of our restriction is that the recent quasi-polynomial attacks on DLP of certain extension fields of small characteristics suggests not to use non-prime finite fields in cryptographic setting [37]. We note that all secure outsourcing algorithms for modular exponentiation (including the algorithms proposed in this paper) can easily be adapted to secure outsourcing algorithms for scalar multiplication of elliptic curve cryptography (ECC) by using a prime order subgroup of E(F p ) instead of the group G. Using these algorithms for scalar multiplications of elliptic curves, one can also obtain hybrid privacy preserving outsourcing algorithms for pairing-based cryptosystems by means of outsourcing private inputs of pairing functions, bilinearity property, and private exponentiations in finite fields for the realization of ID-based cryptography [36].…”
Section: Dlp Casementioning
confidence: 99%
“…The main reason of our restriction is that the recent quasi-polynomial attacks on DLP of certain extension fields of small characteristics suggests not to use non-prime finite fields in cryptographic setting [37]. We note that all secure outsourcing algorithms for modular exponentiation (including the algorithms proposed in this paper) can easily be adapted to secure outsourcing algorithms for scalar multiplication of elliptic curve cryptography (ECC) by using a prime order subgroup of E(F p ) instead of the group G. Using these algorithms for scalar multiplications of elliptic curves, one can also obtain hybrid privacy preserving outsourcing algorithms for pairing-based cryptosystems by means of outsourcing private inputs of pairing functions, bilinearity property, and private exponentiations in finite fields for the realization of ID-based cryptography [36].…”
Section: Dlp Casementioning
confidence: 99%
“…All such pairs will vanish the k-th equation of (9). We can then substitute each possible possible eigenvector in the others equations and solve the linear system involving the remaining unknowns.…”
Section: Theoretical Complexitymentioning
confidence: 99%
“…We know that there is at least one s 2 which leads to a consistent system. If N < n is odd, we can then solve (9) in O(n ω+1 ). When N is even, the situation is very similar.…”
Section: B1 Proof Of Theoremmentioning
confidence: 99%
See 1 more Smart Citation
“…In terms of efficiency, Type II pairings compare quite favorably to Type I pairings (especially at higher security levels, and particularly now that low-characteristic pairings are known to be broken [23,9]), and are close to Type III pairings: in fact, a Type II pairing computation can be reduced to a Type III one at the cost of one multiplication in G 1 [17,Note 10]. The size of the representation of elements in G 1 is also the same in the Type II and Type III settings, and usually much smaller than in Type I pairings.…”
Section: Bilinear Groupsmentioning
confidence: 99%