Computing Discrete Logarithms in $${\mathbb F}_{3^{6 \cdot 137}}$$ and $${\mathbb F}_{3^{6 \cdot 163}}$$ Using Magma

Adj, Gora; Menezes, Alfred; Oliveira, Thomaz; Rodríguez-Henríquez, Francisco

doi:10.1007/978-3-319-16277-5_1

Cited by 14 publications

(17 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is expected to be successful about 50% of the time. If unsuccessful, then the 'Frobenius strategy' described in [5] is employed. Namely, one has…”

Section: 21mentioning

confidence: 99%

“…be an irreducible polynomial of degree D, and let m ≥ 1. In Joux's D-to-m descent [26] (see also §2.5 of [5]), one obtains a system of 3m + 1 bilinear equations in 5m − D + 3 variables over F q .…”

Section: 3mentioning

confidence: 99%

“…However, the computations were still infeasible using existing computer technology. Then, in [5], Adj et al used ideas from [28] and [22] to improve their estimates for discrete logarithm computations in F 3 6•509 and F 3 6•1429 to 2 58.9 M q and 2 78.8 M q 2 , respectively, where M q denotes the time to perform one multiplication in F q .…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields

Adj¹,

Canales-Martínez²,

Cruz-Cortés³

et al. 2018

Advances in Mathematics of Communications

Self Cite

View full text Add to dashboard Cite

Since 2013 there have been several developments in algorithms for computing discrete logarithms in small-characteristic finite fields, culminating in a quasi-polynomial algorithm. In this paper, we report on our successful computation of discrete logarithms in the cryptographically-interesting characteristic-three finite field F 3 6•509 using these new algorithms; prior to 2013, it was believed that this field enjoyed a security level of 128 bits. We also show that a recent idea of Guillevic can be used to compute discrete logarithms in the cryptographically-interesting finite field F 3 6•709 using essentially the same resources as we expended on the F 3 6•509 computation. Finally, we argue that discrete logarithms in the finite field F 3 6•1429 can feasibly be computed today; this is significant because this cryptographically-interesting field was previously believed to enjoy a security level of 192 bits.

show abstract

“…This is expected to be successful about 50% of the time. If unsuccessful, then the 'Frobenius strategy' described in [5] is employed. Namely, one has…”

Section: 21mentioning

confidence: 99%

Section: 3mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields

Adj¹,

Canales-Martínez²,

Cruz-Cortés³

et al. 2018

Advances in Mathematics of Communications

Self Cite

View full text Add to dashboard Cite

show abstract

“…It has been reported in the literature [SV07], [GPS08], [CM11], that among the different types of pairings, it is the Type-3 pairings which provide the most compact parameter sizes and the most efficient algorithms. Further, Type-1 pairings are usually defined over low characteristics fields and recent advances [BGJT14], [Jou13], [GKZ14a], [AMORH14], [GKZ14b] in algorithms for discrete log computations over such fields have raised serious question marks about the security of Type-1 pairings [Gal14]. From both efficiency and security considerations, constructions based on Type-3 pairings are desirable.…”

Section: A Issues Regarding the Construction Of Ibbe Schemesmentioning

confidence: 99%

Efficient Adaptively Secure IBBE From the SXDH Assumption

Ramanna

Sarkar

2016

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

This paper describes the first constructions of identity-based broadcast encryption (IBBE) using Type-3 pairings which can be proved secure against adaptive-identity attacks based on the SXDH assumption (which is a static, if not a standard, assumption) achieving a security degradation which is not exponential in the size of the target identity set. The constructions are obtained by extending the currently known most efficient identity-based encryption scheme proposed by Jutla and Roy in 2013. The new constructions fill both a practical and a theoretical gap in the literature on efficient IBBE schemes.Index Terms-broadcast encryption, identity-based broadcast encryption, Type-3 pairings, dual-system encryption, standard assumptions.0018-9448 (c)

show abstract

“…We decided to attack the eta pairing [24] despite current research results which indicate that it should no longer be used for security applications, cf. [25], [26]. This was due to the fact that the eta pairing is the default for AVR devices in the attacked RELIC library [23].…”

Section: A Mathematical Details Of the Attacked Implementationmentioning

confidence: 99%

A Practical Second-Order Fault Attack against a Real-World Pairing Implementation

Blömer¹,

Silva

Gunther

et al. 2014

2014 Workshop on Fault Diagnosis and Tolerance in Cryptography

View full text Add to dashboard Cite

Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these has been practically evaluated. We accomplish this task and prove that fault attacks against pairing-based cryptography are indeed possible and even practical -thus posing a serious threat. Moreover, we successfully conduct a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We inject the first fault into the computation of the Miller Algorithm and apply the second fault to completely skip the final exponentiation. We introduce a low-cost setup that allows us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation.

show abstract

Computing Discrete Logarithms in $${\mathbb F}_{3^{6 \cdot 137}}$$ and $${\mathbb F}_{3^{6 \cdot 163}}$$ Using Magma

Cited by 14 publications

References 22 publications

Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields

Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields

Efficient Adaptively Secure IBBE From the SXDH Assumption

A Practical Second-Order Fault Attack against a Real-World Pairing Implementation

Contact Info

Product

Resources

About