68 research outputs found
Divisibility, Smoothness and Cryptographic Applications
This paper deals with products of moderate-size primes, familiarly known as
smooth numbers. Smooth numbers play a crucial role in information theory,
signal processing and cryptography.
We present various properties of smooth numbers relating to their
enumeration, distribution and occurrence in various integer sequences. We then
turn our attention to cryptographic applications in which smooth numbers play a
pivotal role
Finding twin smooth integers by solving Pell equations
Any pair of consecutive B-smooth integers for a given smoothness bound B
corresponds to a solution (x, y) of the equation x^2 - 2Dy^2 = 1 for a certain
square-free, B-smooth integer D and a B-smooth integer y. This paper describes
algorithms to find such twin B-smooth integers that lie in a given interval by
using the structure of solutions of the above Pell equation. The problem of
finding such twin smooth integers is motivated by the quest for suitable
parameters to efficiently instantiate recent isogeny-based cryptosystems. While
the Pell equation structure of twin B-smooth integers has previously been used
to describe and compute the full set of such pairs for very small values of B,
increasing B to allow for cryptographically sized solutions makes this approach
utterly infeasible. We start by revisiting the Pell solution structure of the
set of twin smooth integers. Instead of using it to enumerate all twin smooth
pairs, we focus on identifying only those that lie in a given interval. This
restriction allows us to describe algorithms that navigate the vast set of Pell
solutions in a more targeted way. Experiments run with these algorithms have
provided examples of twin B-smooth pairs that are larger and have smaller
smoothness bound B than previously reported pairs. Unfortunately, those
examples do not yet provide better parameters for cryptography, but we hope
that our methods can be generalized or used as subroutines in future work to
achieve that goal
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
New Discrete Logarithm Computation for the Medium Prime Case Using the Function Field Sieve
International audienceThe present work reports progress in discrete logarithm computation for the general medium prime case using the function field sieve algorithm. A new record discrete logarithm computation over a 1051-bit field having a 22-bit characteristic was performed. This computation builds on and implements previously known techniques. Analysis indicates that the relation collection and descent steps are within reach for fields with 32-bit characteristic and moderate extension degrees. It is the linear algebra step which will dominate the computation time for any discrete logarithm computation over such fields
Computing endomorphism rings of elliptic curves under the GRH
We design a probabilistic algorithm for computing endomorphism rings of
ordinary elliptic curves defined over finite fields that we prove has a
subexponential runtime in the size of the base field, assuming solely the
generalized Riemann hypothesis.
Additionally, we improve the asymptotic complexity of previously known,
heuristic, subexponential methods by describing a faster isogeny-computing
routine.Comment: 11 pages, 1 figur
Computation of Discrete Logarithms in GF(2^607)
International audienceWe describe in this article how we have been able to extend the record for computations of discrete logarithms in characteristic 2 from the previous record over GF(2^503) to a newer mark of GF(2^607), using Coppersmith's algorithm. This has been made possible by several practical improvements to the algorithm. Although the computations have been carried out on fairly standard hardware, our opinion is that we are nearing the current limits of the manageable sizes for this algorithm, and that going substantially further will require deeper improvements to the method
- …