1,869 research outputs found
A kilobit hidden SNFS discrete logarithm computation
We perform a special number field sieve discrete logarithm computation in a
1024-bit prime field. To our knowledge, this is the first kilobit-sized
discrete logarithm computation ever reported for prime fields. This computation
took a little over two months of calendar time on an academic cluster using the
open-source CADO-NFS software. Our chosen prime looks random, and
has a 160-bit prime factor, in line with recommended parameters for the Digital
Signature Algorithm. However, our p has been trapdoored in such a way that the
special number field sieve can be used to compute discrete logarithms in
, yet detecting that p has this trapdoor seems out of reach.
Twenty-five years ago, there was considerable controversy around the
possibility of back-doored parameters for DSA. Our computations show that
trapdoored primes are entirely feasible with current computing technology. We
also describe special number field sieve discrete log computations carried out
for multiple weak primes found in use in the wild. As can be expected from a
trapdoor mechanism which we say is hard to detect, our research did not reveal
any trapdoored prime in wide use. The only way for a user to defend against a
hypothetical trapdoor of this kind is to require verifiably random primes
A deterministic version of Pollard's p-1 algorithm
In this article we present applications of smooth numbers to the
unconditional derandomization of some well-known integer factoring algorithms.
We begin with Pollard's algorithm, which finds in random polynomial
time the prime divisors of an integer such that is smooth. We
show that these prime factors can be recovered in deterministic polynomial
time. We further generalize this result to give a partial derandomization of
the -th cyclotomic method of factoring () devised by Bach and
Shallit.
We also investigate reductions of factoring to computing Euler's totient
function . We point out some explicit sets of integers that are
completely factorable in deterministic polynomial time given . These
sets consist, roughly speaking, of products of primes satisfying, with the
exception of at most two, certain conditions somewhat weaker than the
smoothness of . Finally, we prove that oracle queries for
values of are sufficient to completely factor any integer in less
than deterministic
time.Comment: Expanded and heavily revised version, to appear in Mathematics of
Computation, 21 page
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Maps between curves and arithmetic obstructions
Let X and Y be curves over a finite field. In this article we explore methods
to determine whether there is a rational map from Y to X by considering
L-functions of certain covers of X and Y and propose a specific family of
covers to address the special case of determining when X and Y are isomorphic.
We also discuss an application to factoring polynomials over finite fields.Comment: 8 page
Computing cardinalities of Q-curve reductions over finite fields
We present a specialized point-counting algorithm for a class of elliptic
curves over F\_{p^2} that includes reductions of quadratic Q-curves modulo
inert primes and, more generally, any elliptic curve over F\_{p^2} with a
low-degree isogeny to its Galois conjugate curve. These curves have interesting
cryptographic applications. Our algorithm is a variant of the
Schoof--Elkies--Atkin (SEA) algorithm, but with a new, lower-degree
endomorphism in place of Frobenius. While it has the same asymptotic asymptotic
complexity as SEA, our algorithm is much faster in practice.Comment: To appear in the proceedings of ANTS-XII. Added acknowledgement of
Drew Sutherlan
- …