1,010 research outputs found
Root optimization of polynomials in the number field sieve
The general number field sieve (GNFS) is the most efficient algorithm known
for factoring large integers. It consists of several stages, the first one
being polynomial selection. The quality of the chosen polynomials in polynomial
selection can be modelled in terms of size and root properties. In this paper,
we describe some algorithms for selecting polynomials with very good root
properties.Comment: 16 pages, 18 reference
Root optimization of polynomials in the number field sieve
International audienceThe general number field sieve (GNFS) is the most efficient algorithm known for factoring large integers. It consists of several stages, the first one being polynomial selection. The quality of the chosen polynomials in polynomial selection can be modelled in terms of size and root properties. In this paper, we describe some algorithms for selecting polynomials with very good root properties
Montgomery's method of polynomial selection for the number field sieve
The number field sieve is the most efficient known algorithm for factoring
large integers that are free of small prime factors. For the polynomial
selection stage of the algorithm, Montgomery proposed a method of generating
polynomials which relies on the construction of small modular geometric
progressions. Montgomery's method is analysed in this paper and the existence
of suitable geometric progressions is considered
The large sieve, monodromy and zeta functions of curves
We prove a large sieve statement for the average distribution of Frobenius
conjugacy classes in arithmetic monodromy groups over finite fields. As a first
application we prove a stronger version of a result of Chavdarov on the
``generic'' irreducibility of the numerator of the zeta functions in a family
of curves with large monodromy.Comment: 30 page
Computing the endomorphism ring of an ordinary elliptic curve over a finite field
We present two algorithms to compute the endomorphism ring of an ordinary
elliptic curve E defined over a finite field F_q. Under suitable heuristic
assumptions, both have subexponential complexity. We bound the complexity of
the first algorithm in terms of log q, while our bound for the second algorithm
depends primarily on log |D_E|, where D_E is the discriminant of the order
isomorphic to End(E). As a byproduct, our method yields a short certificate
that may be used to verify that the endomorphism ring is as claimed.Comment: 16 pages (minor edits
Security Analysis of Pairing-based Cryptography
Recent progress in number field sieve (NFS) has shaken the security of
Pairing-based Cryptography. For the discrete logarithm problem (DLP) in finite
field, we present the first systematic review of the NFS algorithms from three
perspectives: the degree , constant , and hidden constant in
the asymptotic complexity and indicate that further
research is required to optimize the hidden constant. Using the special
extended tower NFS algorithm, we conduct a thorough security evaluation for all
the existing standardized PF curves as well as several commonly utilized
curves, which reveals that the BN256 curves recommended by the SM9 and the
previous ISO/IEC standard exhibit only 99.92 bits of security, significantly
lower than the intended 128-bit level. In addition, we comprehensively analyze
the security and efficiency of BN, BLS, and KSS curves for different security
levels. Our analysis suggests that the BN curve exhibits superior efficiency
for security strength below approximately 105 bit. For a 128-bit security
level, BLS12 and BLS24 curves are the optimal choices, while the BLS24 curve
offers the best efficiency for security levels of 160bit, 192bit, and 256bit.Comment: 8 figures, 8 tables, 5121 word
- …