12,957 research outputs found
New Discrete Logarithm Computation for the Medium Prime Case Using the Function Field Sieve
International audienceThe present work reports progress in discrete logarithm computation for the general medium prime case using the function field sieve algorithm. A new record discrete logarithm computation over a 1051-bit field having a 22-bit characteristic was performed. This computation builds on and implements previously known techniques. Analysis indicates that the relation collection and descent steps are within reach for fields with 32-bit characteristic and moderate extension degrees. It is the linear algebra step which will dominate the computation time for any discrete logarithm computation over such fields
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
Discrete logarithm computations over finite fields using Reed-Solomon codes
Cheng and Wan have related the decoding of Reed-Solomon codes to the
computation of discrete logarithms over finite fields, with the aim of proving
the hardness of their decoding. In this work, we experiment with solving the
discrete logarithm over GF(q^h) using Reed-Solomon decoding. For fixed h and q
going to infinity, we introduce an algorithm (RSDL) needing O (h! q^2)
operations over GF(q), operating on a q x q matrix with (h+2) q non-zero
coefficients. We give faster variants including an incremental version and
another one that uses auxiliary finite fields that need not be subfields of
GF(q^h); this variant is very practical for moderate values of q and h. We
include some numerical results of our first implementations
Computing discrete logarithms in subfields of residue class rings
Recent breakthrough methods \cite{gggz,joux,bgjt} on computing discrete
logarithms in small characteristic finite fields share an interesting feature
in common with the earlier medium prime function field sieve method \cite{jl}.
To solve discrete logarithms in a finite extension of a finite field \F, a
polynomial h(x) \in \F[x] of a special form is constructed with an
irreducible factor g(x) \in \F[x] of the desired degree. The special form of
is then exploited in generating multiplicative relations that hold in
the residue class ring \F[x]/h(x)\F[x] hence also in the target residue class
field \F[x]/g(x)\F[x]. An interesting question in this context and addressed
in this paper is: when and how does a set of relations on the residue class
ring determine the discrete logarithms in the finite fields contained in it? We
give necessary and sufficient conditions for a set of relations on the residue
class ring to determine discrete logarithms in the finite fields contained in
it. We also present efficient algorithms to derive discrete logarithms from the
relations when the conditions are met. The derived necessary conditions allow
us to clearly identify structural obstructions intrinsic to the special
polynomial in each of the aforementioned methods, and propose
modifications to the selection of so as to avoid obstructions.Comment: arXiv admin note: substantial text overlap with arXiv:1312.167
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
- …