Improvements in the computation of ideal class groups of imaginary quadratic number fields

We investigate improvements to the algorithm for the computation of ideal class groups described by Jacobson in the imaginary quadratic case. These improvements rely on the large prime strategy and a new method for performing the linear algebra phase. We achieve a significant speed-up and are able to compute ideal class groups with discriminants of 110 decimal digits in less than a week.Comment: 14 pages, 5 figure

Practical improvements to class group and regulator computation of real quadratic fields

We present improvements to the index-calculus algorithm for the computation of the ideal class group and regulator of a real quadratic field. Our improvements consist of applying the double large prime strategy, an improved structured Gaussian elimination strategy, and the use of Bernstein's batch smoothness algorithm. We achieve a significant speed-up and are able to compute the ideal class group structure and the regulator corresponding to a number field with a 110-decimal digit discriminant

An L(1/3) algorithm for ideal class group and regulator computation in certain number fields

International audienceWe analyse the complexity of the computation of the class group structure, regulator, and a system of fundamental units of a certain class of number fields. Our approach differs from Buchmann's, who proved a complexity bound of L(1/2,O(1)) when the discriminant tends to infinity with fixed degree. We achieve a subexponential complexity in O(L(1/3,O(1))) when both the discriminant and the degree of the extension tend to infinity by using techniques due to Enge and Gaudry in the context of algebraic curves over finite fields

Security Estimates for Quadratic Field Based Cryptosystems

We describe implementations for solving the discrete logarithm problem in the class group of an imaginary quadratic field and in the infrastructure of a real quadratic field. The algorithms used incorporate improvements over previously-used algorithms, and extensive numerical results are presented demonstrating their efficiency. This data is used as the basis for extrapolations, used to provide recommendations for parameter sizes providing approximately the same level of security as block ciphers with $80,$ $112,$ $128,$ $192,$ and $256$-bit symmetric keys

An algorithm for list decoding number field codes

We present an algorithm for list decoding codewords of algebraic number field codes in polynomial time. This is the first explicit procedure for decoding number field codes whose construction were previously described by Lenstra [12] and Guruswami [8]. We rely on a new algorithm for computing the Hermite normal form of the basis of an OK -module due to Biasse and Fieker [2] where OK is the ring of integers of a number field K

A trade-off between classical and quantum circuit size for an attack against CSIDH

International audienceWe propose a heuristic algorithm to solve the underlying hard problem of the CSIDH cryptosystem (and other isogeny-based cryp-tosystems using elliptic curves with endomorphism ring isomorphic to an imaginary quadratic order O). Let ∆ = Disc(O) (in CSIDH, ∆ = −4p for p the security parameter). Let 0 < α < 1/2, our algorithm requires: • A classical circuit of size 2Õ (log(|∆|) 1−α). • A quantum circuit of size 2Õ (log(|∆|) α). • Polynomial classical and quantum memory. Essentially, we propose to reduce the size of the quantum circuit below the state-of-the-art complexity 2Õ (log(|∆|) 1/2) at the cost of increasing the classical circuit-size required. The required classical circuit remains subexponential, which is a superpolynomial improvement over the classical state-of-the-art exponential solutions to these problems. Our method requires polynomial memory, both classical and quantum