An experiment of number field sieve for discrete logarithm problem over GF(p12)

Kenichiro Hayasaka, Kazumaro Aoki, Tetsutaro Kobayashi, Tsuyoshi Takagi

研究成果: Chapter in Book/Report/Conference proceedingChapter

3 被引用数 (Scopus)


The security of pairing-based cryptography is based on the hardness of the discrete logarithm problem (DLP) over finite field GF(pn). For example, the security of the optimal Ate pairing using BN curves, which is one of the most efficient algorithms for computing paring, is based on the hardness of DLP over GF(p12). Joux et al. proposed the number field sieve over GF(pn) as an extension of the number field sieve that can efficiently solve the DLP over prime field GF(p). Two implementations of the number field sieve over GF(p3) and GF(p6) have been proposed, but there is no report on that over GF(p12) of extension degree 12. In the sieving step of the number field sieve over GF(p) we perform the sieving of two dimensions, but we have to deal with more than two dimensions in the case of number field sieves over GF(p12). In this paper we construct a lattice sieve of more than two dimensions, and discuss its parameter sizes such as the dimension of sieving and the size of sieving region from some experiments of the multi-dimensional sieving. Using the parameters suitable for efficient implementation of the number field sieve, we have solved the DLP over GF(p12) of 203 bits in about 43 hours using a PC of 16 CPU cores.

ホスト出版物のタイトルNumber Theory and Cryptography
ホスト出版物のサブタイトルPapers in Honor of Johannes Buchmann on the Ocasion of His 60th Birthday
編集者Marc Fischlin, Stefan Katzenbeisser
出版ステータス出版済み - 2013


名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
8260 LNCS

All Science Journal Classification (ASJC) codes

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)


「An experiment of number field sieve for discrete logarithm problem over GF(p12)」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。