TY - GEN
T1 - Key length estimation of pairing-based cryptosystems using η T pairing
AU - Shinohara, Naoyuki
AU - Shimoyama, Takeshi
AU - Hayashi, Takuya
AU - Takagi, Tsuyoshi
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - The security of pairing-based cryptosystems depends on the difficulty of the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the η T pairing over supersingular curves on finite fields whose characteristic is 3. Indeed many high-speed implementations of this pairing have been reported, and it is an attractive candidate for practical deployment of pairing-based cryptosystems. The embedding degree of the η T pairing is 6, so we deal with the difficulty of a DLP over the finite field GF(3 6n), where the function field sieve (FFS) is known as the asymptotically fastest algorithm of solving it. Moreover, several efficient algorithms are employed for implementation of the FFS, such as the large prime variation. In this paper, we estimate the time complexity of solving the DLP for the extension degrees n=97,163, 193,239,313,353,509, when we use the improved FFS. To accomplish our aim, we present several new computable estimation formulas to compute the explicit number of special polynomials used in the improved FFS. Our estimation contributes to the evaluation for the key length of pairing-based cryptosystems using the η T pairing.
AB - The security of pairing-based cryptosystems depends on the difficulty of the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the η T pairing over supersingular curves on finite fields whose characteristic is 3. Indeed many high-speed implementations of this pairing have been reported, and it is an attractive candidate for practical deployment of pairing-based cryptosystems. The embedding degree of the η T pairing is 6, so we deal with the difficulty of a DLP over the finite field GF(3 6n), where the function field sieve (FFS) is known as the asymptotically fastest algorithm of solving it. Moreover, several efficient algorithms are employed for implementation of the FFS, such as the large prime variation. In this paper, we estimate the time complexity of solving the DLP for the extension degrees n=97,163, 193,239,313,353,509, when we use the improved FFS. To accomplish our aim, we present several new computable estimation formulas to compute the explicit number of special polynomials used in the improved FFS. Our estimation contributes to the evaluation for the key length of pairing-based cryptosystems using the η T pairing.
UR - http://www.scopus.com/inward/record.url?scp=84859448043&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84859448043&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-29101-2_16
DO - 10.1007/978-3-642-29101-2_16
M3 - Conference contribution
AN - SCOPUS:84859448043
SN - 9783642291005
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 228
EP - 244
BT - Information Security Practice and Experience - 8th International Conference, ISPEC 2012, Proceedings
T2 - 8th International Conference on Information Security Practice and Experience, ISPEC 2012
Y2 - 9 April 2012 through 12 April 2012
ER -