Solving a 676-bit discrete logarithm problem in GF(36n)

Takuya Hayashi; Naoyuki Shinohara; Lihua Wang; Shin'ichiro Matsuo; Masaaki Shirase; Tsuyoshi Takagi

doi:10.1587/transfun.E95.A.204

Solving a 676-bit discrete logarithm problem in GF(36ⁿ)

Takuya Hayashi, Naoyuki Shinohara, Lihua Wang, Shin'ichiro Matsuo, Masaaki Shirase, Tsuyoshi Takagi

先進暗号数理デザイン室

研究成果: ジャーナルへの寄稿 › 学術誌 › 査読

4 被引用数 (Scopus)

抄録

Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The ηT pairing on supersingular curves over GF(3ⁿ) is particularly popular since it is efficiently implementable. Taking into account the Menezes-Okamoto-Vanstone attack, the discrete logarithm problem (DLP) in GF(3⁶ⁿ) becomes a concern for the security of cryptosystems using ηT pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the medium prime case, named JL06-FFS. We have, however, not yet found any practical implementations on JL06-FFS over GF(3⁶ⁿ). Therefore, we first fulfill such an implementation and we successfully set a new record for solving the DLP in GF(36n), the DLP in GF(3^6.71) of 676-bit size. In addition, we also compare JL06-FFS and an earlier version, named JL02-FFS, with practical experiments. Our results confirm that the former is several times faster than the latter under certain conditions.

本文言語	英語
ページ（範囲）	204-212
ページ数	9
ジャーナル	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
巻	E-95-A
号	1
DOI	https://doi.org/10.1587/transfun.E95.A.204
出版ステータス	出版済み - 1月 2012

!!!All Science Journal Classification (ASJC) codes

信号処理
コンピュータグラフィックスおよびコンピュータ支援設計
電子工学および電気工学
応用数学

文献へのアクセス

10.1587/transfun.E95.A.204

他のファイルとリンク

引用スタイル

@article{b8e0e44190d046648d8cda6fbb03be13,

title = "Solving a 676-bit discrete logarithm problem in GF(36n)",

abstract = "Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The ηT pairing on supersingular curves over GF(3n) is particularly popular since it is efficiently implementable. Taking into account the Menezes-Okamoto-Vanstone attack, the discrete logarithm problem (DLP) in GF(36n) becomes a concern for the security of cryptosystems using ηT pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the medium prime case, named JL06-FFS. We have, however, not yet found any practical implementations on JL06-FFS over GF(36n). Therefore, we first fulfill such an implementation and we successfully set a new record for solving the DLP in GF(36n), the DLP in GF(36.71) of 676-bit size. In addition, we also compare JL06-FFS and an earlier version, named JL02-FFS, with practical experiments. Our results confirm that the former is several times faster than the latter under certain conditions.",

author = "Takuya Hayashi and Naoyuki Shinohara and Lihua Wang and Shin'ichiro Matsuo and Masaaki Shirase and Tsuyoshi Takagi",

year = "2012",

month = jan,

doi = "10.1587/transfun.E95.A.204",

language = "English",

volume = "E-95-A",

pages = "204--212",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "1",

}

TY - JOUR

T1 - Solving a 676-bit discrete logarithm problem in GF(36n)

AU - Hayashi, Takuya

AU - Shinohara, Naoyuki

AU - Wang, Lihua

AU - Matsuo, Shin'ichiro

AU - Shirase, Masaaki

AU - Takagi, Tsuyoshi

PY - 2012/1

Y1 - 2012/1

N2 - Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The ηT pairing on supersingular curves over GF(3n) is particularly popular since it is efficiently implementable. Taking into account the Menezes-Okamoto-Vanstone attack, the discrete logarithm problem (DLP) in GF(36n) becomes a concern for the security of cryptosystems using ηT pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the medium prime case, named JL06-FFS. We have, however, not yet found any practical implementations on JL06-FFS over GF(36n). Therefore, we first fulfill such an implementation and we successfully set a new record for solving the DLP in GF(36n), the DLP in GF(36.71) of 676-bit size. In addition, we also compare JL06-FFS and an earlier version, named JL02-FFS, with practical experiments. Our results confirm that the former is several times faster than the latter under certain conditions.

AB - Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The ηT pairing on supersingular curves over GF(3n) is particularly popular since it is efficiently implementable. Taking into account the Menezes-Okamoto-Vanstone attack, the discrete logarithm problem (DLP) in GF(36n) becomes a concern for the security of cryptosystems using ηT pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the medium prime case, named JL06-FFS. We have, however, not yet found any practical implementations on JL06-FFS over GF(36n). Therefore, we first fulfill such an implementation and we successfully set a new record for solving the DLP in GF(36n), the DLP in GF(36.71) of 676-bit size. In addition, we also compare JL06-FFS and an earlier version, named JL02-FFS, with practical experiments. Our results confirm that the former is several times faster than the latter under certain conditions.

UR - http://www.scopus.com/inward/record.url?scp=84855331041&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84855331041&partnerID=8YFLogxK

U2 - 10.1587/transfun.E95.A.204

DO - 10.1587/transfun.E95.A.204

M3 - Article

AN - SCOPUS:84855331041

VL - E-95-A

SP - 204

EP - 212

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -