Top

Published in:

2015 | OriginalPaper | Chapter

Computing Individual Discrete Logarithms Faster in \({{\mathrm{GF}}}(p^n)\) with the NFS-DL Algorithm

Author : Aurore Guillevic

Published in: Advances in Cryptology -- ASIACRYPT 2015

Publisher: Springer Berlin Heidelberg

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Number Field Sieve (NFS) algorithm is the best known method to compute discrete logarithms (DL) in finite fields \({{\mathbb F}}_{p^n}\), with p medium to large and \(n \ge 1\) small. This algorithm comprises four steps: polynomial selection, relation collection, linear algebra and finally, individual logarithm computation. The first step outputs two polynomials defining two number fields, and a map from the polynomial ring over the integers modulo each of these polynomials to \({{\mathbb F}}_{p^n}\). After the relation collection and linear algebra phases, the (virtual) logarithm of a subset of elements in each number field is known. Given the target element in \({{\mathbb F}}_{p^n}\), the fourth step computes a preimage in one number field. If one can write the target preimage as a product of elements of known (virtual) logarithm, then one can deduce the discrete logarithm of the target.

As recently shown by the Logjam attack, this final step can be critical when it can be computed very quickly. But we realized that computing an individual DL is much slower in medium- and large-characteristic non-prime fields \({{\mathbb F}}_{p^n}\) with \(n \ge 3\), compared to prime fields and quadratic fields \({{\mathbb F}}_{p^2}\). We optimize the first part of individual DL: the booting step, by reducing dramatically the size of the preimage norm. Its smoothness probability is higher, hence the running-time of the booting step is much improved. Our method is very efficient for small extension fields with \(2 \le n \le 6\) and applies to any \(n > 1\), in medium and large characteristic.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter New Realizations of Somewhere Statistically Binding Hashing and Positional Accumulators

next chapter Multiple Discrete Logarithm Problems with Auxiliary Inputs

One computes the derivative of the function \(h_{a,b}(x) = a \sqrt{x} + \frac{b}{x}\): this is \(h^{'}_{a,b}(x) = \frac{a}{2\sqrt{x}} - \frac{b}{x^2}\) and find that the minimum of h for \(x>0\) is \(h_{a,b}((\frac{2b}{a})^{2/3}) = 3(\frac{a^2b}{4})^{1/3}\). With \(a = 2/3^{1/2}\) and \(b = e/3\), we obtain the minimum: \(h((\frac{e^2}{3})^{1/3}) = (3e)^{1/3}\).

Adleman, L.: A subexponential algorithm for the discrete logarithm problem with applications to cryptography. In: 20th FOCS, pp. 55–60. IEEE Computer Society Press, October 1979

Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thomé, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Béguelin, S., Zimmermann, P.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: CCS 2015, October 2015, to appear. https://weakdh.org/imperfect-forward-secrecy.pdf

Barbulescu, R., Pierrot, C.: The multiple number field sieve for medium- and high-characteristic finite fields. LMS J. Comput. Math. 17, 230–246 (2014). http://journals.cambridge.org/article_S1461157014000369

Barbulescu, R.: Algorithmes de logarithmes discrets dans les corps finis. Ph.D. thesis, Université de Lorraine (2013)

Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Discrete logarithms in GF(\(p^2\)) - 180 digits (2014), announcement available at the NMBRTHRY archives. https://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;2ddabd4c.1406

Barbulescu, R., Gaudry, P., Guillevic, A., Morain, F.: Improving NFS for the discrete logarithm problem in non-prime finite fields. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 129–155. Springer, Heidelberg (2015)

Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014) CrossRef

Blake, I.F., Mullin, R.C., Vanstone, S.A.: Computing logarithms in \(GF(2^n)\). In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 73–82. Springer, Heidelberg (1985) CrossRef

Canfield, E.R., Erdös, P., Pomerance, C.: On a problem of Oppenheim concerning “factorisatio numerorum”. J. Number Theor. 17(1), 1–28 (1983)MathSciNetCrossRefMATH

10.

Chen, Y.: Réduction de réseau et sécurité concréte du chiffrement complétement homomorphe. Ph.D. thesis, Université Paris 7 Denis Diderot (2013)

11.

Commeine, A., Semaev, I.A.: An algorithm to solve the discrete logarithm problem with the number field sieve. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 174–190. Springer, Heidelberg (2006) CrossRef

12.

Coppersmith, D.: Modifications to the number field sieve. J. Cryptol. 6(3), 169–180 (1993)MathSciNetCrossRefMATH

13.

Coppersmith, D., Odlzyko, A.M., Schroeppel, R.: Discrete logarithms in GF(\(p\)). Algorithmica 1(1–4), 1–15 (1986). http://dx.doi.org/10.1007/BF01840433 MathSciNetCrossRefMATH

14.

Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008) CrossRef

15.

Gordon, D.M.: Discrete logarithms in GF\((p)\) using the number field sieve. SIAM J. Discrete Math. 6, 124–138 (1993)MathSciNetCrossRefMATH

16.

Hayasaka, K., Aoki, K., Kobayashi, T., Takagi, T.: An experiment of number field sieve for discrete logarithm problem over GF(p \(^\text{12 }\)). In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 108–120. Springer, Heidelberg (2013)

17.

Joux, A., Lercier, R.: Improvements to the general number field for discrete logarithms in prime fields. Math. Comput. 72(242), 953–967 (2003)MathSciNetCrossRefMATH

18.

Joux, A., Lercier, R., Naccache, D., Thomé, E.: Oracle-assisted static Diffie-Hellman is easier than discrete logarithms. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 351–367. Springer, Heidelberg (2009) CrossRef

19.

Joux, A., Lercier, R., Smart, N.P., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006) CrossRef

20.

Kalkbrener, M.: An upper bound on the number of monomials in determinants of sparse matrices with symbolic entries. Mathematica Pannonica 73, 82 (1997)MathSciNetMATH

21.

Lenstra, A., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982). http://dx.doi.org/10.1007/BF01457454 MathSciNetCrossRefMATH

22.

Matyukhin, D.: Effective version of the number field sieve for discrete logarithms in the field GF\((p^k)\) (in Russian). Trudy po Discretnoi Matematike 9, 121–151 (2006)

23.

Pierrot, C.: The multiple number field sieve with conjugation and generalized joux-lercier methods. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 156–170. Springer, Heidelberg (2015)

24.

Weber, D.: Computing discrete logarithms with quadratic number rings. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 171–183. Springer, Heidelberg (1998) CrossRef

25.

Zajac, P.: Discrete logarithm problem in degree six finite fields. Ph.D. thesis, Slovak University of Technology (2008)

Title: Computing Individual Discrete Logarithms Faster in with the NFS-DL Algorithm
Author: Aurore Guillevic
Publisher: Springer Berlin Heidelberg
Book: Advances in Cryptology -- ASIACRYPT 2015
Print ISBN: 978-3-662-48796-9

Electronic ISBN: 978-3-662-48797-6

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-662-48797-6_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner