nach oben

Journal of Cryptology

Erschienen in:

29.01.2018

Updating Key Size Estimations for Pairings

verfasst von: Razvan Barbulescu, Sylvain Duquesne

Erschienen in: Journal of Cryptology | Ausgabe 4/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recent progress on NFS imposed a new estimation of the security of pairings. In this work we study the best attacks against some of the most popular pairings and propose new key sizes using an analysis which is more precise than the analysis in a recent article of Menezes, Sarkar and Singh. We also select pairing-friendly curves for standard security levels.

Vorheriger Artikel Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version

Nächster Artikel Small CRT-Exponent RSA Revisited

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

G. Adj, I. Canales-Martínez, N. C. Cortés, A. Menezes, T. Oliveira, L. Rivera-Zamarripa, F. Rodríguez-Henríquez, Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields. Cryptology ePrint Archive, Report 2016/914 (2016)

L.M. Adleman, The function field sieve, in Algorithmic Number Theory Symposium—ANTS I. Lecture Notes in Computer Science, vol. 877 (1994), pp. 108–121

D.F. Aranha, L. Fuentes-Castañeda, E. Knapp, A. Menezes, F. Rodríguez-Henríquez, Implementing pairings at the 192-bit security level, in Pairing-based cryptography—PAIRING 2012. Lecture Notes in Computer Science, vol. 7708 (2013)CrossRef

K. Aoki, J. Franke, T. Kleinjung, A. Lenstra, D.A. Osvik, A kilobit special number field sieve factorization. in Advances in Cryptology—ASIACRYPT 2007. Lecture notes in computer science, vol. 4833 (2007), pp. 1–12

L.M. Adleman, M.D.A. Huang, Function field sieve method for discrete logarithms over finite fields. Inf. Comput. 151(1), 5–16 (1999)MathSciNetMATHCrossRef

D. Aranha, K. Karabina, P. Longa, C. H. Gebotys, J López, Faster explicit formulas for computing pairings over ordinary curves, in Advances in Cryptology EUROCRYPT 2011. Lecture Notes in Computer Science, vol. 6632 (2011), pp. 48–68CrossRef

G. Adj, A. Menezes, T. Oliveira, F. Rodriguez-Henriquez, Weakness of \({\mathbb{F}} _{3^{6\cdot 1429}}\) and \({\mathbb{F}} _{2^{4\cdot 3041}}\) for discrete logarithm cryptography. Finite Fields Their Appl. 32, 148–170 (2015)MathSciNetMATH

P.S.L.M. Barreto, C. Costello, R. Misoczki, M. Naehrig, G.C.C.F. Pereira, G. Zanon, Subgroup security in pairing-based cryptography, in K. Lauter, F. Rodríguez-Henríquez, editors, Progress in Cryptology – LATINCRYPT 2015: 4th International Conference on Cryptology and Information Security in Latin America, Guadalajara, Mexico, August 23–26, 2015, Proceedings (Springer International Publishing, Cham, 2015), pp. 245–265MATHCrossRef

R. Barbulescu, S. Duquesne, Online supplement for “updating keysizes of pairings” (2017). Downloadable from https://webusers.imj-prg.fr/~razvan.barbaud/Pairings/Pairings.html.

10.

D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, in Advances in Cryptology—CRYPTO 2001. Lecture notes in computer science, vol. 2139 (2001), pp. 213–229CrossRef

11.

R. Barbulescu, P. Gaudry, A. Guillevic, F. Morain, Discrete logarithms in GF(\(p^2\))—160 digits (2014). Announcement available at the NMBRTHRY archives, item 004706

12.

R. Barbulescu, P. Gaudry, A. Guillevic, F. Morain, Improving NFS for the discrete logarithm problem in non-prime finite fields, in Advances in Cryptology—EUROCRYPT 2015. Lecture Notes in Computer Science, vol. 9056 (2015), pp. 129–155MATHCrossRef

13.

R. Barbulescu, P. Gaudry, A. Guillevic, F. Morain, New record in \({\mathbb{F}}_{p^3}\), (2015). Available online at https://webusers.imj-prg.fr/~razvan.barbaud/p3dd52.pdf

14.

C. Bouvier, P. Gaudry, L. Imbert, H. Jeljeli, E. Thomé, Discrete logarithms in GF(p)—180 digits, (2014). Announcement available at the NMBRTHRY archives, item 004703

15.

R. Barbulescu, P. Gaudry, A. Joux, E. Thomé, A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic, in Advances in Cryptology—EUROCRYPT 2014. Lecture Notes in Computer Science, vol. 8441 (2014), pp. 1–16MATH

16.

R. Barbulescu, P. Gaudry, T. Kleinjung, The tower number field sieve, in Advances in Cryptology—ASIACRYPT 2015. Lecture Notes in Computer Science, vol. 9453 (2015), pp. 31–55CrossRef

17.

D. Boneh, C. Gentry, B. Waters, Collusion resistant broadcast encryption with short ciphertexts and private keys, in Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621 (2005), pp. 258–275CrossRef

18.

J. Bos, M. Kaihara, T. Kleinjung, A. Lenstra, P. Montgomery, On the security of 1024-bit RSA and 160-bit elliptic curve cryptography. Cryptology ePrint Archive, Report 2009/389

19.

R. Barbulescu, A. Lachand, Some mathematical remarks on the polynomial selection in NFS. Math. Comput. 86(303), 397–418 (2017)MathSciNetMATHCrossRef

20.

J. P. Buhler, H. Lenstra Jr., C. Pomerance, Factoring integers with the number field sieve, in The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554 (Springer, 1993), pp. 50–94

21.

P. Barreto, B. Lynn, M. Scott, Constructing elliptic curves with prescribed embedding degrees, in Security in Communication Networks. Lecture Notes in Computer Science, vol. 2576 (2003), pp. 257–267CrossRef

22.

D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)MathSciNetMATHCrossRef

23.

P. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order. in Selected Areas in Cryptography–SAC 2005. Lecture Notes in Computer Science, vol. 3006 (2005), pp. 319–331CrossRef

24.

R. Barbulescu, C. Pierrot, The multiple number field sieve for medium- and high-characteristic finite fields. LMS J. Comput. Math. 17, 230–246 (2014). The published version contains an error which is corrected in version 2 available at https://hal.inria.fr/hal-00952610.MathSciNetMATHCrossRef

25.

E. R. Canfield, P. Erdös, C. Pomerance, On a problem of Oppenheim concerning factorisatio numerorum. J. Number Theory 17(1), 1–28 (1983)MathSciNetMATHCrossRef

26.

S. Cavallar Hedwig, On the number field sieve integer factorisation algorithm. PhD thesis, Universiteit Leiden (2002)

27.

D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30(4), 587–594 (1984)MathSciNetMATHCrossRef

28.

D. Coppersmith, Solving linear equations over GF(2): block Lanczos algorithm. Linear Algebra Appl. 192, 33–60 (1993)MathSciNetMATHCrossRef

29.

D. Coppersmith, Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Math. Comput. 62(205), 333–350 (1994)MathSciNetMATH

30.

A. Commeine, I. Semaev, An algorithm to solve the discrete logarithm problem with the number field sieve, in Public Key Cryptography—PKC 2006. Lecture Notes in Computer Science, vol. 3958 (2006), pp. 174–190CrossRef

31.

R. Cheung, S.Duquesne, J. Fan, N. Guillermin, I. Verbauwhede, G. X. Yao, FPGA implementation of pairings using residue number system and lazy reduction, in Cryptographic Hardware and Embedded Systems—CHES 2011. Lecture Notes in Computer Science, vol. 6917 (2011), pp. 421–441MATHCrossRef

32.

J. Detrey, FFS factory: Adapting Coppersmith’s “factorization factory” to the function field sieve. Cryptology ePrint Archive, Report 2014/419 (2014)

33.

S. Duquesne, N. El Mrabet, S. Haloui, F. Rondepierre, Choosing and generating parameters for low level pairing implementation on BN curves. Cryptology ePrint Archive, Report 2015/1212 (2015)

34.

A. J. Devegili, M. Scott, R. Dahab, Implementing cryptographic pairings over Barreto–Naehrig curve, in Pairing-Based Cryptography—Pairing 2007. Lecture Notes in Computer Science, vol. 4575 (2007), pp. 197–207

35.

N. El Mrabet, M. Joye, Guide to Pairing-Based Cryptography. Chapman & Hall/CRC Cryptography and Network Security Series (CRC Press, 2017)

36.

J. Fried, P. Gaudry, N. Heninger, E. Thomé, A kilobit hidden SNFS discrete logarithm computation, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 10210 (2017), pp. 202–231

37.

L. Fuentes-Castañeda, E. Knapp, F. Rdríuez-Henríquez, Faster hashing to \({\mathbb{G}}_{2}\), in Selected Areas in Cryptography—SAC 2011. Lecture Notes in Computer Science, vol. 7118 (2011), pp. 412–430

38.

D. Freeman, M. Scott, E. Teske, A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)MathSciNetMATHCrossRef

39.

G. Grewal, R. Azarderakhsh, P. Longa, S. Hu, D. Jao, Efficient implementation of bilinear pairings on ARM processors, in Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7707 (2013), pp. 149–165CrossRef

40.

L. Ghammam, E. Fouotsa, Adequate elliptic curves for computing the product of n pairings, in Arithmetic of Finite Fields—WAIFI 2016. Lecture Notes in Computer Science, vol. 10064 (2016), pp. 36–352MATHCrossRef

41.

L. Grémy, A. Guillevic, F. Morain, E. Thomé, Computing discrete logarithms in GF(\(p^6\)), in Selected Areas in Cryptography—SAC 2017. Lecture notes in computer science (2017)

42.

F. Göloğlu, R. Granger, G. McGuire, J. Zumbrägel, On the function field sieve and the impact of higher splitting probabilities: application to discrete logarithms in \({\mathbb{F}}_{2^{1971}}\) (2013), Cryptology ePrint Archive, Report 2013/074

43.

F. Göloğlu, R. Granger, G. McGuire, J. Zumbrägel, Solving a 6120-bit DLP on a desktop computer, in Selected Areas in Cryptography—SAC. Lecture Notes in Computer Science, vol. 8282 (2013), pp. 136–152

44.

P. Gaudry, L. Grémy, M. Videau, Collecting relations in the number field sieve in GF(\(p^6\)). LMS J. Comput. Math. 19(A), 332–350 (2016)MathSciNetMATHCrossRef

45.

R. Granger, T. Kleinjung, J. Zumbrägel, Breaking 128-bit secure supersingular binary curves, in Advances in Cryptology—CRYPTO 2014. Lecture Notes in Computer Science, vol. 8617 (2014), pp. 126–145MATHCrossRef

46.

R. Granger, T. Kleinjung, J. Zumbrägel, On the powers of 2. Cryptology ePrint Archive, Report 2014/300 (2014)

47.

R. Granger, T. Kleinjung, and J. Zumbrägel, On the discrete logarithm problem in finite fields of fixed characteristic. Trans. Am. Math. Soc. (2017)

48.

A. Guillevic, F. Morain, E. Thomé, Solving discrete logarithms on a 170-bit MNT curve by pairing reduction, in Selected Areas in Cryptography—SAC 2016. Lecture Notes of Computer Science, vol. 10532 (2016)

49.

D. Gordon, Discrete logarithms in GF(\(p\)) using the number field sieve. SIAM J. Discret. Math. 6(1), 124–138 (1993)MathSciNetMATH

50.

R. Granger, M. Scott, Faster squaring in the cyclotomic subgroup of sixth degree extensions. in Public Key Cryptography—PKC 2010. Lecture Notes in Computer Science, vol. 6056 (2010), pp. 209–223CrossRef

51.

C.C.F. Pereira Geovandro, M.A. Simplıcio Jr., M. Naehrig, P. Barreto, A family of implementation-friendly BN elliptic curves. J. Syst. Softw. 84(8), 1319–1326 (2011)CrossRef

52.

K. Hayasaka, K. Aoki, T. Kobayashi, T. Takagi, A construction of 3-dimensional lattice sieve for number field sieve over GF(\(p^n\)). Cryptology ePrint Archive, Report 2015/1179 (2015) http://eprint.iacr.org/2014/300

53.

T. Hayashi, T. Shimoyama, N. Shinohara, T. Takagi, Breaking pairing-based cryptosystems using \(\eta _t\) pairing over GF(\(3^{97}\)), in Advances in cryptology—ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658 (2012), pp. 43–60

54.

F. Hess, N. Smart, F. Vercauteren, The Eta pairing revisited. IEEE Trans. Inf. Theory 52(10), 4595–4602 (2006)MathSciNetMATHCrossRef

55.

T. Hayashi, N. Shinohara, L. Wang, S. Matsuo, M. Shirase, T. Takagi, Solving a 676-bit discrete logarithm problem in GF(\(3^{6n}\)), in Public Key Cryptography—PKC 2010. Lecture Notes in Computer Science, vol. 6056 (2010), pp. 351–367

56.

IEEE, 1363.3-2013—IEEE standard for identity-based cryptographic techniques using pairings (2017). Can be purchased online at http://ieeexplore.ieee.org/document/6662370/

57.

ISO, Iso/iec 18033-5:2015 (2015). Can be purchased online at https://www.iso.org/obp/ui/#iso:std:59948:en

58.

J. Jeong, T. Kim, Extended tower number field sieve with application to finite fields of arbitrary composite extension degree. Cryptology ePrint Archive, Report 2016/526 (2016). http://eprint.iacr.org/2016/526

59.

A. Joux, R. Lercier, The function field sieve is quite special, in Algorithmic Number Theory Symposium—ANTS V. Lecture notes in computer science, vol. 2369 (2002), pp. 431–445

60.

A. Joux, R. Lercier, Improvements to the general number field for discrete logarithms in prime fields. Math. Comput. 72(242), 953–967 (2003)MATHCrossRef

61.

A. Joux, R. Lercier, The function field sieve in the medium prime case, in Advances in Cryptology—EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4005 (2006), pp. 254–270MATHCrossRef

62.

A. Joux, R. Lercier, N. Smart, F. Vercauteren, The number field sieve in the medium prime case, in Advances in Cryptology—CRYPTO 2006. Lecture Notes in Computer Science, vol. 4117 (2006), pp. 326–344MATH

63.

A. Joux, Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields, in Advances in cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, vol. 7881 (2013), pp. 177–193CrossRef

64.

A. Joux, C. Pierrot, The special number field sieve in \({\mathbb{F}}_{p^n}\)—application to pairing-friendly constructions, in Pairing-Based Cryptography—Pairing 2013. Lecture Notes in Computer Science, vol. 8365 (2013), pp. 45–61

65.

A. Joux, C. Pierrot, Improving the polynomial time precomputation of Frobenius representation discrete logarithm algorithms, in Advances in Cryptology—ASIACRYPT 2014. Lecture Notes in Computer Science, vol. 8873 (2014), pp. 378–397

66.

K. Karabina, Squaring in cyclotomic subgroups. Math. Comput. 82(281) (2013)MathSciNetMATHCrossRef

67.

T. Kim, R. Barbulescu, The extended tower number field sieve: A new complexity for the medium prime case, in Advances in Cryptology—CRYPTO 2016. Lecture Notes in Computer Science, vol. 9814 (2016), pp. 543–571CrossRef

68.

T. Kleinjung, J. Bos, A. Lenstra, Mersenne factorization factory, in International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, vol. 8873 (2014), pp. 358–377

69.

T. Kleinjung, C. Diem, A. Lenstra, C. Priplata, C. Stahlke, Discrete logarithms in GF(p)—768 bits (2016). Announcement available at the NMBRTHRY archives, item 004917

70.

E.J. Kachisa, E.F. Schaefer, M. Scott, Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field, in Pairing-Based Cryptography—Pairing 2008. Lecture Notes in Computer Science, vol. 5209 (2008), pp. 126–135

71.

C. Lanczos, Solution of systems of linear equations by minimized iterations. J. Res. Nat. Bur. Standards 49(1), 33–53 (1952)MathSciNetCrossRef

72.

A. Lenstra, Unbelievable security matching AES security using public key systems, in International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, vol. 2188 (2001), pp. 67–86CrossRef

73.

A. Lenstra, Unbelievable security: Matching AES security using public key systems, in Advances in cryptology—ASIACRYPT 2001. Lecture Notes in Computer Science, vol. 2248 (2001), pp. 67–86CrossRef

74.

C.H. Lim, P.J. Lee, A key recovery attack on discrete log-based schemes using a prime order subgroup, in Advances in Cryptology—CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294 (1997), pp. 249–263CrossRef

75.

A. Lenstra, H. Lenstra Jr., M. Manasse, J. Pollard, The number field sieve, in Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing. ACM (1990), pp. 564–572

76.

R. Lidl, H. Niederreiter, Finite Fields. (Cambridge University Press, 1997)

77.

B. LaMacchia, A. Odlyzko, Solving large sparse linear systems over finite fields, in Advances in Cryptology—CRYPTO 1990. Lecture Notes in Computer Science, vol. 537 (1990), pp. 109–133

78.

D. Matyukhin, Effective version of the number field sieve for discrete logarithms in the field GF\((p^k)\) (in Russian). Trudy po Discretnoi Matematike 9, 121–151 (2006)

79.

V. Miller, The Weil pairing and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)MathSciNetMATHCrossRef

80.

P. Montgomery, A block Lanczos algorithm for finding dependencies over GF(2), in Advances in Cryptology—EUROCRYPT 1995. vol. 921 (Springer, 1995), pp. 106–120

81.

D. Moody, R.C. Peralta, R.A. Perlner, A.R. Regenscheid, A.L. Roginsky, L. Chen, Report on pairing-based cryptography-2015. Can be freely downloaded from http://nvlpubs.nist.gov/nistpubs/jres/120/jres.120.002.pdf

82.

A. Menezes, P. Sarkar, S. Singh, Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography, in Paradigms in Cryptology—Mycrypt 2016. Lecture Notes in Computer Science, vol. 10311 (2016)

83.

B. Murphy, Modelling the yield of number field sieve polynomials, in Algorithmic Number Theory Symposium—ANTS III. Lecture Notes in Computer Science, vol. 1423 (1998), pp. 137–150

84.

European Network and Information Security Agency, Algorithms, key sizes and parameters report—2013 (2013)

85.

M. Naehrig, R. Niederhagen, P. Schwabe, New software speed records for cryptographic pairings, in Progress in Cryptology—LATINCRYPT 2010. Lecture Notes in Computer Science, vol. 6212 (2010), pp. 109–123

86.

National Institute of Standards and Technology (NIST), NIST special publication 800-57 part 1 (revised): recommendation for key management, part 1: General (revised), (July 2012). Publication available online at http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

87.

C. Pierrot, The multiple number field sieve with conjugation and generalized Joux-Lercier methods, in Advances in Cryptology—EUROCRYPT 2015. Lecture Notes in Computer Science, vol. 9056 (2015), pp. 156–170CrossRef

88.

M. Scott, N. Benger, M. Charlemagne, L.J. Dominguez Perez, E.J. Kachisa, On the final exponentiation for calculating pairings on ordinary elliptic curves, in Pairing-Based Cryptography—PAIRING 2009. Lecture Notes in Computer Science, , vol. 5671 (2009), pp. 78–88MATHCrossRef

89.

O. Schirokauer, Discrete logarithms and local units. Philos. Trans. R. Soc. Lond. A Math. Phys. Eng. Sci. 345(1676), 409–423 (1993)MathSciNetMATHCrossRef

90.

O. Schirokauer, Using number fields to compute logarithms in finite fields. Math. Comput. 69(231), 1267–1283 (2000)MathSciNetMATHCrossRef

91.

O. Schirokauer, The number field sieve for integers of low weight. Math. Comput. 79(269), 583–602 (2010)MathSciNetMATHCrossRef

92.

I. Semaev, Special prime numbers and discrete logs in finite prime fields. Math. Comput. 71(237), 363–377 (2002)MathSciNetMATHCrossRef

93.

N. Smart, ECRYPT II yearly report on algorithms and key sizes (2011-2012). (2012)

94.

P. Sarkar, S. Singh, Fine tuning the function field sieve algorithm for the medium prime case. IEEE Trans. Inf. Theory 62(4), 2233–2253 (2016)MathSciNetMATHCrossRef

95.

P. Sarkar, S. Singh, A generalisation of the conjugation method for polynomial selection for the extended tower number field sieve algorithm. Cryptology ePrint Archive, Report 2016/537 (2016)

96.

P. Sarkar, S. Singh, New complexity trade-offs for the (multiple) number field sieve algorithm in non-prime fields, in Annual International Conference on the Theory and Applications of Cryptographic Techniques (2016), pp. 429–458

97.

P. Sarkar, S. Singh, Tower number field sieve variant of a recent polynomial selection method. Cryptology ePrint Archive, Report 2016/401 (2016)

98.

T. Unterluggauer, E. Wenger, Efficient pairings and ECC for embedded systems, in Cryptographic Hardware and Embedded Systems—CHES 2014. Lecture Notes in Computer Science, vol. 8731 (2014), pp. 298–315MATHCrossRef

99.

F. Vercauteren, Optimal pairings. IEEE Trans. Inf. Theory 56, 455–461 (2009)MathSciNetMATHCrossRef

100.

F. Valette, R. Lercier, P.-A. Fouque, D. Réal, Fault attack on elliptic curve Montgomery ladder implementation, in 5th Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE (2008), pp. 92–98

101.

D. Wiedemann, Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32(1), 54–62 (1986)MathSciNetMATHCrossRef

102.

P. Zajac, On the use of the lattice sieve in the 3D NFS. Tatra Mountains Mathematical Publications 45(1), 161–172 (2010)MathSciNetMATHCrossRef

103.

X. Zhang, D. Lin, Analysis of optimum pairing products at high security levels, in Progress in Cryptology—INDOCRYPT 2012. Lecture Notes in Computer Science, vol. 7668 (2012), pp. 412–430

Titel: Updating Key Size Estimations for Pairings
verfasst von: Razvan Barbulescu
Sylvain Duquesne
Publikationsdatum: 29.01.2018
Verlag: Springer US
Erschienen in: Journal of Cryptology / Ausgabe 4/2019
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-018-9280-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2019

Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64

Fully Secure Functional Encryption with a Large Class of Relations from the Decisional Linear Assumption

Efficient Dissection of Bicomposite Problems with Cryptanalytic Applications

Constant-Round Maliciously Secure Two-Party Computation in the RAM Model

White-Box Cryptography: Don’t Forget About Grey-Box Attacks

Classical Leakage Resilience from Fault-Tolerant Quantum Computation