Hostname: page-component-84b7d79bbc-tsvsl Total loading time: 0 Render date: 2024-07-26T07:30:36.482Z Has data issue: false hasContentIssue false
  • English
  • Français

Traps to the BGJT-algorithm for discrete logarithms

Part of: Computational number theory

Published online by Cambridge University Press:  01 August 2014

Qi Cheng ,
Daqing Wan  and
Jincheng Zhuang
Qi Cheng
Affiliation:
School of Computer Science, University of Oklahoma, Norman, OK, USA email qcheng@cs.ou.edu
Daqing Wan
Affiliation:
Department of Mathematics, University of California, Irvine, CA, USA email dwan@math.uci.edu
Jincheng Zhuang
Affiliation:
School of Computer Science, University of Oklahoma, Norman, OK, USA email jzhuang@ou.edu

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

In the recent breakthrough paper by Barbulescu, Gaudry, Joux and Thomé, a quasi-polynomial time algorithm is proposed for the discrete logarithm problem over finite fields of small characteristic. The time complexity analysis of the algorithm is based on several heuristics presented in their paper. We show that some of the heuristics are problematic in their original forms, in particular when the field is not a Kummer extension. We propose a fix to the algorithm in non-Kummer cases, without altering the heuristic quasi-polynomial time complexity. Further study is required in order to fully understand the effectiveness of the new approach.

MSC classification

Secondary: 11Y16: Algorithms; complexity
Type
Research Article
Information
LMS Journal of Computation and Mathematics , Volume 17 , Special Issue A: Algorithmic Number Theory Symposium XI , 2014 , pp. 218 - 229
Copyright
© The Author(s) 2014 

References

Adleman, L. M., ‘A subexponential algorithm for the discrete logarithm problem with applications to cryptography’, Proc. 20th IEEE Symp. on Foundations of Comp. Science (IEEE, 1979) 5560.Google Scholar
Adleman, L. M., ‘The function field sieve’, Algorithmic number theory, Lecture Notes in Computer Science 877 (eds Adleman, L. M. and Huang, M. D. A.; Springer, 1994) 108121.Google Scholar
Barbulescu, R., Gaudry, P., Joux, A. and Thomé, E., ‘A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic’, Cryptology ePrint Archive, Report 2013/400, 2013.Google Scholar
Coppersmith, D., ‘Fast evaluation of logarithms in fields of characteristic two’, IEEE Trans. Inform. Theory 30 (1984) no. 4, 587594.Google Scholar
Diffie, W. and Hellman, M. E., ‘New directions in cryptography’, IEEE Trans. Inform. Theory 6 (1976) 644654.CrossRefGoogle Scholar
ElGamal, T., ‘A public key cryptosystem and a signature scheme based on discrete logarithms’, IEEE Trans. Inform. Theory 33 (1985) 469472.CrossRefGoogle Scholar
Enge, A., ‘A general framework for subexponential discrete logarithm algorithms in groups of unknown order’, Finite geometries, Developments in Mathematics 3 (eds Blokhuis, A., Hirschfeld, J. W. P., Jungnickel, D. and Thas, J. A.; Kluwer, 2001) 133146.Google Scholar
Göloglu, F., Granger, R., McGuire, G. and Zumbrägel, J., ‘On the function field sieve and the impact of higher splitting probabilities’, Advances in cryptology – CRYPTO 2013, Lecture Notes in Computer Science 8043 (eds Canetti, R. and Garay, J. A.; Springer, 2013) 109128.CrossRefGoogle Scholar
Gordon, D. M., ‘Discrete logarithms in GF(p) using the number field sieve’, SIAM J. Discrete Math. 6 (1993) no. 1, 124138.CrossRefGoogle Scholar
Huang, M.-D. and Narayanan, A. K., ‘Finding primitive elements in finite fields of small characteristic’, CoRR (2013) Preprint, 2013, arXiv:1304.1206 [cs.DM].Google Scholar
Joux, A., ‘Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields’, Advances in cryptology – EUROCRYPT 2013, Lecture Notes in Computer Science 7881 (eds Johansson, T. and Nguyen, P. Q.; Springer, 2013) 177193.CrossRefGoogle Scholar
Joux, A., ‘A new index calculus algorithm with complexity $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}{L}(1/4+o(1))$ in very small characteristic’, Cryptology ePrint Archive, Report 2013/095, 2013.Google Scholar
Joux, A. and Lercier, R., ‘The function field sieve in the medium prime case’, Advances in cryptology – EUROCRYPT 2006, Lecture Notes in Computer Science 4004 (ed. Vaudenay, S.; Springer, 2006) 254270.CrossRefGoogle Scholar
Joux, A., Lercier, R., Smart, N. and Vercauteren, F., ‘The number field sieve in the medium prime case’, Advances in cryptology – CRYPTO 2006, Lecture Notes in Computer Science 4117 (Springer, 2006) 326344.CrossRefGoogle Scholar
Merkle, R., ‘Secrecy, authentication, and public key systems’, PhD Thesis, Stanford University, 1979.Google Scholar
Panario, D., Gourdon, X. and Flajolet, P., ‘An analytic approach to smooth polynominals over finite fields’, Algorithmic number theory, Lecture Notes in Computer Science 1423 (ed. Buhler, J.; Springer, 1998) 226236.CrossRefGoogle Scholar
Pollard, J., ‘Monte Carlo methods for index computations (mod p)’, Math. Comp. 32 (1978) no. 143, 918924.Google Scholar
Wan, D., ‘Generators and irreducible polynomials over finite fields’, Math. Comp. 66 (1997) no. 219, 11951212.CrossRefGoogle Scholar