Abstract
In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field double-struck F36.509 = double-struck F33054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previous fastest algorithms. Our concrete analysis shows that the supersingular elliptic curve over double-struck F3509 with embedding degree 6 that had been considered for implementing pairing-based cryptosystems at the 128-bit security level in fact provides only a significantly lower level of security. Our work provides a convenient framework and tools for performing a concrete analysis of the new discrete logarithm algorithms and their variants. © 2014 Springer International Publishing.
Cite
CITATION STYLE
Adj, G., Menezes, A., Oliveira, T., & Rodríguez-Henríquez, F. (2014). Weakness of double-struck F36.509 for discrete logarithm cryptography. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8365 LNCS, pp. 20–44). https://doi.org/10.1007/978-3-319-04873-4_2
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
