Weakness of 𝔽36·509 for Discrete Logarithm Cryptography
نویسندگان
چکیده
In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F36·509 = F33054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previous fastest algorithms. Our concrete analysis shows that the supersingular elliptic curve over F3509 with embedding degree 6 that had been considered for implementing pairing-based cryptosystems at the 128-bit security level in fact provides only a significantly lower level of security. Our work provides a convenient framework and tools for performing a concrete analysis of the new discrete logarithm algorithms and their variants.
منابع مشابه
Weakness of F36·509 for Discrete Logarithm Cryptography
In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F36·509 = F33054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previo...
متن کاملThe new protocol blind digital signature based on the discrete logarithm problem on elliptic curve
In recent years it has been trying that with regard to the question of computational complexity of discrete logarithm more strength and less in the elliptic curve than other hard issues, applications such as elliptic curve cryptography, a blind digital signature method, other methods such as encryption replacement DLP. In this paper, a new blind digital signature scheme based on elliptic curve...
متن کاملWeakness of 𝔽66·1429 and 𝔽24·3041 for discrete logarithm cryptography
In 2013, Joux and then Barbulescu et al. presented new algorithms for computing discrete logarithms in finite fields of small characteristic. Shortly thereafter, Adj et al. presented a concrete analysis showing that, when combined with some steps from classical algorithms, the new algorithms render the finite field F36·509 weak for pairing-based cryptography. Granger and Zumbrägel then presente...
متن کاملComputing Discrete Logarithms in 𝔽36...137 and 𝔽36...163 Using Magma
We show that a Magma implementation of Joux’s new L[1/4] algorithm can be used to compute discrete logarithms in the 1303-bit finite field F36·137 and the 1551-bit finite field F36·163 with very modest computational resources. Our F36·137 implementation was the first to illustrate the effectiveness of Joux’s algorithm for computing discrete logarithms in small-characteristic finite fields that ...
متن کاملCryptanalysis of A Self-Certified Threshold Proxy Signature Scheme Ased on Elliptic Curve Discrete Logarithm Problem
Digital signatures based on self-certified public key systems are more efficient because the authentication of the users’ public keys can be implicitly accomplished with the signature verification. In 2009, Xue et al. proposed first self-certified threshold proxy signature scheme based on the elliptic curve discrete logarithm problem (ECDLP). In this paper, we show that Xue et al.’s scheme can ...
متن کامل