D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green et al., Imperfect Forward Secrecy, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pp.5-17, 2015.
DOI : 10.1007/3-540-68339-9_29

URL : https://hal.archives-ouvertes.fr/hal-01184171

K. Aoki, J. Franke, T. Kleinjung, A. K. Lenstra, and D. A. Osvik, A Kilobit Special Number Field Sieve Factorization, Advances in Cryptology ? ASIACRYPT 2007, pp.1-12, 2007.
DOI : 10.1007/978-3-540-76900-2_1

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Ball, J. Borger, and G. Greenwald, Revealed: how US and UK spy agencies defeat internet privacy and security. The Guardian Online: https, 2013.

R. Barbulescu, Algorithmes de logarithmes discrets dans les corps finis, 2013.
URL : https://hal.archives-ouvertes.fr/tel-00925228

E. Barker and A. Roginsky, Transitions: Recommendation for transitioning the use of cryptographic algorithms and key lengths National Institute of Standards and Technology, pp.800-131, 2011.
DOI : 10.6028/NIST.SP.800-131a

B. Beckerman and G. Labahn, A Uniform Approach for the Fast Computation of Matrix-Type Pad?? Approximants, SIAM Journal on Matrix Analysis and Applications, vol.15, issue.3, pp.804-823, 1994.
DOI : 10.1137/S0895479892230031

D. J. Bernstein, T. Chou, C. Chuengsatiansup, A. Hülsing, E. Lambooij et al., How to Manipulate Curve Standards: A White Paper for the Black Hat http://bada55.cr.yp.to, Security Standardisation Research -Second International Conference, pp.109-139, 2015.
DOI : 10.1007/978-3-662-48324-4_5

S. Checkoway, M. Fredrikson, R. Niederhagen, A. Everspaugh, M. Green et al., On the practical exploitability of Dual EC in TLS implementations, Proceedings of USENIX Security 2014, pp.319-354, 2014.

S. Checkoway, J. Maskiewicz, C. Garman, J. Fried, S. Cohney et al., A Systematic Analysis of the Juniper Dual EC Incident, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.468-479, 2016.
DOI : 10.1145/2508859.2516706

A. Commeine and I. Semaev, An Algorithm to Solve the Discrete Logarithm Problem with the Number Field Sieve, PKC 2006, pp.174-190, 2006.
DOI : 10.1007/11745853_12

D. Coppersmith, Modifications to the Number Field Sieve, Journal of Cryptology, vol.6, issue.3, pp.169-180, 1993.
DOI : 10.1007/BF00198464

D. Coppersmith, Solving Homogeneous Linear Equations Over GF(2) via Block Wiedemann Algorithm, Mathematics of Computation, vol.62, issue.205, pp.333-350, 1994.
DOI : 10.2307/2153413

Y. Desmedt, P. Landrock, A. K. Lenstra, K. S. Mccurley, A. M. Odlyzko et al., The Eurocrypt '92 controversial issue: Trapdoor primes and moduli (panel), Lecture Notes in Comput. Sci, vol.658, issue.92, pp.194-199, 1993.

Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman, A Search Engine Backed by Internet-Wide Scanning, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pp.542-553, 2015.
DOI : 10.14722/ndss.2015.23162

A. Enge, P. Gaudry, and E. Thomé, An L(1/3) Discrete Logarithm Algorithm for Low Degree Curves, Journal of Cryptology, vol.68, issue.226, pp.24-41, 2011.
DOI : 10.1090/S0025-5718-01-01352-7

URL : https://hal.archives-ouvertes.fr/inria-00135324

M. Friedl, N. Provos, T. De-raadt, K. Steves, D. Miller et al., Announce: OpenSSH 7.0 released, 2015.

P. Giorgi and R. Lebreton, Online order basis algorithm and its impact on the block Wiedemann algorithm, Proceedings of the 39th International Symposium on Symbolic and Algebraic Computation, ISSAC '14, pp.202-209, 2014.
DOI : 10.1145/2608628.2608647

URL : https://hal.archives-ouvertes.fr/lirmm-01232873

D. M. Gordon, Designing and Detecting Trapdoors for Discrete Log Cryptosystems, Lecture Notes in Comput. Sci, vol.740, issue.92, pp.66-75, 1993.
DOI : 10.1007/3-540-48071-4_5

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. M. Gordon, Discrete Logarithms in $GF ( P )$ Using the Number Field Sieve, SIAM Journal on Discrete Mathematics, vol.6, issue.1, pp.124-138, 1993.
DOI : 10.1137/0406010

A. Joux and R. Lercier, Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method, Mathematics of Computation, vol.72, issue.242, pp.953-967, 2003.
DOI : 10.1090/S0025-5718-02-01482-5

URL : https://hal.archives-ouvertes.fr/hal-01102016

A. Joux and C. Pierrot, Nearly sparse linear algebra and application to discrete logarithms computations, Contemporary Developments in Finite Fields and Applications, pp.119-144, 2016.
DOI : 10.1142/9789814719261_0008

URL : https://hal.archives-ouvertes.fr/hal-01301496

J. Networks, 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS, 2015.

E. Kaltofen, Analysis of Coppersmith's block Wiedemann algorithm for the parallel solution of sparse linear systems, Math. Comp, vol.64, issue.210, pp.777-806, 1995.

T. Kleinjung, K. Aoki, J. Franke, A. K. Lenstra, E. Thomé et al., Factorization of a 768-Bit RSA Modulus, Lecture Notes in Comput. Sci, vol.6223, pp.333-350, 2010.
DOI : 10.1007/978-3-642-14623-7_18

URL : https://hal.archives-ouvertes.fr/inria-00444693

T. Kleinjung, C. Diem, A. K. Lenstra, C. Priplata, and C. Stahlke, Discrete logarithms in GF(p) ? 768 bits. E-mail on the NMBRTHRY mailing list, 2016.

J. Larson, N. Perlroth, and S. Shane, Revealed: The NSA's secret campaign to crack, undermine internet security. ProPublica Online: https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption, 2013.

A. K. Lenstra, Constructing trapdoor primes for the proposed DSS, 1991.

A. K. Lenstra, H. W. Lenstra, and J. , The development of the number field sieve, Lecture Notes in Math, vol.1554, 1993.
DOI : 10.1007/BFb0091534

M. Lepinski and S. Kent, Additional Diffie-Hellman groups for use with IETF standards, 2010.
DOI : 10.17487/rfc5114

C. H. Lim and P. J. Lee, Generating efficient primes for discrete log cryptosystems, 2006.

D. V. Matyukhin, On asymptotic complexity of computing discrete logarithms over GF(p), Discrete Mathematics and Applications, vol.58, issue.2, pp.27-50, 2003.
DOI : 10.1007/BF01457454

A. J. Menezes, P. C. Van-oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, 1997.
DOI : 10.1201/9781439821916

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

B. A. Murphy, Polynomial selection for the number field sieve integer factorisation algorithm, 1999.

H. Orman, The Oakley key determination protocol. RFC 2412, 1998.
DOI : 10.17487/rfc2412

N. Perlroth, J. Larson, and S. N. Shane, able to foil basic safeguards of privacy on Web. The New York Times, 2013.

C. Pomerance, Analysis and comparison of some integer factoring algorithms, Computational methods in number theory, pp.89-140, 1982.

R. Rivest, M. Hellman, J. C. Anderson, and J. W. Lyons, Responses to NIST's proposal, Communications of the ACM, vol.35, issue.7, pp.41-54, 1992.
DOI : 10.1145/129902.129905

O. Schirokauer, Discrete logarithms and local units Re: NIST announces set of Elliptic Curves. sci.crypt newsgroup posting dated, Philos. Trans. Roy. Soc. London Ser. A 47. M. Scott, vol.17, pp.345409-423, 1676.
DOI : 10.1098/rsta.1993.0139

I. A. Semaev, Special prime numbers and discrete logs in finite prime fields, Mathematics of Computation, vol.71, issue.237, pp.363-377, 2002.
DOI : 10.1090/S0025-5718-00-01308-9

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. E. Smid and D. K. Branstad, Response to Comments on the NIST Proposed Digital Signature Standard, CRYPTO'92, pp.76-88, 1993.
DOI : 10.1007/3-540-48071-4_6

C. The and . Team, CADO-NFS, An Implementation of the Number Field Sieve Algorithm, 2016.

E. Thomé, Subquadratic Computation of Vector Generating Polynomials and Improvement of the Block Wiedemann Algorithm, Journal of Symbolic Computation, vol.33, issue.5, pp.757-775, 2002.
DOI : 10.1006/jsco.2002.0533

L. Valenta, D. Adrian, A. Sanso, S. Cohney, J. Fried et al., The most dangerous groups in the world: Exploiting DSA groups for Diffie-Hellman, 2016.