Abstract : The security of torus-based and pairing-based cryptography relies on the difficulty of computing discrete logarithms in small degree extensions of finite fields of large characteristic. It has already been shown that for degrees 2 and 3, the discrete logarithm problem is not as hard as once thought. We address the question of degree 6 and aim at providing real-life timings for such problems. We report on a record DL computation in a 132-bit subgroup of $GF(p^6)$ for a 22-decimal digit prime, with $p^6$ having 422 bits. The previous record was for a 79-bit subgroup in a 240-bit field. We used NFS-DL with a sieving phase over degree 2 polynomials, instead of the more classical degree 1 case. We show how to improve many parts of the NFS-DL algorithm to reach this target.
https://hal.inria.fr/hal-01624662
Contributeur : Laurent Grémy
<>
Soumis le : jeudi 26 octobre 2017 - 16:03:48
Dernière modification le : jeudi 11 janvier 2018 - 06:27:51
Document(s) archivé(s) le : samedi 27 janvier 2018 - 14:01:54
Laurent Grémy, Aurore Guillevic, François Morain, Emmanuel Thomé. Computing discrete logarithms in $GF(p^6)$. 24th Annual Conference on Selected Areas in Cryptography, Aug 2017, Ottawa, Canada. 2017, 〈http://sacworkshop.org/SAC17/SAC2017.htm〉. 〈hal-01624662〉
