Function field sieve method for discrete logarithms over finite fields
Information and Computation
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Efficient Algorithms for Pairing-Based Cryptosystems
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
Strategies in Filtering in the Number Field Sieve
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
Hardware Implementation of Finite Fields of Characteristic Three
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
The Function Field Sieve Is Quite Special
ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
Hardware and Software Normal Basis Arithmetic for Pairing-Based Cryptography in Characteristic Three
IEEE Transactions on Computers
A comparison of MNT curves and supersingular curves
Applicable Algebra in Engineering, Communication and Computing
Efficient pairing computation on supersingular Abelian varieties
Designs, Codes and Cryptography
Software Implementation of Arithmetic in
WAIFI '07 Proceedings of the 1st international workshop on Arithmetic of Finite Fields
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Algorithms and Arithmetic Operators for Computing the ηT Pairing in Characteristic Three
IEEE Transactions on Computers
Experiments on the linear algebra step in the number field sieve
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Explicit formulas for efficient multiplication in F36m
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Factorization of a 768-bit RSA modulus
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Efficient hardware for the tate pairing calculation in characteristic three
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Solving a 676-bit discrete logarithm problem in GF(36n)
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
The function field sieve in the medium prime case
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Key length estimation of pairing-based cryptosystems using ηT pairing
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Key length estimation of pairing-based cryptosystems using ηT pairing
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Breaking pairing-based cryptosystems using ηT pairing over GF(397)
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
The security of pairing-based cryptosystems depends on the difficulty of the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the ηT pairing over supersingular curves on finite fields whose characteristic is 3. Indeed many high-speed implementations of this pairing have been reported, and it is an attractive candidate for practical deployment of pairing-based cryptosystems. The embedding degree of the ηT pairing is 6, so we deal with the difficulty of a DLP over the finite field GF(36n), where the function field sieve (FFS) is known as the asymptotically fastest algorithm of solving it. Moreover, several efficient algorithms are employed for implementation of the FFS, such as the large prime variation. In this paper, we estimate the time complexity of solving the DLP for the extension degrees n=97,163, 193,239,313,353,509, when we use the improved FFS. To accomplish our aim, we present several new computable estimation formulas to compute the explicit number of special polynomials used in the improved FFS. Our estimation contributes to the evaluation for the key length of pairing-based cryptosystems using the ηT pairing.