Journal of Algorithms
Low-Weight Polynomial Form Integers for Efficient Modular Multiplication
IEEE Transactions on Computers
Journal of Algorithms
Solving a 676-bit discrete logarithm problem in GF(36n)
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Pairing-Based cryptography at high security levels
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
| Hi-index | 0.00 |
Let p be a prime number and n a positive integer, and let q=pn. Adleman and Huang [Inform. and Comput., 151 (1999), pp. 5--16] have described a version of the function field sieve which is conjectured to compute a logarithm in the field of q elements in expected time Lq[1/3;(32/9)1/3+o(1)], where Lq[s;c]=exp(c(log q)s(log log q)1-s) and the o(1) is for $q\to\infty$ under the constraint that p6\leq n$. In this paper, we present a modification of their method which runs conjecturally in expected time Lq[1/3;(32/9)1/3+o(1)] so long as $q\to\infty$ with $p\leq n^{o(\sqrt{n})}$. The technique we use can also be applied to the special number field sieve and results in an algorithm which, in expected time Lp[1/3;(32/9)1/3+o(1)], is conjectured to compute a logarithm in a prime field whose cardinality p is of the form $r^e-s$, with r and s small in absolute value.