Computation of a 768-Bit Prime Field Discrete Logarithm

This paper reports on the number field sieve computation of a 768-bit prime field discrete logarithm, describes the different parameter optimizations and resulting algorithmic changes compared to the factorization of a 768-bit RSA modulus, and briefly discusses the cryptologic relevance of the result.

[1]  Arjen K. Lenstra,et al.  Ron was wrong, Whit is right , 2012, IACR Cryptol. ePrint Arch..

[2]  Antoine Joux,et al.  Improving the Polynomial time Precomputation of Frobenius Representation Discrete Logarithm Algorithms - Simplified Setting for Small Characteristic Finite Fields , 2014, IACR Cryptol. ePrint Arch..

[3]  Arjen K. Lenstra,et al.  Factoring by Electronic Mail , 1990, EUROCRYPT.

[4]  M. Don Zagier Théorie des nombres , 2008 .

[5]  Carl Pomerance,et al.  A Tale of Two Sieves , 1998 .

[6]  Arjen K. Lenstra,et al.  On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography , 2009, IACR Cryptol. ePrint Arch..

[7]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[8]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[9]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[10]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[11]  A. K. Lenstra,et al.  Addendum: “The factorization of the ninth Fermat number” [Math. Comp. 61 (1993), no. 203, 319–349; MR1182953 (93k:11116)] , 1995 .

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  H. Lenstra,et al.  Factoring integers with the number field sieve , 1993 .

[14]  Joan E. Adamo,et al.  2409 , 2017, Journal of Clinical and Translational Science.

[15]  E. Kaltofen Analysis of Coppersmith's block Wiedemann algorithm for the parallel solution of sparse linear systems , 1995 .

[16]  Don Coppersmith Modifications to the Number Field Sieve , 2004, Journal of Cryptology.

[17]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[18]  Arjen K. Lenstra,et al.  Unbelievable Security. Matching AES Security Using Public Key Systems , 2001, ASIACRYPT.

[19]  A. K. Lenstra,et al.  The factorization of the ninth Fermat number , 1993 .

[20]  Leonard M. Adleman,et al.  A subexponential algorithm for the discrete logarithm problem with applications to cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[21]  Arjen K. Lenstra,et al.  Mersenne Factorization Factory , 2014, ASIACRYPT.

[22]  T. Wirth,et al.  Proving the Primality of Very Large Numbers with fastECPP , 2004, ANTS.

[23]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[24]  Antoine Joux,et al.  Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method , 2003, Math. Comput..

[25]  Arjen K. Lenstra,et al.  A heterogeneous computing environment to solve the 768-bit RSA challenge , 2010, Cluster Computing.

[26]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[27]  D. Coppersmith Solving homogeneous linear equations over GF (2) via block Wiedemann algorithm , 1994 .

[28]  Daniel M. Gordon,et al.  Discrete Logarithms in GF(P) Using the Number Field Sieve , 1993, SIAM J. Discret. Math..

[29]  Oliver Schirokauer Virtual logarithms , 2005, J. Algorithms.

[30]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.