An appendix for a recent paper of Kim

This note can be seen as an appendix of a recent paper of Kim [Kim15]. We show that the discrete logarithm problem in fields FQ where Q = p with p of medium size and n having a factor of the good size (specified in the article) has a complexity of LQ(1/3, 3 √ 48/9). We propose here a variant of NFS which combines exTNFS with the Conjugation method of polynomial selection. Let Q = p where n = ηk for some integers k and η with k = (12−1/3 + o(1))( logQ log logQ ). Then we select a field Q(ι) of degree η where p is inert; call h the minimal polynomial of ι over Q. Next we use the Conjugation method to construct two polynomials f and g in Z[x], irreducible, with a common irreducible factor of degree k modulo p such that: – deg(f) = 2k and ‖f‖∞ = O(log k); – deg(g) = k and ‖g‖∞ = p 1/2 = Q. We sieve on pairs (a(ι), b(ι)) where a(t), b(t) ∈ Z[t] are such that ‖a‖∞ ,‖b‖∞ ≤ A for a parameter A to be chosen. Then we continue the algorithm as in Kim’s exTNFS. Fact 1 If Q = p is a prime power so that – p = LQ(α, c) with 1/3 < α < 2/3 or α = 2/3 and c ≤ 12−1/3; – n has a divisor k = (12−1/3 + o(1))( logQ log logQ ). Then the discrete logarithm in FQ has complexity = LQ(1/3, 3 √ 48/9) In the following Kf = Q(αf ) and respectively Kg = Q(αg) are the extensions of Q(ι) by f and respectively g. Let E be a parameter to be chosen and put A = E. By Theorem 3 in [BGK15], we have |NKf/Q(a(ι)− b(ι)αf )| < A O(log k)O(log η)C(η, 2k), |NKg/Q(a(ι)− b(ι)αg)| < A (Q)O(log η)C(η, k), and then |NKf/Q(a(ι)−b(ι)αf )|·|NKg/Q(a(ι)−b(ι)αg)| < E QC(η, 2k). (1)