Computing Discrete Logarithms in F36*137 using Magma

We show that a Magma implementation of Joux's new L(1/4) algorithm can be used to compute discrete logarithms in the 1303-bit finite field F36·137 with very modest computational resources. Our implementation illustrates the effectiveness of Joux's algorithm for computing discrete logarithms in small-characteristic finite fields which are not Kummer or twisted-Kummer extensions.

[1]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[2]  Faruk Göloglu,et al.  On the Function Field Sieve and the Impact of Higher Splitting Probabilities: Application to Discrete Logarithms in F21971 , 2013, IACR Cryptol. ePrint Arch..

[3]  D. Coppersmith Solving homogeneous linear equations over GF (2) via block Wiedemann algorithm , 1994 .

[4]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[5]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[6]  Martijn Stam,et al.  Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three , 2005, IEEE Transactions on Computers.

[7]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.

[8]  Antoine Joux,et al.  The Function Field Sieve in the Medium Prime Case , 2006, EUROCRYPT.

[9]  Antoine Joux,et al.  A New Index Calculus Algorithm with Complexity $$L(1/4+o(1))$$ in Small Characteristic , 2013, Selected Areas in Cryptography.

[10]  Tsuyoshi Takagi,et al.  Key Length Estimation of Pairing-Based Cryptosystems Using η T Pairing , 2012, ISPEC.

[11]  Tsuyoshi Takagi,et al.  Breaking Pairing-Based Cryptosystems Using η T Pairing over GF(397) , 2012, ASIACRYPT.

[12]  Francisco Rodríguez-Henríquez,et al.  Weakness of 𝔽66·1429 and 𝔽24·3041 for discrete logarithm cryptography , 2013, Finite Fields Their Appl..

[13]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[14]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[15]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[16]  Jérémie Detrey,et al.  Discrete Logarithm in GF(2809) with FFS , 2014, Public Key Cryptography.

[17]  S. Vanstone,et al.  Computing Logarithms in Finite Fields of Characteristic Two , 1984 .

[18]  Faruk Göloglu,et al.  Solving a 6120 -bit DLP on a Desktop Computer , 2013, Selected Areas in Cryptography.

[19]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.