[Resource Topic] 2013/446: Weakness of F_{3^{6*509}} for Discrete Logarithm Cryptography

Welcome to the resource topic for 2013/446

Title:
Weakness of F_{3^{6*509}} for Discrete Logarithm Cryptography

Authors: Gora Adj, Alfred Menezes, Thomaz Oliveira, Francisco Rodríguez-Henríquez

Abstract:

In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F_{3^{6*509}} = F_{3^{3054}} weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previous fastest algorithms. Our concrete analysis shows that the supersingular elliptic curve over F_{3^{509}} with embedding degree 6 that had been considered for implementing pairing-based cryptosystems at the 128-bit security level in fact provides only a significantly lower level of security. Our work provides a convenient framework and tools for performing a concrete analysis of the new discrete logarithm algorithms and their variants.

ePrint: https://eprint.iacr.org/2013/446

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .