Paper 2013/446
Weakness of $\mbox{${\mathbb F}$}_{3^{6 \cdot 509}}$ for Discrete Logarithm Cryptography
Gora Adj and Alfred Menezes and Thomaz Oliveira and Francisco Rodríguez-Henríquez
Abstract
In 2013, Joux, and then Barbulescu, Gaudry, Joux and Thomé, presented new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field $\Fmain = \FF_{3^{3054}}$ weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previous fastest algorithms. Our concrete analysis shows that the supersingular elliptic curve over $\FF_{3^{509}}$ with embedding degree 6 that had been considered for implementing pairing-based cryptosystems at the 128-bit security level in fact provides only a significantly lower level of security.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Contact author(s)
- francisco @ cs cinvestav mx
- History
- 2013-12-01: last of 5 revisions
- 2013-07-22: received
- See all versions
- Short URL
- https://ia.cr/2013/446
- License
-
CC BY