Cryptology ePrint Archive: Report 2016/727

Improvements on the Individual Logarithm Step in Extended Tower Number Field Sieve

Yuqing Zhu and Jincheng Zhuang and Chang Lv and Dongdai Lin

Abstract: The hardness of discrete logarithm problem over finite fields is the foundation of many cryptographic protocols. When the characteristic of the finite field is medium or large, the state-of-art algorithms for solving the corresponding problem are the number field sieve and its variants. There are mainly three steps in such algorithms: polynomial selection, factor base logarithms computation, and individual logarithm computation. Note that the former two steps can be precomputed for fixed finite field, and the database containing factor base logarithms can be used by the last step for many times. In certain application circumstances, such as Logjam attack, speeding up the individual logarithm step is vital.

In this paper, we devise a method to improve the individual logarithm step by exploring subfield structures. Our method is based on the extended tower number field sieve algorithm, and achieves more significant improvement when the extension degree has a large proper factor. We also perform some experiments to illustrate our algorithm and confirm the result.

Category / Keywords: Discrete logarithm problem, extended tower number field sieve, individual logarithm, smoothing phase

Date: received 23 Jul 2016, last revised 2 Sep 2016

Contact author: zhuangjincheng at iie ac cn

Available format(s): PDF | BibTeX Citation

Note: In this version, we removed the second problematic algorithm in the last version.

Version: 20160902:090712 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]