Paper 2020/329

Asymptotic complexities of discrete logarithm algorithms in pairing-relevant finite fields

Gabrielle De Micheli, Pierrick Gaudry, and Cécile Pierrot


We study the discrete logarithm problem at the boundary case between small and medium characteristic finite fields, which is precisely the area where finite fields used in pairing-based cryptosystems live. In order to evaluate the security of pairing-based protocols, we thoroughly analyze the complexity of all the algorithms that coexist at this boundary case: the Quasi-Polynomial algorithms, the Number Field Sieve and its many variants, and the Function Field Sieve. We adapt the latter to the particular case where the extension degree is composite, and show how to lower the complexity by working in a shifted function field. All this study finally allows us to give precise values for the characteristic asymptotically achieving the highest security level for pairings. Surprisingly enough, there exist special characteristics that are as secure as general ones.

Note: This version is the version of our article published at Crypto 2020 to which we added 4 pages of appendix.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in CRYPTO 2020
discrete logarithm problempairingnumber field sievefunction field sieve
Contact author(s)
pierrick gaudry @ loria fr
cecile pierrot @ inria fr
gabrielle de-micheli @ inria fr
2020-11-05: last of 4 revisions
2020-03-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gabrielle De Micheli and Pierrick Gaudry and Cécile Pierrot},
      title = {Asymptotic complexities of discrete logarithm algorithms in pairing-relevant finite fields},
      howpublished = {Cryptology ePrint Archive, Paper 2020/329},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.