Cryptology ePrint Archive: Report 2020/329

Asymptotic complexities of discrete logarithm algorithms in pairing-relevant finite fields

Gabrielle De Micheli and Pierrick Gaudry and CÚcile Pierrot

Abstract: We study the discrete logarithm problem at the boundary case between small and medium characteristic finite fields, which is precisely the area where finite fields used in pairing-based cryptosystems live. In order to evaluate the security of pairing-based protocols, we thoroughly analyze the complexity of all the algorithms that coexist at this boundary case: the Quasi-Polynomial algorithms, the Number Field Sieve and its many variants, and the Function Field Sieve. We adapt the latter to the particular case where the extension degree is composite, and show how to lower the complexity by working in a shifted function field. All this study finally allows us to give precise values for the characteristic asymptotically achieving the highest security level for pairings. Surprisingly enough, there exist special characteristics that are as secure as general ones.

Category / Keywords: public-key cryptography / discrete logarithm problem, pairing, number field sieve, function field sieve

Original Publication (with minor differences): IACR-CRYPTO-2020

Date: received 17 Mar 2020, last revised 18 Aug 2020

Contact author: pierrick gaudry at loria fr,cecile pierrot@inria fr, gabrielle de-micheli@inria fr

Available format(s): PDF | BibTeX Citation

Note: This version is the version of our article published at Crypto 2020 to which we added 4 pages of appendix.

Version: 20200818:110002 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]