## Cryptology ePrint Archive: Report 2020/329

Asymptotic complexities of discrete logarithm algorithms in pairing-relevant finite fields

Gabrielle De Micheli and Pierrick Gaudry and Cécile Pierrot

Abstract: We study the discrete logarithm problem at the boundary case between small and medium characteristic finite fields, which is precisely the area where finite fields used in pairing-based cryptosystems live. In order to evaluate the security of pairing-based protocols, we thoroughly analyze the complexity of all the algorithms that coexist at this boundary case: the Quasi-Polynomial algorithms, the Number Field Sieve and its many variants, and the Function Field Sieve. We adapt the latter to the particular case where the extension degree is composite, and show how to lower the complexity by working in a shifted function field. All this study finally allows us to give precise values for the characteristic asymptotically achieving the highest security level for pairings. Surprisingly enough, there exist special characteristics that are as secure as general ones.

Category / Keywords: public-key cryptography / discrete logarithm problem, pairing, number field sieve, function field sieve

Date: received 17 Mar 2020

Contact author: pierrick gaudry at loria fr

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/329

[ Cryptology ePrint archive ]