Results 1 
8 of
8
The function field sieve in the medium prime case
 Advances in Cryptology – EUROCRYPT 2006, LNCS 4004 (2006
"... Abstract. In this paper, we study the application of the function field sieve algorithm for computing discrete logarithms over finite fields of the form Fqn when q is a mediumsized prime power. This approach is an alternative to a recent paper of Granger and Vercauteren for computing discrete logar ..."
Abstract

Cited by 27 (8 self)
 Add to MetaCart
Abstract. In this paper, we study the application of the function field sieve algorithm for computing discrete logarithms over finite fields of the form Fqn when q is a mediumsized prime power. This approach is an alternative to a recent paper of Granger and Vercauteren for computing discrete logarithms in tori, using efficient torus representations. We show that when q is not too large, a very efficient L(1/3) variation of the function field sieve can be used. Surprisingly, using this algorithm, discrete logarithms computations over some of these fields are even easier than computations in the prime field and characteristic two field cases. We also show that this new algorithm has security implications on some existing cryptosystems, such as torus based cryptography in T30, short signature schemes in characteristic 3 and cryptosystems based on supersingular abelian varieties. On the other hand, cryptosystems involving larger basefields and smaller extension degrees, typically of degree at most 6, such as LUC, XTR or T6 torus cryptography, are not affected. 1
On the function field sieve and the impact of higher splitting probabilities: Application to discrete logarithms in f 2
, 1971
"... Abstract. In this paper we propose a binary field variant of the JouxLercier mediumsized Function Field Sieve, which results not only in complexities as low as Lqn(1/3, 2/3) for computing arbitrary logarithms, but also in an heuristic polynomial time algorithm for finding the discrete logarithms o ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract. In this paper we propose a binary field variant of the JouxLercier mediumsized Function Field Sieve, which results not only in complexities as low as Lqn(1/3, 2/3) for computing arbitrary logarithms, but also in an heuristic polynomial time algorithm for finding the discrete logarithms of degree one elements. To illustrate the efficiency of the method, we have successfully solved the DLP in the finite field with 2 1971 elements. 1
Decomposed Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field
"... Abstract. We study the solution of the discrete logarithm problem for the Jacobian of a curve of genus g defined over an extension field Fqn, by decomposed attack, considering a external elements B0 given by points of the curve whose xcoordinates are defined in Fq. In the decomposed attack, an elem ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We study the solution of the discrete logarithm problem for the Jacobian of a curve of genus g defined over an extension field Fqn, by decomposed attack, considering a external elements B0 given by points of the curve whose xcoordinates are defined in Fq. In the decomposed attack, an element of the group which is written by a sum of some elements of external elements is called (potentially) decomposed and the set of the terms, that appear in the sum, is called decomposed factor. In order for the running of the decomposed attack, a test for the (potential) decomposeness and the computation of the decomposed factor are needed. Here, we show that the test to determine if an element of the Jacobian (i.e., reduced divisor) is written by an ng sum of the elements of the external elements and the computation of decomposed factor are reduced to the problem of solving some multivariable polynomial system of equations by using the RiemannRoch theorem. In particular, in the case of a hyperelliptic curve, we construct a concrete system of equations, which satisfies these properties and consists of (n 2 − n)g quadratic equations. Moreover, in the case of (g, n) = (1, 3), (2, 2) and (3, 2), we give examples of the concrete computation of the decomposed factors by using the computer algebra system Magma.
COMPRESSION IN FINITE FIELDS AND TORUSBASED CRYPTOGRAPHY
"... This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectur ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectures, and we use the theory of algebraic tori to give a better understanding of our cryptosystems, the Lucasbased, XTR and GongHarn cryptosystems, and conjectured generalizations. 1.
PRIME ORDER PRIMITIVE SUBGROUPS IN TORUSBASED CRYPTOGRAPHY
"... Abstract. We use the BatemanHorn conjecture to study the order of the set of Fqrational points of primitive subgroups that arise in torusbased cryptography. We provide computational evidence to support the heuristics and make some suggestions regarding parameter selection for torusbased cryptogr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We use the BatemanHorn conjecture to study the order of the set of Fqrational points of primitive subgroups that arise in torusbased cryptography. We provide computational evidence to support the heuristics and make some suggestions regarding parameter selection for torusbased cryptography. 1. Background 1.1. Algebraic Tori and Primitive Subgroups. Let L/K be a finite and separable field extension with [L: K] = n. Let Gm be the multiplicative algebraic group defined by the following property: Over any field F, the set of Frational points of Gm, denoted Gm(F), is the multiplicative group F × of nonzero elements of the field F. The Weil restriction of scalars of Gm from L down to K, denoted Res L/KGm, enjoys the following property: (Res L/KGm)(K) ∼ = Gm(L) = L ×, where the equality comes from the definition of Gm. In other words the set of Krational points of ResL/KGm is isomorphic to L ×. The algebraic group ResL/KGm is a nontrivial example of an algebraic torus defined over K; that is, an algebraic group T defined over K that over some finite extension field is isomorphic to (Gm) d, where d is the dimension of T. For any field F with K ⊂ F � L, let NL/F: L − → F denote the usual norm map defined by NL/F (α) = � σ∈Gal(L/F) σ(α). Associated with each norm map NL/F there exists a map NL/F: ResL/KGm − → ResF/KGm such that the following diagram commutes. (Res (ResL/KGm)(K) L/KGm)(K) �� (Res (ResF/KGm)(K)
COMPRESS MULTIPLE CIPHERTEXTS USING ELGAMAL ENCRYPTION SCHEMES
"... Abstract. In this work we deal with the problem of how to squeeze multiple ciphertexts without losing original message information. To do so, we formalize the notion of decomposability for publickey encryption and investigate why adding decomposability is challenging. We construct an ElGamal encryp ..."
Abstract
 Add to MetaCart
Abstract. In this work we deal with the problem of how to squeeze multiple ciphertexts without losing original message information. To do so, we formalize the notion of decomposability for publickey encryption and investigate why adding decomposability is challenging. We construct an ElGamal encryption scheme over extension fields, and show that it supports the efficient decomposition. We then analyze security of our scheme under the standard DDH assumption, and evaluate the performance of our construction. 1.
unknown title
"... Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem ..."
Abstract
 Add to MetaCart
Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem
unknown title
"... Abstract. In this paper, we study several variations of the number field sieve to compute discrete logarithms in finite fields of the form Fpn, with p a medium to large prime. We show that when n is not too large, this yields a Lpn(1/3) algorithm with efficiency similar to that of the regular number ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we study several variations of the number field sieve to compute discrete logarithms in finite fields of the form Fpn, with p a medium to large prime. We show that when n is not too large, this yields a Lpn(1/3) algorithm with efficiency similar to that of the regular number field sieve over prime fields. This approach complements the recent results of Joux and Lercier on the function field sieve. Combining both results, we deduce that computing discrete logarithms have heuristic complexity Lpn(1/3) in all finite fields. To illustrate the efficiency of our algorithm, we computed discrete logarithms in a 120digit finite field Fp3. 1