Results 1 
9 of
9
Discrete Logarithms: the Effectiveness of the Index Calculus Method
, 1996
"... . In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the func ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least nonnegative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...
Generic Efficient Arithmetic Algorithms for PAFFs (Processor Adequate Finite Fields) and Related Algebraic Structures
 In Selected Areas in Cryptology – SAC 2003, SpringerVerlag LNCS 3006
, 2004
"... Abstract. In the past years several authors have considered finite fields extensions of odd characteristic optimised for a given architecture to obtain performance gains. The considered fields were however very specific. We define a Processor Adequate Finite Field (PAFF) as a field of odd characteri ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
Abstract. In the past years several authors have considered finite fields extensions of odd characteristic optimised for a given architecture to obtain performance gains. The considered fields were however very specific. We define a Processor Adequate Finite Field (PAFF) as a field of odd characteristic p < 2 w where w is a CPU related word length. PAFFs have several attractive properties for cryptography. In this paper we concentrate on arithmetic aspects. We present some algorithms usually providing better performance in PAFFs than in prime fields and in previously proposed instances of extension fields of comparable size.
Comparing two pairingbased aggregate signature schemes”, Designs, Codes and Cryptography
"... Abstract. In 2003, Boneh, Gentry, Lynn and Shacham (BGLS) devised the first provablysecure aggregate signature scheme. Their scheme uses bilinear pairings and their security proof is in the random oracle model. The first pairingbased aggregate signature scheme which has a security proof that does ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Abstract. In 2003, Boneh, Gentry, Lynn and Shacham (BGLS) devised the first provablysecure aggregate signature scheme. Their scheme uses bilinear pairings and their security proof is in the random oracle model. The first pairingbased aggregate signature scheme which has a security proof that does not make the random oracle assumption was proposed in 2006 by Lu, Ostrovsky, Sahai, Shacham and Waters (LOSSW). In this paper, we compare the security and efficiency of the BGLS and LOSSW schemes when asymmetric pairings derived from BarretoNaehrig (BN) elliptic curves are employed. 1.
Discrete logarithms: The past and the future
 Designs, Codes, and Cryptography
, 2000
"... The first practical public key cryptosystem to be published, the DiffieHellman key exchange algorithm, was based on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the presumed security of a variety of other public key schemes. ..."
Abstract
 Add to MetaCart
The first practical public key cryptosystem to be published, the DiffieHellman key exchange algorithm, was based on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the presumed security of a variety of other public key schemes. While there have been substantial advances in discrete log algorithms in the last two decades, in general the discrete log still appears to be hard, especially for some groups, such as those from elliptic curves. Unfortunately no proofs of hardness are available in this area, so it is necessary to rely on experience and intuition in judging what parameters to use for cryptosystems. This paper presents a brief survey of the current state of the art in discrete logs. 1. Introduction Many of the popular public key cryptosystems are based on discrete exponentiation. If G is a group, such as the multiplicative group of a finite field or the group of points on an elliptic curve, and g is an elem...
On class group computations using the number field sieve
, 2003
"... The best practical algorithm for class group computations in imaginary quadratic number fields (such as group structure, class number, discrete logarithm computations) is a variant of the quadratic sieve factoring algorithm. Paradoxical as it sounds, the principles of the number field sieve, in a st ..."
Abstract
 Add to MetaCart
The best practical algorithm for class group computations in imaginary quadratic number fields (such as group structure, class number, discrete logarithm computations) is a variant of the quadratic sieve factoring algorithm. Paradoxical as it sounds, the principles of the number field sieve, in a strict sense, could not be applied to number field computations, yet. In this article we give an indication of the obstructions. In particular, we first present fundamental core elements of a number field sieve for number field computations of which it is absolutely unknown how to design them in a useful way. Finally, we show that the existence of a number field sieve for number field computations with a running time asymptotics similar to that of the genuine number field sieve likely implies the existence of an algorithm for elliptic curve related computational problems with subexponential running time.
Algorithmic Number Theory MSRI Publications
"... The impact of the number field sieve on the discrete logarithm problem in finite fields ..."
Abstract
 Add to MetaCart
The impact of the number field sieve on the discrete logarithm problem in finite fields
A SHORT NOTE ON DISCRETE LOG PROBLEM IN F ∗ p
"... Abstract. Let p be a odd prime such that 2 is a primitive element of finite field Fp. In this short note we propose a new algorithm for the computation of discrete logarithm in F ∗ p. ..."
Abstract
 Add to MetaCart
Abstract. Let p be a odd prime such that 2 is a primitive element of finite field Fp. In this short note we propose a new algorithm for the computation of discrete logarithm in F ∗ p.
A SHORT NOTE ON DISCRETE LOG PROBLEM IN F ∗ p
, 908
"... Abstract. Let p be a odd prime such that 2 is a primitive element of finite field Fp. In this short note we propose a new algorithm for the computation of discrete logarithm in F ∗ p. This algorithm is based on elementary properties of finite fields and is purely theoretical in nature. ..."
Abstract
 Add to MetaCart
Abstract. Let p be a odd prime such that 2 is a primitive element of finite field Fp. In this short note we propose a new algorithm for the computation of discrete logarithm in F ∗ p. This algorithm is based on elementary properties of finite fields and is purely theoretical in nature.
Evaluation Report on the Discrete Logarithm Problem over finite fields
"... This document is an evaluation of the discrete logarithm problem over finite fields (DLP), as a basis for designing cryptographic schemes. It relies on the analysis of numerous research papers on the subject. The present report is organized as follows: firstly, we review the DLP and several ..."
Abstract
 Add to MetaCart
This document is an evaluation of the discrete logarithm problem over finite fields (DLP), as a basis for designing cryptographic schemes. It relies on the analysis of numerous research papers on the subject. The present report is organized as follows: firstly, we review the DLP and several