International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Discrete Logarithm Factory

Authors:
Haetham Al Aswad , Université de Lorraine, CNRS, Inria, LORIA
Emmanuel Thomé , Université de Lorraine, CNRS, Inria, LORIA
Cécile Pierrot , Université de Lorraine, CNRS, Inria, LORIA
Download:
DOI: 10.62056/ah2ip2fgx
URL: https://cic.iacr.org//p/1/3/23
Search ePrint
Search Google
Abstract:

The Number Field Sieve and its variants are the best algorithms to solve the discrete logarithm problem in finite fields (except for the weak small characteristic case). The Factory variant accelerates the computation when several prime fields are targeted. This article adapts the Factory variant to non-prime finite fields of medium and large characteristic. A precomputation, solely dependent on an approximate finite field size and an extension degree, allows to efficiently compute discrete logarithms in a constant proportion of the finite fields of the given approximate size and extension degree. We combine this idea with two other variants of NFS, namely the tower and special variant. This combination improves the asymptotic complexity. We also notice that combining our approach with the MNFS variant would be an unnecessary complication as all the potential gain of MNFS is subsumed by our Factory variant anyway. Furthermore, we demonstrate how Chebotarev's density theorem allows to compute the density of finite fields that can be solved with a given precomputation. Finally, we provide experimental data in order to assess the practical reach of our approach.

BibTeX
@article{cic-2024-34834,
  title={Discrete Logarithm Factory},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 3},
  url={https://cic.iacr.org//p/1/3/23},
  doi={10.62056/ah2ip2fgx},
  author={Haetham Al Aswad and Emmanuel Thomé and Cécile Pierrot},
  year=2024
}