Lattice Enumeration and Automorphisms for Tower NFS: A 521-Bit Discrete Logarithm Computation

IF 2.3 3区计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS

Journal of Cryptology Pub Date : 2023-12-04 DOI:10.1007/s00145-023-09487-x

Gabrielle De Micheli, Pierrick Gaudry, Cécile Pierrot

{"title":"Lattice Enumeration and Automorphisms for Tower NFS: A 521-Bit Discrete Logarithm Computation","authors":"Gabrielle De Micheli, Pierrick Gaudry, Cécile Pierrot","doi":"10.1007/s00145-023-09487-x","DOIUrl":null,"url":null,"abstract":"<p>The tower variant of the number field sieve (TNFS) is known to be asymptotically the most efficient algorithm to solve the discrete logarithm problem in finite fields of medium characteristics, when the extension degree is composite. A major obstacle to an efficient implementation of TNFS is the collection of algebraic relations, as it happens in dimension greater than 2. This requires the construction of new sieving algorithms which remain efficient as the dimension grows. In this article, we overcome this difficulty by considering a lattice enumeration algorithm which we adapt to this specific context. We also consider a new sieving area, a high-dimensional sphere, whereas previous sieving algorithms for the classical NFS considered an orthotope. Our new sieving technique leads to a much smaller running time, despite the larger dimension of the search space, and even when considering a larger target, as demonstrated by a record computation we performed in a 521-bit finite field <span>\\({{{\\mathbb {F}}}}_{p^6}\\)</span>. The target finite field is of the same form as finite fields used in recent zero-knowledge proofs in some blockchains. This is the first reported implementation of TNFS.\n</p>","PeriodicalId":54849,"journal":{"name":"Journal of Cryptology","volume":"24 1","pages":""},"PeriodicalIF":2.3000,"publicationDate":"2023-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cryptology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00145-023-09487-x","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

The tower variant of the number field sieve (TNFS) is known to be asymptotically the most efficient algorithm to solve the discrete logarithm problem in finite fields of medium characteristics, when the extension degree is composite. A major obstacle to an efficient implementation of TNFS is the collection of algebraic relations, as it happens in dimension greater than 2. This requires the construction of new sieving algorithms which remain efficient as the dimension grows. In this article, we overcome this difficulty by considering a lattice enumeration algorithm which we adapt to this specific context. We also consider a new sieving area, a high-dimensional sphere, whereas previous sieving algorithms for the classical NFS considered an orthotope. Our new sieving technique leads to a much smaller running time, despite the larger dimension of the search space, and even when considering a larger target, as demonstrated by a record computation we performed in a 521-bit finite field \({{{\mathbb {F}}}}_{p^6}\). The target finite field is of the same form as finite fields used in recent zero-knowledge proofs in some blockchains. This is the first reported implementation of TNFS.

Abstract Image

查看原文本刊更多论文

塔NFS的点阵枚举和自同构:521位离散对数计算

已知当扩展度为复合时，塔型数场筛法(TNFS)是求解介质特征有限域中离散对数问题的渐近最有效算法。有效实现TNFS的一个主要障碍是代数关系的集合，因为它发生在大于2的维度上。这需要构建新的筛分算法，这些算法随着尺寸的增长而保持高效。在这篇文章中，我们克服了这一困难，通过考虑一个点阵枚举算法，我们适应这种特定的环境。我们还考虑了一个新的筛分区域，一个高维球体，而以前的经典NFS筛分算法考虑的是一个正交体。尽管搜索空间的维度更大，甚至在考虑更大的目标时，我们的新筛分技术导致了更小的运行时间，正如我们在521位有限域\({{{\mathbb {F}}}}_{p^6}\)中执行的记录计算所证明的那样。目标有限域与最近一些区块链中零知识证明中使用的有限域具有相同的形式。这是第一次报道TNFS的实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Cryptology 工程技术-工程：电子与电气

CiteScore

7.10

自引率

3.30%

发文量

审稿时长

18 months

期刊介绍： The Journal of Cryptology is a forum for original results in all areas of modern information security. Both cryptography and cryptanalysis are covered, including information theoretic and complexity theoretic perspectives as well as implementation, application, and standards issues. Coverage includes such topics as public key and conventional algorithms and their implementations, cryptanalytic attacks, pseudo-random sequences, computational number theory, cryptographic protocols, untraceability, privacy, authentication, key management and quantum cryptography. In addition to full-length technical, survey, and historical articles, the journal publishes short notes.