کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
6414130 | 1630371 | 2015 | 23 صفحه PDF | دانلود رایگان |
![عکس صفحه اول مقاله: Weakness of F36â
1429 and F24â
3041 for discrete logarithm cryptography Weakness of F36â
1429 and F24â
3041 for discrete logarithm cryptography](/preview/png/6414130.png)
In the past two years, there have been several dramatic improvements in algorithms for computing discrete logarithms in small-characteristic finite fields. In this paper, we examine the effectiveness of these new algorithms for computing discrete logarithms in F36â 1429 and F24â 3041. The intractability of the discrete logarithm problem in these fields is necessary for the security of bilinear pairings derived from supersingular curves with embedding degree 6 and 4 defined, respectively, over F31429 and F23041; these curves were believed to enjoy a security level of 192 bits against attacks by Coppersmith's algorithm. Our analysis shows that these pairings offer security levels of at most 96 and 129 bits, respectively, leading us to conclude that they are dead for pairing-based cryptography.
Journal: Finite Fields and Their Applications - Volume 32, March 2015, Pages 148-170