Section: New Results

A Quasi-polynomial Algorithm for the Computation of Discrete Logarithms in Finite Fields of Small Characteristic

Participants : Razvan Barbulescu, Pierrick Gaudry, Emmanuel Thomé [contact] .

In collaboration with Antoine Joux (Université Pierre et Marie Curie), Răzvan Bărbulescu, Pierrick Gaudry, and Emmanuel Thomé designed a new algorithm of quasi-polynomial complexity for computing discrete logarithms in finite fields $\mathrm{GF}\left(p^n\right)$, under the constraint that the characteristic $p$ is small: it must not grow faster than a polynomial in the input size $nlogp$. This constraint accomodates for instance the cryptographically relevant case of finite fields of fixed characteristic $\mathrm{GF}\left(2^n\right)$ and $\mathrm{GF}\left(3^n\right)$.

This new algorithm dramatically changes the complexity landscape of the computation of discrete logarithms in finite fields. This has in particular an immense impact on the small characteristic pairing-based cryptography proposals. As it turns out, the field of definition of the Weil pairing for curves over small characteristic fields lends itself incredibly well to the new algorithm, to the point that the key sizes which are necessary to claim a sufficient security suddenly become unacceptably large. The newly proposed algorithm practically kills such cryptosystems.

This work has been published in preprint form in June 2013 [22] and was immediately acclaimed as a breakthrough, receiving also some external publicity. Pending the submission outcome, a first publication is expected in 2014.