Jeudi 26 février 2015 à 10h30 en salle C47
Razvan Barbulescu (IMJ-PRG)

Titre : Comments on Schirokauer's tower number field sieve

Résumé :
In order to evaluate the security of pairings-based cryptosystems, one needs to analyze the discrete logarithm in GF(p^n) with n>1. Some pairings, like Bareeto-Naehrig, use primes p of low Hamming weight in some base(SNFS). In 2000, Schirokauer extended the number field sieve, used for prime fields and factoring, using tower extensions of number fields. The algorithm, presented at a top level, remained theoretical and, after 2006, was replaced by a new variant with the same complexity, but easier to implement. If one takes into account the special form of the primes, then the first NFS variant was proposed in 2013. We explain that Schirokauer's TNFS is a good alternative and, since it hides no technical difficulty, must be considered for records.

Transparents