Solving discrete logarithms on a 170-bit MNT curve by pairing reduction

From MaRDI portal
Publication:1698673

DOI10.1007/978-3-319-69453-5_30zbMATH Open1418.11159arXiv1605.07746OpenAlexW2963925737MaRDI QIDQ1698673FDOQ1698673


Authors: Aurore Guillevic, François Morain, Emmanuel Thomé Edit this on Wikidata


Publication date: 16 February 2018

Abstract: Pairing based cryptography is in a dangerous position following the breakthroughs on discrete logarithms computations in finite fields of small characteristic. Remaining instances are built over finite fields of large characteristic and their security relies on the fact that the embedding field of the underlying curve is relatively large. How large is debatable. The aim of our work is to sustain the claim that the combination of degree 3 embedding and too small finite fields obviously does not provide enough security. As a computational example, we solve the DLP on a 170-bit MNT curve, by exploiting the pairing embedding to a 508-bit, degree-3 extension of the base field.


Full work available at URL: https://arxiv.org/abs/1605.07746




Recommendations




Cites Work


Cited In (9)





This page was built for publication: Solving discrete logarithms on a 170-bit MNT curve by pairing reduction

Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q1698673)