- 【Updated on May 12, 2025】 Integration of CiNii Dissertations and CiNii Books into CiNii Research
- Trial version of CiNii Research Knowledge Graph Search feature is available on CiNii Labs
- 【Updated on June 30, 2025】Suspension and deletion of data provided by Nikkei BP
- Regarding the recording of “Research Data” and “Evidence Data”
Key Length Estimation of Pairing-Based Cryptosystems Using <i>η<sub>T</sub></i> Pairing over <i>GF</i>(3<i><sup>n</sup></i>)
-
- SHINOHARA Naoyuki
- National Institute of Information and Communications Technology
-
- SHIMOYAMA Takeshi
- FUJITSU LABORATORIES Ltd.
-
- HAYASHI Takuya
- Kyushu University
-
- TAKAGI Tsuyoshi
- Kyushu University
Bibliographic Information
- Other Title
-
- Key Length Estimation of Pairing-Based Cryptosystems Using ηT Pairing over GF(3[n])
Search this article
Description
The security of pairing-based cryptosystems is determined by the difficulty of solving the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the ηT pairing over supersingular curves on finite fields of characteristic 3. Indeed many high-speed implementations of this pairing have been reported, and it is an attractive candidate for practical deployment of pairing-based cryptosystems. Since the embedding degree of the ηT pairing is 6, we deal with the difficulty of solving a DLP over the finite field GF(36n), where the function field sieve (FFS) is known as the asymptotically fastest algorithm of solving it. Moreover, several efficient algorithms are employed for implementation of the FFS, such as the large prime variation. In this paper, we estimate the time complexity of solving the DLP for the extension degrees n=97, 163, 193, 239, 313, 353, and 509, when we use the improved FFS. To accomplish our aim, we present several new computable estimation formulas to compute the explicit number of special polynomials used in the improved FFS. Our estimation contributes to the evaluation for the key length of pairing-based cryptosystems using the ηT pairing.
Journal
-
- IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
-
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E97.A (1), 236-244, 2014
The Institute of Electronics, Information and Communication Engineers