Table of contents

  • This session has been presented October 03, 2014.

Description

  • Speaker

    Razvan Basbulescu - LORIA

in finite fields of small characteristic The difficulty of discrete logarithm computations in fields GF(q^k) depends on the relative sizes of k and q. Until recently all the cases had a sub-exponential complexity of type L(1/3), similar to the complexity of factoring. If n is the bit-size of q^k, then L(1/3) can be approximated by 2^(n^(1/3)). In 2013, Joux designed a new algorithm for constant characteristic of complexity L(1/4+o(1)), approximatively 2^(n^(1/4)). Inspired by Joux' algorithm, we propose a heuristic algorithm that provides a quasi-polynomial complexity when q is of size O(poly(k)). By quasi-polynomial, we mean a runtime of n^O(log n). Hence, small characteristic pairings have an asymptotic complexity which is inapropiate for cryptography. In addition, in practice we expect the algorithm to be much faster in the case GF(q^2k), when q and k are roughly equal. The small characteristic pairings which were previously evaluated to 128 bits of security correspond to this case, and were reevaluated to a much lower security. It allows to conclude that small characteristic pairings must be avoided in cryptography.

Next sessions

  • Predicting Module-Lattice Reduction

    • December 19, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Paola de Perthuis - CWI

    Is module-lattice reduction better than unstructured lattice reduction? This question was highlighted as `Q8' in the Kyber NIST standardization submission (Avanzi et al., 2021), as potentially affecting the concrete security of Kyber and other module-lattice-based schemes. Foundational works on module-lattice reduction (Lee, Pellet-Mary, Stehlé, and Wallet, ASIACRYPT 2019; Mukherjee and Stephens[…]

    • Cryptography

  • Attacking the Supersingular Isogeny Problem: From the Delfs–Galbraith algorithm to oriented graphs

    • January 23, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Arthur Herlédan Le Merdy - COSIC, KU Leuven

    The threat of quantum computers motivates the introduction of new hard problems for cryptography.One promising candidate is the Isogeny problem: given two elliptic curves, compute a “nice’’ map between them, called an isogeny.In this talk, we study classical attacks on this problem, specialised to supersingular elliptic curves, on which the security of current isogeny-based cryptography relies. In[…]

    • Cryptography

Show previous sessions
Page top