Breaking `128-bit Secure' Supersingular Binary Curves
The discrete logarithm problem (DLP) in finite fields of small characteristic recently enjoyed a dramatic series of breakthrough results and computational records, with its (heuristic) complexity dropping from subexponential to quasi-polynomial. While these results asymptotically render any cryptosystem relying on the hardness of such DLPs unusable, a question remained over whether the new techniques can weaken or indeed break any of the parameters proposed in the literature for pairing-based cryptographic protocols at the industry-standard 128-bit security level. In this talk I will first describe the ideas underlying the recent developments and then introduce some techniques which allow one to answer this question affirmatively. This is joint work with Thorsten Kleinjung and Jens Zumbragel.
Record created on 2016-01-20, modified on 2016-08-09