BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//LORIA - ECPv4.9.5//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:LORIA
X-ORIGINAL-URL:http://www.loria.fr
X-WR-CALDESC:Events for LORIA
BEGIN:VTIMEZONE
TZID:"Europe/Paris"
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:20190331T010000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:20191027T010000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID="Europe/Paris":20190228T133000
DTEND;TZID="Europe/Paris":20190228T150000
DTSTAMP:20190819T165216
CREATED:20190207T143456Z
LAST-MODIFIED:20190207T143456Z
UID:6519-1551360600-1551366000@www.loria.fr
SUMMARY:SSL Seminar : Aurore Guillevic
DESCRIPTION:Next SSL Seminar will take place on Thursday\, February 28th at 1.30 pm in room A008. \nAurore Guillevic (Caramba) will give a presentation entitled “Discrete logarithm computation in finite fields GF(p^k) with NFS variants and consequences in pairing-based cryptography.” \n \nAbstract:\nPairings on elliptic curves are involved in signatures\, NIZK\, and recently in blockchains (ZK-SNARKS).\nThese pairings take as input two points on an elliptic curve E over a finite field\, and output a value in an extension of that finite field.\nUsually for efficiency reasons\, this extension degree is a power of 2 and 3 (such as 12\,18\,24)\, and moreover the characteristic of the finite field has a special form. The security relies on the hardness of\ncomputing discrete logarithms in the group of points of the curve and in the finite field extension. \nIn 2013-2016\, new variants of the function field sieve and the number field sieve algorithms turned out to be faster in certain finite fields related to pairing-based cryptography. Now small characteristic settings\n(with GF(2^(4*n))\, GF(3^(6*m))) are discarded\, and the situation of GF(p^k) where p is prime and k is small (in practice from 2 to 54) is unclear.\nThe asymptotic complexity of the Number Field Sieve algorithm in finite fields GF(p^k) (where p is prime) and its Special and Tower variants is given by an asymptotic formula of the form A^(c+o(1)) where A depends on\nthe finite field size (log p^k)\, o(1) is unknown\, and c is a constant between 1.526 and 2.201 that depends on p\, k\, and the choice of parameters in the algorithm. \nIn this work we improve the approaches of Menezes-Sarkar-Singh and Barbulescu-Duquesne to estimate the cost of a hypothetical implementation of the Special-Tower-NFS in GF(p^k) for small k (k <= 24)\, and update some parameter sizes for pairing-based cryptography. \nThis is a joint work with Shashank Singh\, IISER Bhopal\, India. \nMore information about SSL Seminars \n
URL:http://www.loria.fr/event/ssl-seminar-aurore-guillevic/
LOCATION:A008
CATEGORIES:Séminaires
END:VEVENT
END:VCALENDAR