{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T08:53:20Z","timestamp":1776848000522,"version":"3.51.2"},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662443804","type":"print"},{"value":"9783662443811","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-662-44381-1_8","type":"book-chapter","created":{"date-parts":[[2014,7,14]],"date-time":"2014-07-14T04:27:09Z","timestamp":1405312029000},"page":"126-145","source":"Crossref","is-referenced-by-count":37,"title":["Breaking \u2018128-bit Secure\u2019 Supersingular Binary Curves"],"prefix":"10.1007","author":[{"given":"Robert","family":"Granger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thorsten","family":"Kleinjung","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jens","family":"Zumbr\u00e4gel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1007\/978-3-642-35999-6_12","volume-title":"Selected Areas in Cryptography","author":"J. Adikari","year":"2013","unstructured":"Adikari, J., Hasan, M.A., Negre, C.: Towards faster and greener cryptoprocessor for eta pairing on supersingular elliptic curve over \n                    \n                      \n                    \n                    $\\mathbb{F}_{2^{1223}}$\n                  . In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol.\u00a07707, pp. 166\u2013183. Springer, Heidelberg (2013)"},{"key":"8_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-319-04873-4_2","volume-title":"Pairing-Based Cryptography \u2013 Pairing 2013","author":"G. Adj","year":"2014","unstructured":"Adj, G., Menezes, A., Oliveira, T., Rodr\u00edguez-Henr\u00edquez, F.: Weakness of \n                    \n                      \n                    \n                    $\\mathbb{F}_{3^{6\\cdot 509}}$\n                   for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol.\u00a08365, pp. 20\u201344. Springer, Heidelberg (2014)"},{"key":"8_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-642-27954-6_7","volume-title":"Topics in Cryptology \u2013 CT-RSA 2012","author":"D.F. Aranha","year":"2012","unstructured":"Aranha, D.F., Beuchat, J.-L., Detrey, J., Estibals, N.: Optimal eta pairing on supersingular genus-2 binary hyperelliptic curves. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol.\u00a07178, pp. 98\u2013115. Springer, Heidelberg (2012)"},{"key":"8_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-55220-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"R. Barbulescu","year":"2014","unstructured":"Barbulescu, R., Gaudry, P., Joux, A., Thom\u00e9, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol.\u00a08441, pp. 1\u201316. Springer, Heidelberg (2014)"},{"issue":"3","key":"8_CR5","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/s10623-006-9033-6","volume":"42","author":"P.S.L.M. Barreto","year":"2007","unstructured":"Barreto, P.S.L.M., Galbraith, S.D., H\u00e9igeartaigh, C.\u00d3., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Des. Codes Cryptography\u00a042(3), 239\u2013271 (2007)","journal-title":"Des. Codes Cryptography"},{"key":"8_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/3-540-45708-9_23","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"P.S.L.M. Barreto","year":"2002","unstructured":"Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 354\u2013369. Springer, Heidelberg (2002)"},{"key":"8_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/978-3-642-10433-6_28","volume-title":"Cryptology and Network Security","author":"J.-L. Beuchat","year":"2009","unstructured":"Beuchat, J.-L., L\u00f3pez-Trejo, E., Mart\u00ednez-Ramos, L., Mitsunari, S., Rodr\u00edguez-Henr\u00edquez, F.: Multi-core implementation of the Tate pairing over supersingular elliptic curves. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol.\u00a05888, pp. 413\u2013432. Springer, Heidelberg (2009)"},{"issue":"3","key":"8_CR8","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1016\/j.ffa.2003.08.004","volume":"10","author":"A.W. Bluher","year":"2004","unstructured":"Bluher, A.W.: On xq\u2009+\u20091\u2009+\u2009ax\u2009+\u2009b. Finite Fields and Their Applications\u00a010(3), 285\u2013305 (2004)","journal-title":"Finite Fields and Their Applications"},{"key":"8_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/3-540-44647-8_13","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"D. Boneh","year":"2001","unstructured":"Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 213\u2013229. Springer, Heidelberg (2001)"},{"issue":"3-4","key":"8_CR10","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1006\/jsco.1996.0125","volume":"24","author":"W. Bosma","year":"1997","unstructured":"Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput.\u00a024(3-4), 235\u2013265 (1997)","journal-title":"J. Symbolic Comput."},{"key":"8_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-642-13797-6_9","volume-title":"Arithmetic of Finite Fields","author":"S. Chatterjee","year":"2010","unstructured":"Chatterjee, S., Hankerson, D., Menezes, A.: On the efficiency and security of pairing-based protocols in the type 1 and type 4 settings. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol.\u00a06087, pp. 114\u2013134. Springer, Heidelberg (2010)"},{"issue":"4","key":"8_CR12","doi-asserted-by":"publisher","first-page":"587","DOI":"10.1109\/TIT.1984.1056941","volume":"30","author":"D. Coppersmith","year":"1984","unstructured":"Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Transactions on Information Theory\u00a030(4), 587\u2013593 (1984)","journal-title":"IEEE Transactions on Information Theory"},{"issue":"205","key":"8_CR13","first-page":"333","volume":"62","author":"D. Coppersmith","year":"1994","unstructured":"Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Mathematics of Computation\u00a062(205), 333\u2013350 (1994)","journal-title":"Mathematics of Computation"},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-540-40061-5_7","volume-title":"Advances in Cryptology - ASIACRYPT 2003","author":"I. Duursma","year":"2003","unstructured":"Duursma, I., Lee, H.-S.: Tate pairing implementation for hyperelliptic curves y2\u2009=\u2009x\n                    p\n                  \u2009\u2212\u2009x\u2009+\u2009d. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol.\u00a02894, pp. 111\u2013123. Springer, Heidelberg (2003)"},{"issue":"1-3","key":"8_CR15","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1016\/S0022-4049(99)00005-5","volume":"139","author":"J.-C. Faug\u00e8re","year":"1999","unstructured":"Faug\u00e8re, J.-C.: A new efficient algorithm for computing Gr\u00f6bner bases (F4). J. Pure Appl. Algebra\u00a0139(1-3), 61\u201388 (1999)","journal-title":"J. Pure Appl. Algebra"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/3-540-45682-1_29","volume-title":"Advances in Cryptology - ASIACRYPT 2001","author":"S.D. Galbraith","year":"2001","unstructured":"Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol.\u00a02248, pp. 495\u2013513. Springer, Heidelberg (2001)"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1007\/3-540-45455-1_26","volume-title":"Algorithmic Number Theory","author":"S.D. Galbraith","year":"2002","unstructured":"Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol.\u00a02369, pp. 324\u2013337. Springer, Heidelberg (2002)"},{"key":"8_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1007\/978-3-642-23951-9_29","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"S. Ghosh","year":"2011","unstructured":"Ghosh, S., Roychowdhury, D., Das, A.: High speed cryptoprocessor for \u03b7\n                    t\n                   pairing on 128-bit secure supersingular elliptic curves over characteristic two fields. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol.\u00a06917, pp. 442\u2013458. Springer, Heidelberg (2011)"},{"key":"8_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-642-40084-1_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"F. G\u00f6lo\u011flu","year":"2013","unstructured":"G\u00f6lo\u011flu, F., Granger, R., McGuire, G., Zumbr\u00e4gel, J.: On the function field sieve and the impact of higher splitting probabilities: Application to discrete logarithms in \n                    \n                      \n                    \n                    ${\\mathbb F}_{2^{1971}}$\n                   and \n                    \n                      \n                    \n                    ${\\mathbb F}_{2^{3164}}$\n                  . In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol.\u00a08043, pp. 109\u2013128. Springer, Heidelberg (2013)"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"G\u00f6lo\u011flu, F., Granger, R., McGuire, G., Zumbr\u00e4gel, J.: Solving a 6120-bit DLP on a desktop computer. In: Lange, T., Lauter, K., Lison\u011bk, P. (eds.) SAC 2013. LNCS, vol.\u00a08282, pp. 136\u2013152. Springer, Heidelberg (2014)","DOI":"10.1007\/978-3-662-43414-7_7"},{"key":"8_CR21","unstructured":"G\u00f6lo\u011flu, F., Granger, R., McGuire, G., Zumbr\u00e4gel, J.: Discrete Logarithms in GF(21971). NMBRTHRY list (February 19, 2013)"},{"key":"8_CR22","unstructured":"G\u00f6lo\u011flu, F., Granger, R., McGuire, G., Zumbr\u00e4gel, J.: Discrete Logarithms in GF(26120). NMBRTHRY list (April 11, 2013)"},{"key":"8_CR23","unstructured":"Granger, R., Kleinjung, T., Zumbr\u00e4gel, J.: Breaking \u2018128-bit Secure\u2019 Supersingular Binary Curves (or how to solve discrete logarithms in \n                    \n                      \n                    \n                    ${\\mathbb F}_{2^{4 \\cdot 1223}}$\n                   and \n                    \n                      \n                    \n                    ${\\mathbb F}_{2^{12 \\cdot 367}}$\n                  ). Cryptology ePrint Archive, Report 2014\/119"},{"key":"8_CR24","unstructured":"Granger, R., Kleinjung, T., Zumbr\u00e4gel, J.: Discrete logarithms in the Jacobian of a genus 2 supersingular curve over GF(2367). NMBRTHRY list (January 30, 2014)"},{"key":"8_CR25","unstructured":"Granger, R., Kleinjung, T., Zumbr\u00e4gel, J.: Discrete Logarithms in GF(29234). NMBRTHRY list (January 31, 2014)"},{"issue":"7","key":"8_CR26","doi-asserted-by":"publisher","first-page":"852","DOI":"10.1109\/TC.2005.120","volume":"54","author":"R. Granger","year":"2005","unstructured":"Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three. IEEE Trans. Computers\u00a054(7), 852\u2013860 (2005)","journal-title":"IEEE Trans. Computers"},{"key":"8_CR27","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1112\/S1461157000001194","volume":"9","author":"R. Granger","year":"2006","unstructured":"Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. LMS J. Comput. Math.\u00a09, 64\u201385 (2006)","journal-title":"LMS J. Comput. Math."},{"key":"8_CR28","unstructured":"Granlund, T.: GNU MP: The GNU Multiple Precision Arithmetic Library, 5.0.5 edn. (2012), \n                    \n                      http:\/\/gmplib.org\/"},{"key":"8_CR29","unstructured":"Hankerson, D., Menezes, A., Scott, M.: Software implementation of pairings. In: Identity-Based Cryptography. Cryptology and Information Security, vol.\u00a02, pp. 188\u2013206. IOS Press (2008)"},{"key":"8_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/10722028_23","volume-title":"Algorithmic Number Theory","author":"A. Joux","year":"2000","unstructured":"Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol.\u00a01838, pp. 385\u2013393. Springer, Heidelberg (2000)"},{"key":"8_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-642-38348-9_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"A. Joux","year":"2013","unstructured":"Joux, A.: Faster index calculus for the medium prime case. Application to 1175-bit and 1425-bit finite fields. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol.\u00a07881, pp. 177\u2013193. Springer, Heidelberg (2013)"},{"key":"8_CR32","series-title":"LNCS","first-page":"355","volume-title":"SAC 2013","author":"A. Joux","year":"2014","unstructured":"Joux, A.: A new index calculus algorithm with complexity L(1\/4\u2009+\u2009o(1)) in very small characteristic. In: Lange, T., Lauter, K., Lison\u011bk, P. (eds.) SAC 2013. LNCS, vol.\u00a08282, pp. 355\u2013379. Springer, Heidelberg (2014)"},{"key":"8_CR33","unstructured":"Joux, A.: Discrete Logarithms in GF(21778). NMBRTHRY list (February 11, 2013)"},{"key":"8_CR34","unstructured":"Joux, A.: Discrete Logarithms in GF(24080). NMBRTHRY list (March 22, 2013)"},{"key":"8_CR35","unstructured":"Joux, A.: Discrete Logarithms in GF(26168). NMBRTHRY list (May 21, 2013)"},{"key":"8_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/11761679_16","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"A. Joux","year":"2006","unstructured":"Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol.\u00a04004, pp. 254\u2013270. Springer, Heidelberg (2006)"},{"key":"8_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/978-3-642-14623-7_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"T. Kleinjung","year":"2010","unstructured":"Kleinjung, T., et al.: Factorization of a 768-bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol.\u00a06223, pp. 333\u2013350. Springer, Heidelberg (2010)"},{"key":"8_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/3-540-45682-1_5","volume-title":"Advances in Cryptology - ASIACRYPT 2001","author":"A.K. Lenstra","year":"2001","unstructured":"Lenstra, A.K.: Unbelievable security: Matching AES security using public key systems. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol.\u00a02248, pp. 67\u201386. Springer, Heidelberg (2001)"},{"issue":"5","key":"8_CR39","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"A.J. Menezes","year":"1993","unstructured":"Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inform. Theory\u00a039(5), 1639\u20131646 (1993)","journal-title":"IEEE Trans. Inform. Theory"},{"key":"8_CR40","unstructured":"Popovyan, I.: Efficient parallelization of lanczos type algorithms. Cryptology ePrint Archive, Report 2011\/416 (2011), \n                    \n                      http:\/\/eprint.iacr.org\/"},{"issue":"214","key":"8_CR41","first-page":"75","volume":"101","author":"R. Sakai","year":"2001","unstructured":"Sakai, R., Mitsunari, S., Kasahara, M.: Cryptographic schemes based on pairing over elliptic curve. IEIC Technical Report\u00a0101(214), 75\u201380 (2001)","journal-title":"IEIC Technical Report"},{"key":"8_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-642-29101-2_16","volume-title":"Information Security Practice and Experience","author":"N. Shinohara","year":"2012","unstructured":"Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \u03b7\n                    t\n                   pairing. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol.\u00a07232, pp. 228\u2013244. Springer, Heidelberg (2012)"},{"key":"8_CR43","unstructured":"Shoup, V.: NTL: A library for doing number theory, 5.5.2 edn. (2009), \n                    \n                      http:\/\/www.shoup.net\/ntl\/"},{"key":"8_CR44","unstructured":"Spaenlehauer, P.-J.: Solving multihomogeneous and determinantal systems algorithms - complexity - applications. Ph.D. thesis, Universit\u00e9 Pierre et Marie Curie, UPMC (2012)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2014"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-44381-1_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,27]],"date-time":"2019-05-27T08:35:46Z","timestamp":1558946146000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-44381-1_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783662443804","9783662443811"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-44381-1_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}