{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T03:20:23Z","timestamp":1780629623942,"version":"3.54.1"},"reference-count":69,"publisher":"American Institute of Mathematical Sciences (AIMS)","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["AMC"],"published-print":{"date-parts":[[2018]]},"DOI":"10.3934\/amc.2018017","type":"journal-article","created":{"date-parts":[[2018,4,3]],"date-time":"2018-04-03T21:18:13Z","timestamp":1522790293000},"page":"263-286","source":"Crossref","is-referenced-by-count":5,"title":["Indiscreet logarithms in finite fields of small characteristic"],"prefix":"10.3934","volume":"12","author":[{"given":"Robert","family":"Granger","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Thorsten","family":"Kleinjung","sequence":"additional","affiliation":[{"name":"Laboratory for Cryptologic Algorithms, \u00c9cole polytechnique f\u00e9d\u00e9rale de Lausanne, Station 14, 1015 Lausanne, Switzerland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jens","family":"Zumbr\u00e4gel","sequence":"additional","affiliation":[{"name":"Faculty of Computer Science and Mathematics, University of Passau, Innstra\u00dfe 33, 94032 Passau, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2321","reference":[{"key":"key-10.3934\/amc.2018017-1","doi-asserted-by":"crossref","unstructured":"<p>G. Adj, A. Menezes, T. Oliveira and F. Rodr\u00edguez-Henr\u00edquez, Weakness of <inline-formula><tex-math id=\"M874\">$\\mathbb{F}_{3^{6 \u00b7 509\\;\\;}}$<\/tex-math><\/inline-formula> for discrete logarithm cryptography, in: <i>Pairing-Based Cryptography\u2014Pairing 2013<\/i>, Springer, LNCS <b>8365<\/b> (2014), 20\u201344.<\/p>","DOI":"10.1007\/978-3-319-04873-4_2"},{"key":"key-10.3934\/amc.2018017-2","unstructured":"<p>G. Adj, A. Menezes, T. Oliveira and F. Rodr\u00edguez-Henr\u00edquez, Computing discrete logarithms in <inline-formula><tex-math id=\"M875\">$\\mathbb{F}_{3^{6 \u00b7 137}}\\;\\;$<\/tex-math><\/inline-formula> and <inline-formula><tex-math id=\"M876\">$\\mathbb{F}_{3^{6 \u00b7 163}}\\;\\;$<\/tex-math><\/inline-formula> using Magma, in: <i>Arithmetic of Finite Fields<\/i>, Springer, LNCS <b>9061<\/b> (2015), 3\u201322.<\/p>"},{"key":"key-10.3934\/amc.2018017-3","unstructured":"<p>G. Adj, I. Canales-Mart\u00ednez, N. Cruz-Cort\u00e9s, A. Menezes, T. Oliveira, L. RiveraZamarripa and F. Rodr\u00edguez-Henr\u00edquez, Computing discrete logarithms in cryptographicallyinteresting characteristic-three finite fields, <i>IACR Cryptology ePrint Archive<\/i>, (2016), 19 pages, eprint. iacr. org\/2016\/914.<\/p>"},{"key":"key-10.3934\/amc.2018017-4","doi-asserted-by":"crossref","unstructured":"<p>L. M. Adleman, A subexponential algorithm for the discrete logarithm problem with applications to cryptography, in: <i>20th Annual Symposium on Foundations of Computer Science<\/i>, (1979), 55\u201360.<\/p>","DOI":"10.1109\/SFCS.1979.2"},{"key":"key-10.3934\/amc.2018017-5","doi-asserted-by":"crossref","unstructured":"<p>L. M. Adleman, The function field sieve, in: <i>Algorithmic Number Theory<\/i>, Springer, LNCS <b>877<\/b> (1994), 108\u2013121.<\/p>","DOI":"10.1007\/3-540-58691-1_48"},{"key":"key-10.3934\/amc.2018017-6","doi-asserted-by":"publisher","DOI":"10.1006\/inco.1998.2761"},{"key":"key-10.3934\/amc.2018017-7","doi-asserted-by":"crossref","unstructured":"<p>R. Barbulescu, C. Bouvier, J. Detrey, P. Gaudry, H. Jeljeli, E. Thom\u00e9, M. Videau and P. Zimmermann (the CARAMEL group), Discrete logarithm in GF(2<sup>809<\/sup>) with FFS, in: <i>Public-Key Cryptography\u2014PKC 2014<\/i>, Springer, LNCS <b>8383<\/b> (2014), 221\u2013238.<\/p>","DOI":"10.1007\/978-3-642-54631-0_13"},{"key":"key-10.3934\/amc.2018017-8","doi-asserted-by":"crossref","unstructured":"<p>R. Barbulescu, P. Gaudry, A. Guillevic and F. Morain, Improving NFS for the discrete logarithm problem in non-prime finite fields, in: <i>Advances in Cryptology\u2014EUROCRYPT 2015<\/i>, Springer, LNCS <b>9056<\/b> (2015), 129\u2013155.<\/p>","DOI":"10.1007\/978-3-662-46800-5_6"},{"key":"key-10.3934\/amc.2018017-9","doi-asserted-by":"crossref","unstructured":"<p>R. Barbulescu, P. Gaudry, A. Joux and E. Thom\u00e9, A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic, in: <i>Advances in Cryptology\u2014EUROCRYPT 2014<\/i>, Springer, LNCS <b>8441<\/b> (2014), 1\u201316.<\/p>","DOI":"10.1007\/978-3-642-55220-5_1"},{"key":"key-10.3934\/amc.2018017-10","doi-asserted-by":"crossref","unstructured":"<p>R. Barbulescu, P. Gaudry and T. Kleinjung, The Tower Number Field Sieve, in: <i>Advances in Cryptology\u2014ASIACRYPT 2015<\/i>, Springer, LNCS <b>9453<\/b> (2015), 31\u201355.<\/p>","DOI":"10.1007\/978-3-662-48800-3_2"},{"key":"key-10.3934\/amc.2018017-11","doi-asserted-by":"crossref","unstructured":"<p>R. Barbulescu and T. Kim, Extended tower number field sieve: A new complexity for the medium prime case, in: <i>Advances in Cryptology\u2014CRYPTO 2016<\/i>, Springer, LNCS <b>9814<\/b> (2016), 543\u2013571.<\/p>","DOI":"10.1007\/978-3-662-53018-4_20"},{"key":"key-10.3934\/amc.2018017-12","doi-asserted-by":"publisher","DOI":"10.1016\/j.ffa.2003.08.004"},{"key":"key-10.3934\/amc.2018017-13","doi-asserted-by":"crossref","unstructured":"<p>D. Boneh and M. Frapringer, LNCS <b>2139<\/b> (2001nklin, Identity-based encryption from the Weil pairing, in: <i>Advances in Cryptology\u2014CRYPTO 2001<\/i>, S), 213\u2013229.<\/p>","DOI":"10.1007\/3-540-44647-8_13"},{"key":"key-10.3934\/amc.2018017-14","doi-asserted-by":"publisher","DOI":"10.1016\/0022-314X(83)90002-1"},{"key":"key-10.3934\/amc.2018017-15","doi-asserted-by":"crossref","unstructured":"<p>A. Commeine and I. Semaev, An algorithm to solve the discrete logarithm problem with the number field sieve, in: <i>Public Key Cryptography\u2014PKC 2006<\/i>, Springer, LNCS <b>3958<\/b> (2006), 174\u2013190.<\/p>","DOI":"10.1007\/11745853_12"},{"key":"key-10.3934\/amc.2018017-16","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1984.1056941"},{"key":"key-10.3934\/amc.2018017-17","doi-asserted-by":"publisher","DOI":"10.1112\/S0010437X10005075"},{"key":"key-10.3934\/amc.2018017-18","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1976.1055638"},{"key":"key-10.3934\/amc.2018017-19","doi-asserted-by":"crossref","unstructured":"<p>T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, in: <i>Advances in Cryptology\u2014CRYPTO '84<\/i>, Springer, LNCS <b>196<\/b> (1985), 10\u201318.<\/p>","DOI":"10.1007\/3-540-39568-7_2"},{"key":"key-10.3934\/amc.2018017-20","doi-asserted-by":"publisher","DOI":"10.4064\/aa102-1-6"},{"key":"key-10.3934\/amc.2018017-21","doi-asserted-by":"crossref","unstructured":"<p>S. D. Galbraith, Supersingular curves in cryptography, in: <i>Advances in Cryptology\u2014ASIACRYPT 2001<\/i>, Springer, LNCS <b>2248<\/b> (2001), 495\u2013513.<\/p>","DOI":"10.1007\/3-540-45682-1_29"},{"key":"key-10.3934\/amc.2018017-22","unstructured":"<p>C. F. Gau\u00df, <i>Disquisitiones Arithmeticae<\/i>, Translated into English by Arthur A. Clarke, S. J. Yale University Press, New Haven, Conn. -London, 1966.<\/p>"},{"key":"key-10.3934\/amc.2018017-23","unstructured":"<p>F. G\u00f6lo\u011flu, R. Granger, G. McGuire and J. Zumbr\u00e4gel, On the function field sieve and the impact of higher splitting probabilities: Application to discrete logarithms in <inline-formula><tex-math id=\"M878\">$\\mathbb{F}_{2^{1971}}\\;\\;$<\/tex-math><\/inline-formula> and <inline-formula><tex-math id=\"M879\">$\\mathbb{F}_{2^{3164}}\\;\\;$<\/tex-math><\/inline-formula>, in: <i>Advances in Cryptology\u2014CRYPTO 2013<\/i>, Springer, LNCS <b>8043<\/b> (2013), 109\u2013128.<\/p>"},{"key":"key-10.3934\/amc.2018017-24","doi-asserted-by":"crossref","unstructured":"<p>F. G\u00f6lo\u011flu, R. Granger, G. McGuire and J. Zumbr\u00e4gel, Solving a 6120-bit DLP on a desktop computer, in: <i>Selected Areas in Cryptography\u2014SAC 2013<\/i>, Springer, LNCS <b>8282<\/b> (2014), 136\u2013152.<\/p>","DOI":"10.1007\/978-3-662-43414-7_7"},{"key":"key-10.3934\/amc.2018017-25","doi-asserted-by":"publisher","DOI":"10.1137\/0406010"},{"key":"key-10.3934\/amc.2018017-26","doi-asserted-by":"crossref","unstructured":"<p>D. M. Gordon and K. S. McCurley, Massively parallel computation of discrete logarithms, in: <i>Advances in Cryptology\u2014CRYPTO'92<\/i>, Springer, LNCS <b>740<\/b> (1993), 312\u2013323.<\/p>","DOI":"10.1007\/3-540-48071-4_22"},{"key":"key-10.3934\/amc.2018017-27","doi-asserted-by":"crossref","unstructured":"<p>R. Granger, T. Kleinjung and J. Zumbr\u00e4gel, Breaking '128-bit secure' supersingular binary curves, in: <i>Advances in Cryptology\u2014CRYPTO 2014<\/i>, Springer, LNCS <b>8617<\/b> (2014), 126\u2013145.<\/p>","DOI":"10.1007\/978-3-662-44381-1_8"},{"key":"key-10.3934\/amc.2018017-28","unstructured":"<p>R. Granger, T. Kleinjung and J. Zumbr\u00e4gel, On the powers of 2, <i>IACR Cryptology ePrint Archive<\/i>, (2014), 18 pages, eprint. iacr. org\/2014\/300.<\/p>"},{"key":"key-10.3934\/amc.2018017-29","doi-asserted-by":"publisher","DOI":"10.1090\/tran\/7027"},{"key":"key-10.3934\/amc.2018017-30","doi-asserted-by":"crossref","unstructured":"<p>T. Hayashi, T. Shimoyama, N. Shinohara, T. Takagi, Breaking pairing-based cryptosystems using <i>\u03b7<sub>T<\/sub><\/i> pairing over GF(3<sup>97<\/sup>), in: <i>Advances in Cryptology\u2014ASIACRYPT 2012<\/i>, Springer, LNCS <b>7658<\/b> (2012), 43\u201360.<\/p>","DOI":"10.1007\/978-3-642-34961-4_5"},{"key":"key-10.3934\/amc.2018017-31","doi-asserted-by":"crossref","unstructured":"<p>T. Hayashi, N. Shinohara, L. Wang, S. I. Matsuo, M. Shirase and T. Takagi, <i>Solving a 676-bit discrete logarithm problem in<\/i> GF(3<sup>6<i>n<\/i><\/sup>), in: <i>Public Key Cryptography\u2014PKC 2010<\/i>, Springer, LNCS <b>6056<\/b> (2010), 351\u2013367.<\/p>","DOI":"10.1007\/978-3-642-13013-7_21"},{"key":"key-10.3934\/amc.2018017-32","doi-asserted-by":"publisher","DOI":"10.1007\/s12095-009-0018-y"},{"key":"key-10.3934\/amc.2018017-33","doi-asserted-by":"crossref","unstructured":"<p>A. Joux, A one round protocol for tripartite Diffie-Hellman, in: <i>Algorithmic Number Theory<\/i>, Springer, LNCS <b>1838<\/b> (2000), 385\u2013393.<\/p>","DOI":"10.1007\/10722028_23"},{"key":"key-10.3934\/amc.2018017-34","doi-asserted-by":"crossref","unstructured":"<p>A. Joux, Faster index calculus for the medium prime case; application to 1175-bit and 1425-bit finite fields, in: <i>Advances in Cryptology\u2014EUROCRYPT 2013<\/i>, Springer, LNCS <b>7881<\/b> (2013), 177\u2013193.<\/p>","DOI":"10.1007\/978-3-642-38348-9_11"},{"key":"key-10.3934\/amc.2018017-35","doi-asserted-by":"crossref","unstructured":"<p>A. Joux, A new index calculus algorithm with complexity L(1\/4 + o(1)) in small characteristic, in: <i>Selected Areas in Cryptography\u2014SAC 2013<\/i>, Springer, LNCS <b>8282<\/b> (2014), 355\u2013379.<\/p>","DOI":"10.1007\/978-3-662-43414-7_18"},{"key":"key-10.3934\/amc.2018017-36","doi-asserted-by":"crossref","unstructured":"<p>A. Joux and R. Lercier, <i>The function field sieve is quite special<\/i>, in: <i>Algorithmic Number Theory<\/i>, Springer, LNCS <b>2369<\/b> (2002), 431\u2013445.<\/p>","DOI":"10.1007\/3-540-45455-1_34"},{"key":"key-10.3934\/amc.2018017-37","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-02-01482-5"},{"key":"key-10.3934\/amc.2018017-38","doi-asserted-by":"crossref","unstructured":"<p>A. Joux and R. Lercier, The function field sieve in the medium prime case, in: <i>Advances in Cryptology\u2014EUROCRYPT 2006<\/i>, Springer, LNCS <b>4004<\/b> (2006), 254\u2013270.<\/p>","DOI":"10.1007\/11761679_16"},{"key":"key-10.3934\/amc.2018017-39","doi-asserted-by":"crossref","unstructured":"<p>A. Joux, R. Lercier, N. Smart and F. Vercauteren, The number field sieve in the medium prime case, in: <i>Advances in Cryptology\u2014CRYPTO 2006<\/i>, Springer, LNCS <b>4117<\/b> (2006), 326\u2013344.<\/p>","DOI":"10.1007\/11818175_19"},{"key":"key-10.3934\/amc.2018017-40","doi-asserted-by":"crossref","unstructured":"<p>A. Joux, A. M. Odlyzko and C. Pierrot, The past, evolving present and future of discrete logarithm, in: <i>Open Problems in Mathematical and Computational Science<\/i>, Springer (2014), 5\u201336.<\/p>","DOI":"10.1007\/978-3-319-10683-0_2"},{"key":"key-10.3934\/amc.2018017-41","doi-asserted-by":"crossref","unstructured":"<p>A. Joux and C. Pierrot, Improving the polynomial time precomputation of Frobenius representation discrete logarithm algorithms, in: <i>Advances in Cryptology\u2014ASIACRYPT 2014<\/i>, Springer, LNCS <b>8873<\/b> (2014), 378\u2013397.<\/p>","DOI":"10.1007\/978-3-662-45611-8_20"},{"key":"key-10.3934\/amc.2018017-42"},{"key":"key-10.3934\/amc.2018017-43","doi-asserted-by":"crossref","unstructured":"<p>T. Kim and J. Jeong, Extended tower number field sieve with application to finite fields of arbitrary composite extension degree, in: <i>Public-Key Cryptography-PKC 2017<\/i>, <b>10174<\/b> (2017), 388-408.<\/p>","DOI":"10.1007\/978-3-662-54365-8_16"},{"key":"key-10.3934\/amc.2018017-44","doi-asserted-by":"crossref","unstructured":"<p>B. A. LaMacchia and A. M. Odlyzko, Solving large sparse linear systems over finite fields, in: <i>Advances in Cryptology\u2014CRYPTO'90<\/i>, Springer, LNCS <b>537<\/b> (1991), 109\u2013133.<\/p>","DOI":"10.1007\/3-540-38424-3_8"},{"key":"key-10.3934\/amc.2018017-45","doi-asserted-by":"publisher","DOI":"10.6028\/jres.045.026"},{"key":"key-10.3934\/amc.2018017-46","doi-asserted-by":"crossref","unstructured":"<p>A. K. Lenstra and H. W. Lenstra, Jr, Algorithms in number theory, in: <i>Handbook of Theoretical Computer Science (A): Algorithms and Complexity<\/i>, Elsevier, (1990), 673\u2013715.<\/p>","DOI":"10.1016\/B978-0-444-88071-0.50017-5"},{"key":"key-10.3934\/amc.2018017-47","doi-asserted-by":"crossref","unstructured":"<p>A. K. Lenstra and H. W. Lenstra, Jr (eds), <i>The Development of the Number Field Sieve<\/i>, Springer, 1993.<\/p>","DOI":"10.1007\/BFb0091534"},{"key":"key-10.3934\/amc.2018017-48","doi-asserted-by":"publisher","DOI":"10.1007\/BF01457454"},{"key":"key-10.3934\/amc.2018017-49","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-1991-1052099-2"},{"key":"key-10.3934\/amc.2018017-50","unstructured":"<p>R. Lovorn, Rigorous Subexponential Algorithms for Discrete Logarithms over Finite Fields, <i>Ph. D. Thesis<\/i>, University of Georgia, 1992.<\/p>"},{"key":"key-10.3934\/amc.2018017-51","doi-asserted-by":"publisher","DOI":"10.1007\/BF02113297"},{"key":"key-10.3934\/amc.2018017-52","doi-asserted-by":"crossref","unstructured":"<p>J. Neukirch, <i>Algebraic Number Theory<\/i>, Translated from the 1992 German original, Springer, 1999.<\/p>","DOI":"10.1007\/978-3-662-03983-0"},{"key":"key-10.3934\/amc.2018017-53","doi-asserted-by":"crossref","unstructured":"<p>A. M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, in: <i>Advances in Cryptology\u2014CRYPTO'84<\/i>, Springer, LNCS <b>209<\/b> (1985), 224\u2013314.<\/p>","DOI":"10.1007\/3-540-39757-4_20"},{"key":"key-10.3934\/amc.2018017-54","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008350005447"},{"key":"key-10.3934\/amc.2018017-55","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1978.1055817"},{"key":"key-10.3934\/amc.2018017-56","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-1978-0491431-9"},{"key":"key-10.3934\/amc.2018017-57","unstructured":"<p>C. Pomerance, Analysis and comparison of some integer factoring algorithms, in: <i>Computational Methods in Number Theory, Math. Centre Tracts<\/i>, Math. Centrum, Amsterdam, <b>154<\/b> (1982), 89\u2013139.<\/p>"},{"key":"key-10.3934\/amc.2018017-58","doi-asserted-by":"crossref","unstructured":"<p>C. Pomerance, Fast, rigorous factorization and discrete logarithm algorithms, in: <i>Discrete Algorithms and Complexity, Perspect. Comput<\/i>., Academic Press, <b>15<\/b> (1987), 119\u2013143.<\/p>","DOI":"10.1016\/B978-0-12-386870-1.50014-9"},{"key":"key-10.3934\/amc.2018017-59","unstructured":"<p>R. Sakai, K. Ohgishi and M. Kasahara, Cryptosystems based on pairing, in: <i>Symposium on Cryptography and Information Security<\/i>, Okinawa, Japan, (2000), 26\u201328.<\/p>"},{"key":"key-10.3934\/amc.2018017-60","doi-asserted-by":"crossref","unstructured":"<p>P. Sarkar and S. Singh, A general polynomial selection method and new asymptotic complexities for the tower number field sieve algorithm, in: <i>Advances in Cryptology\u2014ASIACRYPT 2016<\/i>, Springer, LNCS <b>10031<\/b> (2016), 37\u201362.<\/p>","DOI":"10.1007\/978-3-662-53887-6_2"},{"key":"key-10.3934\/amc.2018017-61","doi-asserted-by":"publisher","DOI":"10.1098\/rsta.1993.0139"},{"key":"key-10.3934\/amc.2018017-62","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-99-01137-0"},{"key":"key-10.3934\/amc.2018017-63","doi-asserted-by":"publisher","DOI":"10.1016\/j.jalgor.2004.11.004"},{"key":"key-10.3934\/amc.2018017-64","doi-asserted-by":"publisher","DOI":"10.1007\/BF00196725"},{"key":"key-10.3934\/amc.2018017-65","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-00-01308-9"},{"key":"key-10.3934\/amc.2018017-66","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795293172"},{"key":"key-10.3934\/amc.2018017-67","doi-asserted-by":"crossref","unstructured":"<p>V. Shoup, Lower bounds for discrete logarithms and related problems, in: <i>Advances in Cryptology\u2014EUROCRYPT'97<\/i>, Springer, LNCS <b>1223<\/b> (1997), 256\u2013266.<\/p>","DOI":"10.1007\/3-540-69053-0_18"},{"key":"key-10.3934\/amc.2018017-68","doi-asserted-by":"publisher","DOI":"10.1090\/S0025-5718-97-00835-1"},{"key":"key-10.3934\/amc.2018017-69","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1986.1057137"}],"container-title":["Advances in Mathematics of Communications"],"original-title":[],"deposited":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T10:01:57Z","timestamp":1772791317000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.aimsciences.org\/\/article\/doi\/10.3934\/amc.2018017"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":69,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2018]]}},"URL":"https:\/\/doi.org\/10.3934\/amc.2018017","relation":{},"ISSN":["1930-5346","1930-5338"],"issn-type":[{"value":"1930-5346","type":"print"},{"value":"1930-5338","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}