Univariate polynomial factorization over finite fields with large extension degree

AbstractIn this paper, the authors analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP) for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, where N is in [100,600], elliptic curve parameters are identified such that: (i) there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii) the GHS attack is more efficient for solving the ECDLP in E(F2N) than for solving the ECDLP on any other cryptographically interesting elliptic curve over F2N. The feasibility of the GHS attack on the specific elliptic curves is examined over F2176, F2208, F2272, F2304 and F2368, which are provided as examples in the ANSI X9.62 standard for the elliptic curve signature scheme ECDSA. Finally, several concrete instances are provided of the ECDLP over F2N, N composite, of increasing difficulty; these resist all previously known attacks, but are within reach of the GHS attack.

Download Full-text

Cyclotomic Polynomial Factorization In Finite Fields

Digital Signal Processing Algorithms ◽

10.1201/9781315141312-7 ◽

2017 ◽

pp. 125-150

Keyword(s):

Finite Fields ◽

Cyclotomic Polynomial ◽

Polynomial Factorization

Download Full-text

Computing one billion roots using the tangent Graeffe method

ACM Communications in Computer Algebra ◽

10.1145/3457341.3457342 ◽

2020 ◽

Vol 54 (3) ◽

pp. 65-85

Author(s):

Joris van der Hoeven ◽

Michael Monagan

Keyword(s):

Finite Field ◽

Finite Fields ◽

Polynomial Interpolation ◽

Polynomial Algorithms ◽

Polynomial Factorization ◽

Root Finding ◽

Multiplication Algorithm ◽

Sparse Polynomial ◽

Polynomial Root Finding ◽

Intel Xeon

Let p be a prime of the form p = σ2 k + 1 with σ small and let F p denote the finite field with p elements. Let P ( z ) be a polynomial of degree d in F p [ z ] with d distinct roots in F p . For p =5 · 2 55 + 1 we can compute the roots of such polynomials of degree 10 9 . We believe we are the first to factor such polynomials of size one billion. We used a multi-core computer with two 10 core Intel Xeon E5 2680 v2 CPUs and 128 gigabytes of RAM. The factorization takes just under 4,000 seconds on 10 cores and uses 121 gigabytes of RAM. We used the tangent Graeffe root finding algorithm from [27, 19] which is a factor of O (log d ) faster than the Cantor-Zassenhaus algorithm. We implemented the tangent Graeffe algorithm in C using our own library of 64 bit integer FFT based in-place polynomial algorithms then parallelized the FFT and main steps using Cilk C. In this article we discuss the steps of the tangent Graeffe algorithm, the sub-algorithms that we used, how we parallelized them, and how we organized the memory so we could factor a polynomial of degree 10 9 . We give both a theoretical and practical comparison of the tangent Graeffe algorithm with the Cantor-Zassenhaus algorithm for root finding. We improve the complexity of the tangent Graeffe algorithm by a factor of 2. We present a new in-place product tree multiplication algorithm that is fully parallelizable. We present some timings comparing our software with Magma's polynomial factorization command. Polynomial root finding over smooth finite fields is a key ingredient for algorithms for sparse polynomial interpolation that are based on geometric sequences. This application was also one of our main motivations for the present work.

Download Full-text

Polynomial factorization over finite fields by computing Euler–Poincaré characteristics of Drinfeld modules

Finite Fields and Their Applications ◽

10.1016/j.ffa.2018.08.003 ◽

2018 ◽

Vol 54 ◽

pp. 335-365 ◽

Cited By ~ 2

Author(s):

Anand Kumar Narayanan

Keyword(s):

Finite Fields ◽

Polynomial Factorization ◽

Drinfeld Modules

Download Full-text