Abstract
The discrete logarithm problem(DLP) is a hard mathematical problem and a useful primitive in cryptography. Many DLP computation in prime fields are employed to test the safety of current used primes of 1024 or 2048 bits length. However, such computations are always carried out to a safe prime, which brings people the notion that the safe prime with long bit-length is always “safe”. In this paper, we fully analyze the variants of the number field sieve algorithm and employ a special number field sieve attack to a DLP computation in a 653-bit safe prime field. We propose a new method to find the special number field sieve(SNFS) polynomial pair of a given prime, and recommend a simple ad-hoc detection of the trapdoor before doing the general number field sieve(GNFS) to a prime p. We also give an experiment to show the huge difference between the cost of SNFS and GNFS. We think this work could justify some wrong thoughts about the security of cryptographic protocols based on prime field DLP and inspire more advanced methods for larger-scale computation.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
