
Fujitsu Cracks 300,000 Year Crypto Problem in Days - cdvonstinkpot
https://www.technologyreview.com/view/428274/fujitsu-cracks-300000-year-crypto-problem-in-days/?ref=rss
======
pbsd
Impressive computation, but not much new here. The problem solved was a
discrete logarithm over the finite field GF(3^(97*6)), which is known to be
"easy" due to the low complexity of the function field sieve, asymptotically
similar to the special number field sieve used to break 1039-bit integers a
few years back (eprint.iacr.org/2007/205).

This is relevant because pairing-based cryptosystems require that logarithms
be difficult to solve both in the elliptic curve groups (in this case
E(GF(3^97))), and in the finite field groups that result from pairing
evaluations. What failed here was the latter, due to the function field sieve.

There aren't many details on this computation, but you can get a good hint of
how this was done by the previous paper of the same group (676 bits last
time): <http://eprint.iacr.org/2010/090>

TL;DR Don't use low embedding degrees for pairing-based crypto, and you'll be
fine.

