โกSufficiency of Sub 128-bit Security for Pairing-Friendly Curves on SolareumChain
Assurance of the discrete logarithm problem being hard relative to the prime group order r being at least 2*128 bits long as there are algorithms such as Pollardโs rho algorithm that have a runtime cost of O( โ 128) in big-Oh notation. Furthermore, the number field sieve method must not introduce vulnerabilities by ensuring that the extended field Fq k is sufficiently large. Due to finite field extensions of size 3072, there exist actualized security levels of maximum 117-120 bits, which is deemed to be a perfectly adequate security level as per the NCC Group. That is, there exist within the prime group of order r faster than Pollardโs rho algorithm for which there is a security threshold window of
wherein there are equivalent Big-oh notation runtime results at the bit security boundary.
Last updated