⚡Sufficiency of Sub 128-bit Security for Pairing-Friendly Curves on SolareumChain

Assurance of the discrete logarithm problem being hard relative to the prime group order r being at least 2*128 bits long as there are algorithms such as Pollard’s rho algorithm that have a runtime cost of O( √ 128) in big-Oh notation. Furthermore, the number field sieve method must not introduce vulnerabilities by ensuring that the extended field Fq k is sufficiently large. Due to finite field extensions of size 3072, there exist actualized security levels of maximum 117-120 bits, which is deemed to be a perfectly adequate security level as per the NCC Group. That is, there exist within the prime group of order r faster than Pollard’s rho algorithm for which there is a security threshold window of

∣∣O(√120)−O(√117)∣∣=0||O( √ 120) − O( √ 117)|| = 0

wherein there are equivalent Big-oh notation runtime results at the bit security boundary.

Last updated