Comments (8)
UlrichHaboeck75
commented on August 16, 2024
1
I cannot find explicit security estimates on BLS12 and BN curves with given field size in published paper either, but expect such to be significantly below 128 bits, as the proposed field size of 446 bits (for 128 bit security). I suppose that their explicit estimates can be produced by the scripts on https://gitlab.inria.fr/tnfs-alpha/alpha/tree/master/sage.
These field size recommendations are not new, they are similar to https://eprint.iacr.org/2019/485.pdf, which even propose 460 bit field size for BN curves at 128 bits security (but do not investigate BLS). Both papers do not treat low embedding degrees, Guillevic's above mentioned note on MNT4/6 curves complements that.
from algebra.
burdges
commented on August 16, 2024
Are there any new claims about the current security level for BL12-377/381 there? I missed them. Also anything about BN128?
from algebra.
Pratyush
commented on August 16, 2024
Do you have an idea to what extent the security is reduced? The discussion here indicates that the attacks reduce security of BLS12 curves to ~120 bits.
As an aside, using these curves inside SNARKs already reduces their security to <118 bits following Cheon's attack, as described here
from algebra.
UlrichHaboeck75
commented on August 16, 2024
Thank you for pointing out the discussion on z-Cash and Cheon's attack. As I do not have concrete numbers, I will have a look at the above mentioned sage scripts (somewhen in near future). I will keep you posted on this.
from algebra.
yelhousni
commented on August 16, 2024
The security of BLS12-377 wrt STNFS and Cheon's attack is discussed in section 4 here.
from algebra.
UlrichHaboeck75
commented on August 16, 2024
@yelhousni: Wow, thank you very much! I did not expect the security loss compared to the recommendation from Guillevic 2019 (base field size 446 for 132 bit DL cost) that low. Is there a short explanation for that?
from algebra.
yelhousni
commented on August 16, 2024
Yes because the analysis takes Cheon's attack into consideration as opposed to [Guillevic19].
from algebra.
UlrichHaboeck75
commented on August 16, 2024
Cheon's attack aside, I expected the STNFS cost of the BLS12-377 far below 125 Bit (as the Guillevic 2019 paper recommends 446 bit base field for a comparable security level). But that is maybe due to my lack of understanding how the security estimates are done.
from algebra.
Related Issues (20)
- Add normalization to `FpConfig` for `PartialEq` and `Eq` HOT 3
- The current GLV implementation may not be correct HOT 3
- Can arm64 also be optimized for field arithmetic operation? HOT 1
- Ark-ec pulls in full hashbrown without feature gate HOT 6
- New release? HOT 4
- Final exponentiation in BLS12-381not producing `(p ^ k - 1) / r` HOT 1
- Support mapping to all Weierstrass curves (Shallue-van de Woestijne method) HOT 1
- why is `Validate::No` hardcoded in some `impl`s? HOT 3
- know if a serialized piece of Arkworks structure has been compressed HOT 3
- Support for ristretto255 / sr25519 curve HOT 3
- `Affine - Projective` produces incorrect results
- `SparseMultillinearExtension::evaluate` is slow HOT 1
- Constant time curve arithmetic HOT 1
- Release with #794 HOT 1
- Necessity to retire "derivative" crate HOT 1
- Deserialization of array can panic HOT 3
- Decoding `BigUInt` causes unbound allocation HOT 3
- Easily set the size of a polynomial coefficient
- Add Mul for DenseMultilinearExtension * Scalar
- GF(2^128) operations HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from algebra.