An Implementation of the Extended Tower Number Field Sieve using 4d Sieving in a Box and a Record Computation in Fp4
Oisin Robinson
TL;DR
The paper demonstrates a practical implementation of the Extended Tower NFS for a medium-characteristic, 512-bit finite field $\mathbb{F}_{p^4}$, highlighting a 4d sieving-in-a-box approach that outperforms 4d sieving in a hypersphere in key metrics. It introduces a novel Descent with intermediate random vectors to stabilize the initial split, analyzes its complexity and smoothness probabilities, and applies these methods to a full record computation including polynomial selection, sieving, duplication removal, linear algebra, descent, and log reconstruction. The work provides empirical evidence that a box geometry can be more efficient than a sphere in certain low dimensions, while still achieving competitive relation yields, and it reports a complete end-to-end record for discrete log in a 512-bit extension field. These findings contribute to understanding practical security implications for discrete log problems in extension fields and inform parameter choices and implementations for ExTNFS-based attacks.
Abstract
We report on an implementation of the Extended Tower Number Field Sieve (ExTNFS) and record computation in a medium characteristic finite field $\mathbb{F}_{p^4}$ of 512 bits size. Empirically, we show that sieving in a 4-dimensional box (orthotope) for collecting relations for ExTNFS in $\mathbb{F}_{p^4}$ is faster than sieving in a 4-dimensional hypersphere. We also give a new intermediate descent method, `descent using random vectors', without which the descent stage in our ExTNFS computation would have been difficult/impossible, and analyze its complexity.