A unified polynomial selection method for the (tower) number field sieve algorithm.

At Eurocrypt 2015, Barbulescu et al. introduced two new methods of polynomial selection, namely the Conjugation and the Generalised JouxLercier methods, for the number field sieve (NFS) algorithm as applied to the discrete logarithm problem over finite fields. A sequence of subsequent works have developed and applied these methods to the multiple and the (extended) tower number field sieve algorithms. This line of work has led to new asymptotic complexities for various cases of the discrete logarithm problem over finite fields. The current work presents a unified polynomial selection method which we call Algorithm D. Starting from the Barbulescu et al. paper, all the subsequent polynomial selection methods can be seen as special cases of Algorithm D. Moreover, for the extended tower number field sieve (exTNFS) and the multiple extended TNFS (MexTNFS), there are finite fields for which using the polynomials selected by Algorithm D provides the best asymptotic complexity. Suppose Q = p(n) for a prime p and further suppose that n = 7/K such that there is a c(theta) > 0 for which p(n) = L-Q(2/3, co). For c(theta) > 3.39, the complexity of exTNFS-D is lower than the complexities of all previous algorithms; for c(0) is not an element of (0,1.12) U [1.45, 3.15], the complexity of MexTNFS-D is lower than that of all previous methods.