|Abstract: The security of the digital signature algorithm (DSA) and
Diffie-Hellman key exchange is based on the difficulty of the
discrete logarithm problems (DLP) over prime field GF(p),
and thus it is important to evaluate the difficulty of the DLP over GF(p) for discussing the security of these protocols. The number field sieve (NFS) is asymptotically the fastest algorithm to solve the DLP over GF(p). NFS was first proposed by Gordon and then it was improved by Schirokauer and Joux-Lercier.
On the other hand, Schirokauer presented a new variant of NFS,
which is particularly efficient for the characteristic p with low
weight (p has a signed binary representation of low Hamming
weight). In this paper, we implement the NFS proposed by
Joux-Lercier and Schirokauer, and then we compare the running
time of the NFS using the polynomials by Joux-Lercier and
Schirokauer with respect to low weight primes of 100 bits
or 110 bits.