Generic algorithms for the discrete logarithm problem
نویسنده
چکیده
This can be a significantly harder problem. For example, say we are using a randomized (Las Vegas) algorithm. If β lies in 〈α〉 then we are guaranteed to eventually find logα β, but if not, we will never find it and it may be impossible to tell whether we are just very unlucky or β 6∈ 〈α〉. On the other hand, with a deterministic algorithm such as the baby-steps giant-steps method, we can unequivocally determine whether β lies in 〈α〉 or not. There is also a generalization called the extended discrete logarithm:
منابع مشابه
Generic Hardness of the Multiple Discrete Logarithm Problem
We study generic hardness of the multiple discrete logarithm problem, where the solver has to solve n instances of the discrete logarithm problem simultaneously. There are known generic algorithms which perform O( √ np) group operations, where p is the group order, but no generic lower bound was known other than the trivial bound. In this paper we prove the tight generic lower bound, showing th...
متن کاملGeneralized Jacobian and Discrete Logarithm Problem on Elliptic Curves
Let E be an elliptic curve over the finite field F_{q}, P a point in E(F_{q}) of order n, and Q a point in the group generated by P. The discrete logarithm problem on E is to find the number k such that Q = kP. In this paper we reduce the discrete logarithm problem on E[n] to the discrete logarithm on the group F*_{q} , the multiplicative group of nonzero elements of Fq, in the case where n | q...
متن کاملLower Bounds on Generic Algorithms in Groups
In this paper we consider generic algorithms for computational problems in cyclic groups. The model of a generic algorithm was proposed by Shoup at Eurocrypt '97. A generic algorithm is a general-purpose algorithm that does not make use of any particular property of the representation of the group elements. Shoup proved the hardness of the discrete logarithm problem and the Diie-Hellman problem...
متن کاملA generic lower bound for the discrete logarithm problem
We now give a lower bound for solving the discrete logarithm problem with a generic group algorithm. We will show that if p is the largest prime divisor of N , then any generic group algorithm for the discrete logarithm problem must use Ω( √ p) group operations. In the case that the group order N = p is prime this bound is tight, since we have already seen that the problem can be solved with O(...
متن کاملA Note on Security Proofs in the Generic Model
A discrete-logarithm algorithm is called generic if it does not exploit the specific representation of the cyclic group for which it is supposed to compute discrete logarithms. Such algorithms include the well-known Baby-Step-Giant-Step procedure as well as the PohligHellman algorithm. In particular, these algorithms match a lower bound of Nachaev showing that generic discrete-log algorithms re...
متن کاملThe new protocol blind digital signature based on the discrete logarithm problem on elliptic curve
In recent years it has been trying that with regard to the question of computational complexity of discrete logarithm more strength and less in the elliptic curve than other hard issues, applications such as elliptic curve cryptography, a blind digital signature method, other methods such as encryption replacement DLP. In this paper, a new blind digital signature scheme based on elliptic curve...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013