Solving the discrete logarithms in quasi-polynomial time
نویسنده
چکیده
The discrete logarithm has similar algebraic properties as for logarithm in reals. Namely, logg(hh ′) = logg(h) + logg(h ′). The discrete logarithm problem is also randomly self-reducible. This means that there are no “difficult” problems. If there would be an element h in the group for which the logarithm is hard to solve, then it is possible to take 1 ≤ x ≤ q, where q is the order of the group. Now, instead of finding the logarithm of h, we find the logarithm of hg ? and subtract x from the result. We know that if x is chosen uniformly, then also g ? is uniformly distributed in the group and hg ? is uniformly distributed. Thus the difficult problem is reduced to solving the discrete logarithm for an average element in the group. Random self-reducibility allows for “easy” problems in the same group.
منابع مشابه
On the relation generation method of Joux for computing discrete logarithms
In [Jou], Joux devised an algorithm to compute discrete logarithms between elements in a certain subset of the multiplicative group of an extension of the finite field Fpn in time polynomial in p and n. Shortly after, Barbulescu, Gaudry, Joux and Thome [BGJT] proposed a descent algorithm that in (pn)O(log n) time projects an arbitrary element in F pn as a product of powers of elements in the af...
متن کاملSome experiments investigating a possible L(1/4) algorithm for the discrete logarithm problem in algebraic curves
The function field sieve, a subexponential algorithm of complexity L(1/3) that computes discrete logarithms in finite fields, has recently been improved to an algorithm of complexity L(1/4) and subsequently to a quasi-polynomial time algorithm. We investigate whether the new ideas also apply to index calculus algorithms for computing discrete logarithms in Jacobians of algebraic curves. While w...
متن کاملComputing discrete logarithms in subfields of residue class rings
Recent breakthrough methods [GGMZ, Jou, BGJT] on computing discrete logarithms in small characteristic finite fields share an interesting feature in common with the earlier medium prime function field sieve method [JL]. To solve discrete logarithms in a finite extension of a finite field F, a polynomial h(x) ∈ F[x] of a special form is constructed with an irreducible factor g(x) ∈ F[x] of the d...
متن کاملOn the discrete logarithm problem in finite fields of fixed characteristic
For q a prime power, the discrete logarithm problem (DLP) in Fq consists in finding, for any g ∈ Fq and h ∈ 〈g〉, an integer x such that gx = h. We present an algorithm for computing discrete logarithms with which we prove that for each prime p there exist infinitely many explicit extension fields Fpn in which the DLP can be solved in expected quasi-polynomial time. Furthermore, subject to a con...
متن کاملTraps to the BGJT-Algorithm for Discrete Logarithms
In the recent breakthrough paper by Barbulescu, Gaudry, Joux and Thomé, a quasi-polynomial time algorithm (QPA) is proposed for the discrete logarithm problem over finite fields of small characteristic. The time complexity analysis of the algorithm is based on several heuristics presented in their paper. We show that some of the heuristics are problematic in their original forms, in particular,...
متن کامل