A Generic Algorithm for Small Weight Discrete Logarithms in Composite Groups
نویسندگان
چکیده
Let (G, ·) be an arbitrary cyclic group of composite order N with G ' G1×G2. We present a generic algorithm for solving the discrete logarithm problem in G with Hamming weight δ logN , δ ∈ (0, 1), in time Õ( √ p+ √ |G2| H(δ) ), where p is the largest prime divisor in G1 and H(·) is the binary entropy function. Our algorithm improves on the running time of Silver-Pohlig-Hellman’s algorithm whenever δ 6= 1 2 . Moreover, it improves on the Meet-in-theMiddle type algorithms of Heiman, Odlyzko and Coppersmith with running time Õ( √ |G|) whenever p < |G|.
منابع مشابه
Structure computation and discrete logarithms in finite abelian p-groups
We present a generic algorithm for computing discrete logarithms in a finite abelian p-group H, improving the Pohlig–Hellman algorithm and its generalization to noncyclic groups by Teske. We then give a direct method to compute a basis for H without using a relation matrix. The problem of computing a basis for some or all of the Sylow p-subgroups of an arbitrary finite abelian group G is addres...
متن کاملA General Framework for Subexponential Discrete Logarithm Algorithms
We describe a generic algorithm for computing discrete logarithms in groups of known order in which a smoothness concept is available. The running time of the algorithm can be proved without using any heuristics and leads to a subexponential complexity in particular for nite elds and class groups of number and function elds which were proposed for use in cryptography. In class groups, our algor...
متن کاملFaster Individual Discrete Logarithms with the Qpa and Nfs Variants
Computing discrete logarithms in finite fields is a main concern in cryptography. The best algorithms known are the Number Field Sieve and its variants (special, high-degree, tower) in large and medium characteristic fields (e.g. GF(p2), GF(p12)); the Function Field Sieve and the Quasi Polynomialtime Algorithm in small characteristic finite fields (e.g. GF(36·509)). The last step of this family...
متن کاملAn Efficient Collision Detection Method for Computing Discrete Logarithms with Pollard's Rho
Pollard’s rho method and its parallelized variant are at present known as the best generic algorithms for computing discrete logarithms. However, when we compute discrete logarithms in cyclic groups of large orders using Pollard’s rho method, collision detection is always a high time and space consumer. In this paper, we present a new efficient collision detection algorithm for Pollard’s rho me...
متن کاملA New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis
We describe a new variant of the well known Baby-Step Giant-Step algorithm in the case of some discrete logarithms with a special structure. More precisely, we focus on discrete logarithms equal to products in groups of unknown order. As an example of application, we show that this new algorithm enables to cryptanalyse a variant of the GPS scheme proposed by Girault and Lefranc at CHES 2004 con...
متن کامل