Approximation of the Discrete Logarithm in Finite Fields of Even Characteristic by Real Polynomials

k = k1 + k2p+ . . .+ krp , 0 ≤ k1, k2, . . . , kr < p , for 0 ≤ k ≤ q − 1. Let γ be a primitive element of Fq. The discrete logarithm (or index) of a nonzero element ξ ∈ Fq to the base γ, denoted indγ(ξ), is the unique integer l with 0 ≤ l ≤ q − 2 such that ξ = γ. The discrete logarithm problem is to find a computationally feasible method for determining the discrete logarithm. The security of many public-key cryptosystems depends on the presumed intractability of the discrete logarithm problem (see e. g. [13]). This paper provides some theoretical support to this assumption of hardness of the discrete logarithm problem. In the monograph [22] (or its predecessor [21]) and the series of papers [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 25, 26] several results on the discrete logarithm problem supporting the assumption of its hardness were proven. In particular, in [22, Chapter 11] several results on the complexity of real polynomials approximating the discrete logarithm in the case r = 1 are given. In