Computing Low-Weight Discrete Logarithms
نویسندگان
چکیده
We propose some new baby-step giant-step algorithms for computing “low-weight” discrete logarithms; that is, for computing discrete logarithms in which the radix-b representation of the exponent is known to have only a small number of nonzero digits. Prior to this work, such algorithms had been proposed for the case where the exponent is known to have low Hamming weight (i.e., the radix-2 case). Our new algorithms (i) improve the best-known deterministic complexity for the radix-2 case, and then (ii) generalize from radix-2 to arbitrary radixes b > 1. We also discuss how our new algorithms can be used to attack several recent Verifier-based Password Authenticated Key Exchange (VPAKE) protocols from the cryptographic literature with the conclusion that the new algorithms render those constructions completely insecure in practice.
منابع مشابه
A New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis
We describe a new variant of the well known Baby-Step Giant-Step algorithm in the case of some discrete logarithms with a special structure. More precisely, we focus on discrete logarithms equal to products in groups of unknown order. As an example of application, we show that this new algorithm enables to cryptanalyse a variant of the GPS scheme proposed by Girault and Lefranc at CHES 2004 con...
متن کاملOn the Function Field Sieve and the Impact of Higher Splitting Probabilities - Application to Discrete Logarithms in and
In this paper we propose a binary field variant of the Joux-Lercier medium-sized Function Field Sieve, which results not only in complexities as low as Lqn(1/3, 2/3) for computing arbitrary logarithms, but also in an heuristic polynomial time algorithm for finding the discrete logarithms of degree one elements. To illustrate the efficiency of the method, we have successfully solved the DLP in t...
متن کاملA Subexponential Algorithm for Discrete Logarithms over All Finite Fields
There are numerous subexponential algorithms for computing discrete logarithms over certain classes of finite fields. However, there appears to be no published subexponential algorithm for computing discrete logarithms over all finite fields. We present such an algorithm and a heuristic argument that there exists a c e M>o such that for all sufficiently large prime powers p" , the algorithm com...
متن کاملOn the Function Field Sieve and the Impact of Higher Splitting Probabilities Application to Discrete Logarithms in F21971 and F23164
In this paper we propose a binary field variant of the JouxLercier medium-sized Function Field Sieve, which results not only in complexities as low as Lqn(1/3, (4/9) ) for computing arbitrary logarithms, but also in an heuristic polynomial time algorithm for finding the discrete logarithms of degree one and two elements when the field has a subfield of an appropriate size. To illustrate the eff...
متن کامل- 1 - Computation of Discrete Logarithms in PrimeFieldsB
The presumed diiculty of computing discrete logarithms in nite elds is the basis of several popular public key cryptosystems. The secure identiication option of the Sun Network File System, for example, uses discrete logarithms in a eld GF(p) with p a prime of 192 bits. This paper describes an implementation of a discrete logarithm algorithm which shows that primes of under 200 bits, such as th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017