Lower Bounds for Discrete Logarithms and Related Problems
نویسنده
چکیده
This paper considers the computational complexity of the discrete logarithm and related problems in the context of \generic algorithms"|that is, algorithms which do not exploit any special properties of the encodings of group elements, other than the property that each group element is encoded as a unique binary string. Lower bounds on the complexity of these problems are proved that match the known upper bounds: any generic algorithm must perform (p 1=2) group operations , where p is the largest prime dividing the order of the group. Also, a new method for correcting a faulty Diie-Hellman oracle is presented.
منابع مشابه
The Discrete-Logarithm Problem with Preprocessing
This paper studies discrete-log algorithms that use preprocessing. In our model, an adversary may use a very large amount of precomputation to produce an “advice” string about a specific group (e.g., NIST P-256). In a subsequent online phase, the adversary’s task is to use the preprocessed advice to quickly compute discrete logarithms in the group. Motivated by surprising recent preprocessing a...
متن کامل2 Ingrid Biehl and Johannes
We describe deterministic algorithms for solving the following algorithmic problems in quadratic orders: Computing fundamental unit and regulator, principal ideal testing, solving prime norm equations, computing the structure of the class group, computing the order of an ideal class and determining discrete logarithms in the class group. We also prove upper bounds for the time and space complex...
متن کاملExact maximum coverage probabilities of confidence intervals with increasing bounds for Poisson distribution mean
A Poisson distribution is well used as a standard model for analyzing count data. So the Poisson distribution parameter estimation is widely applied in practice. Providing accurate confidence intervals for the discrete distribution parameters is very difficult. So far, many asymptotic confidence intervals for the mean of Poisson distribution is provided. It is known that the coverag...
متن کاملCollision bounds for the additive Pollard rho algorithm for solving discrete logarithms
We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. Unlike the setting studied by Kim et al., we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound O. p jGj/ by a factor of p log jGj and are based on mixing time estimates f...
متن کاملA Note on Security Proofs in the Generic Model
A discrete-logarithm algorithm is called generic if it does not exploit the specific representation of the cyclic group for which it is supposed to compute discrete logarithms. Such algorithms include the well-known Baby-Step-Giant-Step procedure as well as the PohligHellman algorithm. In particular, these algorithms match a lower bound of Nachaev showing that generic discrete-log algorithms re...
متن کامل