Discrete Logarithms in Finite Fields and Their Cryptographic Significance

Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ∈ GF(q) is that integer k, 1 ≤ k ≤ q − 1, for which u = g k . The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF( 2 ). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF( 2 ) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF( 2 ) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF( 2 ) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security. Discrete logarithms in finite fields and their cryptographic significance A. M. Odlyzko AT&T Bell Laboratories Murray Hill, New Jersey 07974