Though integer factorization and discrete logarithm problem are both practically and theoretically important, the computational complexity of these problems remained unknown. By comparing integer factorization problem with a problem in P and NP-complete problems, I show that the decision problem version of integer factorization problem is neither in P nor NP-complete. In addition, integer facto...

We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. Unlike the setting studied by Kim et al., we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound O. p jGj/ by a factor of p log jGj and are based on mixing time estimates f...

We suggest to use short secret keys in the anonymous group identification scheme proposed by Lee, Deng, and Zhu [7] and prove that this scheme is secure under the discrete logarithm with short exponents assumption that solving the discrete logarithm problem modulo an n-bit prime p is hard even when the exponent is a small c-bit number. We show that the communication and the computation costs ar...

The ElGamal cryptosystem is the most widely used public key cryptosystem. It uses the discrete logarithm problem as the cryptographic primitive. The MOR cryptosystem is a similar cryptosystem. It uses the discrete logarithm problem in the automorphism group as the cryptographic primitive. In this paper, we study the MOR cryptosystem for finite p-groups. The study is complete for p-automorphisms...

For public key cryptosystems multiplication on elliptic curves can be used instead of exponentiation in finite fields. One attack to such a system is: embedding the elliptic curve group into the multiplicative group of a finite field via weilpairing; calculating the discrete logarithm on the curve by solving the discrete logarithm in the finite field. This attack can be avoided by constructing ...

In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of nite elds, and in particular, recent modiications of the index calculus method, including the number eld sieve and the function eld sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends o...

Brizolis asked the question: does every prime p have a pair (g, h) such that h is a fixed point for the discrete logarithm with base g? The first author previously extended this question to ask about not only fixed points but also two-cycles, and gave heuristics (building on work of Zhang, Cobeli, Zaharescu, Campbell, and Pomerance) for estimating the number of such pairs given certain conditio...

Improving on a result of J.E. Littlewood, N. Levinson [3] showed that there are arbitrarily large t for which |ζ(1 + it)| ≥ e log2 t + O(1). (Throughout ζ(s) is the Riemann-zeta function, and logj denotes the j-th iterated logarithm, so that log1 n = logn and logj n = log(logj−1 n) for each j ≥ 2.) The best upper bound known is Vinogradov’s |ζ(1 + it)| ≪ (log t). Littlewood had shown that |ζ(1 ...

We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem.

A complete description of W and Z boson production at highenergy colliders requires the resummation of large Sudakov logarithms which dominate the production at small transverse momentum. Currently there are two techniques for performing this resummation: impact parameter space and transverse momentum space. We argue that the latter can be formulated in a way which retains the advantages of the...