On the complexity of two-dimensional discrete logarithm problem in a finite cyclic group with effective automorphism of order

2013 ◽  
Vol 23 (3-4) ◽  
Author(s):  
M. V. Nikolaev ◽  
D. V. Matyukhin
Keyword(s):  
Cyclic Group ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Two Dimensional ◽  
Finite Cyclic Group

Computing Interval Discrete Logarithm Problem with Restricted Jump Method

2020 ◽  
Vol 177 (2) ◽  
pp. 189-201
Author(s):  
Bin Qi ◽  
Jie Ma ◽  
Kewei Lv
Keyword(s):  
Cyclic Group ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Large Integer ◽  
Finite Cyclic Group ◽  
Speed Up ◽  
Integer Multiplication ◽  
Intermediate Value ◽  
Improved Algorithm

The interval discrete logarithm problem(IDLP) is to find a solution n such that gn = h in a finite cyclic group G = 〈g〉, where h ∈ G and n belongs to a given interval. To accelerate solving IDLP, a restricted jump method is given to speed up Pollard’s kangaroo algorithm in this paper. Since the Pollard’ kangaroo-like method need to compute the intermediate value during every iteration, the restricted jump method gives another way to reuse the intermediate value so that each iteration is speeded up at least 10 times. Actually, there are some variants of kangaroo method pre-compute the intermediate value and reuse the pre-computed value in each iteration. Different from the pre-compute method that reuse the pre-computed value, the restricted jump method reuse the value naturally arised in pervious iteration, so that the improved algorithm not only avoids precomputation, but also speeds up the efficiency of each iteration. So only two or three large integer multiplications are needed in each iteration of the restricted jump method. And the average large integer multiplication times is (1:633 + o(1)) N in restricted jump method, which is verified in the experiment.

scholarly journals Modified Gaudry-Schost algorithm for the two-dimensional discrete logarithm problem

2020 ◽  
Vol 11 (2) ◽  
pp. 125-135
Author(s):  
Maxim Vladimirovich Nikolaev
Keyword(s):  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Two Dimensional

Рассматривается двумерная задача дискретного логарифмирования для подгруппы $G$ группы точек эллиптической кривой над конечным простым полем, обладающей эффективным автоморфизмом порядка 6 (для заданных $P_1,P_2,Q \in G$, ${0<N_1,N_2<\sqrt{|G|}}$ требуется найти такие $n_1,n_2$, что $Q=n_1P_1+n_2P_2, {-N_1\leq n_1 \leq N_1}, {-N_2\leq n_2 \leq N_2}$). Для этой задачи конструктивно доказывается, что для любого ${\varepsilon>0}$ существует модификация алгоритма Годри-Шоста, средняя трудоемкость которой не превосходит ${(1+\varepsilon)0.847\sqrt{N} + O _{\varepsilon} (N ^ {1/4})}$ групповых операций при $N=4N_1N_2, N\to \infty$.

scholarly journals A new approach to the discrete logarithm problem with auxiliary inputs

2016 ◽  
Vol 19 (1) ◽  
pp. 1-15 ◽  
Author(s):  
Jung Hee Cheon ◽  
Taechan Kim
Keyword(s):  
Cyclic Group ◽  
Prime Order ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Square Root ◽  
New Approach ◽  
Running Time ◽  
Birthday Problem ◽  
Auxiliary Inputs ◽  
Formula Group

The aim of the discrete logarithm problem with auxiliary inputs is to solve for ${\it\alpha}$, given the elements $g,g^{{\it\alpha}},\ldots ,g^{{\it\alpha}^{d}}$ of a cyclic group $G=\langle g\rangle$, of prime order $p$. The best-known algorithm, proposed by Cheon in 2006, solves for ${\it\alpha}$ in the case where $d\mid (p\pm 1)$, with a running time of $O(\sqrt{p/d}+d^{i})$ group exponentiations ($i=1$ or $1/2$ depending on the sign). There have been several attempts to generalize this algorithm to the case of ${\rm\Phi}_{k}(p)$ where $k\geqslant 3$. However, it has been shown by Kim, Cheon and Lee that a better complexity cannot be achieved than that of the usual square root algorithms.We propose a new algorithm for solving the DLPwAI. We show that this algorithm has a running time of $\widetilde{O}(\sqrt{p/{\it\tau}_{f}}+d)$ group exponentiations, where ${\it\tau}_{f}$ is the number of absolutely irreducible factors of $f(x)-f(y)$. We note that this number is always smaller than $\widetilde{O}(p^{1/2})$.In addition, we present an analysis of a non-uniform birthday problem.

scholarly journals Research on Attacking a Special Elliptic Curve Discrete Logarithm Problem

2016 ◽  
Vol 2016 ◽  
pp. 1-8
Author(s):  
Jiang Weng ◽  
Yunqi Dou ◽  
Chuangui Ma
Keyword(s):  
Elliptic Curve ◽  
Cyclic Group ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Secret Key ◽  
Auxiliary Inputs ◽  
Novel Algorithm

Cheon first proposed a novel algorithm for solving discrete logarithm problem with auxiliary inputs. Given some pointsP,αP,α2P,…,αdP∈G, an attacker can solve the secret key efficiently. In this paper, we propose a new algorithm to solve another form of elliptic curve discrete logarithm problem with auxiliary inputs. We show that if some pointsP,αP,αkP,αk2P,αk3P,…,αkφ(d)-1P∈Gand a multiplicative cyclic groupK=〈k〉are given, wheredis a prime,φ(d)is the order ofK. The secret keyα∈Fp⁎can be solved inO((p-1)/d+d)group operations by usingO((p-1)/d)storage.

scholarly journals The discrete logarithm problem for exponents of bounded height

2014 ◽  
Vol 17 (A) ◽  
pp. 148-156 ◽  
Author(s):  
Simon R. Blackburn ◽  
Sam Scott
Keyword(s):  
Heuristic Algorithm ◽  
Elliptic Curve Cryptography ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Two Dimensional ◽  
Key Establishment ◽  
Payment Card ◽  
Final Version ◽  
Formula Group ◽  
Positive Integers

AbstractLet $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}G$ be a cyclic group written multiplicatively (and represented in some concrete way). Let $n$ be a positive integer (much smaller than the order of $G$). Let $g,h\in G$. The bounded height discrete logarithm problem is the task of finding positive integers $a$ and $b$ (if they exist) such that $a\leq n$, $b\leq n$ and $g^a=h^b$. (Provided that $b$ is coprime to the order of $g$, we have $h=g^{a/b}$ where $a/b$ is a rational number of height at most $n$. This motivates the terminology.)The paper provides a reduction to the two-dimensional discrete logarithm problem, so the bounded height discrete logarithm problem can be solved using a low-memory heuristic algorithm for the two-dimensional discrete logarithm problem due to Gaudry and Schost. The paper also provides a low-memory heuristic algorithm to solve the bounded height discrete logarithm problem in a generic group directly, without using a reduction to the two-dimensional discrete logarithm problem. This new algorithm is inspired by (but differs from) the Gaudry–Schost algorithm. Both algorithms use $O(n)$ group operations, but the new algorithm is faster and simpler than the Gaudry–Schost algorithm when used to solve the bounded height discrete logarithm problem. Like the Gaudry–Schost algorithm, the new algorithm can easily be carried out in a distributed fashion.The bounded height discrete logarithm problem is relevant to a class of attacks on the privacy of a key establishment protocol recently published by EMVCo for comment. This protocol is intended to protect the communications between a chip-based payment card and a terminal using elliptic curve cryptography. The paper comments on the implications of these attacks for the design of any final version of the EMV protocol.

scholarly journals On the first fall degree of summation polynomials

2019 ◽  
Vol 13 (3-4) ◽  
pp. 229-237
Author(s):  
Stavros Kousidis ◽  
Andreas Wiemers
Keyword(s):  
Elliptic Curve ◽  
Gröbner Basis ◽  
Discrete Logarithm ◽  
Polynomial Systems ◽  
Discrete Logarithm Problem ◽  
Grobner Basis ◽  
Weil Descent ◽  
Degree Bound

Abstract We improve on the first fall degree bound of polynomial systems that arise from a Weil descent along Semaev’s summation polynomials relevant to the solution of the Elliptic Curve Discrete Logarithm Problem via Gröbner basis algorithms.

Sign in / Sign up

Export Citation Format

Share Document