Algorithmica

, Volume 1, Issue 1, pp 1–15

Discrete logarithms inGF(p)

Authors

  • Don Coppersmith
    • IBM Research
  • Andrew M. Odlzyko
    • AT & T Bell Laboratories
  • Richard Schroeppel
    • Inference Corporation
Article

DOI: 10.1007/BF01840433

Cite this article as:
Coppersmith, D., Odlzyko, A.M. & Schroeppel, R. Algorithmica (1986) 1: 1. doi:10.1007/BF01840433

Abstract

Several related algorithms are presented for computing logarithms in fieldsGF(p),p a prime. Heuristic arguments predict a running time of exp((1+o(1))\(\sqrt {\log p \log \log p} \)) for the initial precomputation phase that is needed for eachp, and much shorter running times for computing individual logarithms once the precomputation is done. The running time of the precomputation is roughly the same as that of the fastest known algorithms for factoring integers of size aboutp. The algorithms use the well known basic scheme of obtaining linear equations for logarithms of small primes and then solving them to obtain a database to be used for the computation of individual logarithms. The novel ingredients are new ways of obtaining linear equations and new methods of solving these linear equations by adaptations of sparse matrix methods from numerical analysis to the case of finite rings. While some of the new logarithm algorithms are adaptations of known integer factorization algorithms, others are new and can be adapted to yield integer factorization algorithms.

Key words

CryptographyNumber theoryDiscrete logarithms

Copyright information

© Springer-Verlag New York Inc. 1986