Discrete logarithms in finite fields and their cryptographic significance

  • A. M. Odlyzko
Conference paper

DOI: 10.1007/3-540-39757-4_20

Volume 209 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Odlyzko A.M. (1985) Discrete logarithms in finite fields and their cryptographic significance. In: Beth T., Cot N., Ingemarsson I. (eds) Advances in Cryptology. EUROCRYPT 1984. Lecture Notes in Computer Science, vol 209. Springer, Berlin, Heidelberg


Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element uGF(q) is that integer k, 1 ≤ kq−1, for which u = gk. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1985

Authors and Affiliations

  • A. M. Odlyzko
    • 1
  1. 1.AT&T Bell LaboratoriesMurray Hill