Progress in Cryptology – INDOCRYPT 2007

Volume 4859 of the series Lecture Notes in Computer Science pp 224-237

Solving Discrete Logarithms from Partial Knowledge of the Key

  • K. GopalakrishnanAffiliated withDepartment of Computer Science, East Carolina University, Greenville, NC 27858
  • , Nicolas ThériaultAffiliated withInstituto de Matemática y Física, Universidad de Talca, Casilla 747, Talca
  • , Chui Zhi YaoAffiliated withDepartment of Mathematics, University of California - Riverside, CA 92521

* Final gross prices may vary according to local VAT.

Get Access


For elliptic curve based cryptosystems, the discrete logarithm problem must be hard to solve. But even when this is true from a mathematical point of view, side-channel attacks could be used to reveal information about the key if proper countermeasures are not used. In this paper, we study the difficulty of the discrete logarithm problem when partial information about the key is revealed by side channel attacks. We provide algorithms to solve the discrete logarithm problem for generic groups with partial knowledge of the key which are considerably better than using a square-root attack on the whole key or doing an exhaustive search using the extra information, under two different scenarios. In the first scenario, we assume that a sequence of contiguous bits of the key is revealed. In the second scenario, we assume that partial information on the “Square and Multiply Chain” is revealed.


Discrete Logarithm Problem Generic Groups Side Channel Attacks