Skip to main content
SpringerLink
Log in

Computing Small Discrete Logarithms Faster

  • Conference paper
Progress in Cryptology - INDOCRYPT 2012 (INDOCRYPT 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7668))

Included in the following conference series:

Abstract

Computations of small discrete logarithms are feasible even in “secure” groups, and are used as subroutines in several cryptographic protocols in the literature. For example, the Boneh–Goh–Nissim degree-2-homomorphic public-key encryption system uses generic square-root discrete-logarithm methods for decryption. This paper shows how to use a small group-specific table to accelerate these subroutines. The cost of setting up the table grows with the table size, but the acceleration also grows with the table size. This paper shows experimentally that computing a discrete logarithm in an interval of order ℓ takes only 1.93·ℓ1/3 multiplications on average using a table of size ℓ1/3 precomputed with 1.21·ℓ2/3 multiplications, and computing a discrete logarithm in a group of order ℓ takes only 1.77·ℓ1/3 multiplications on average using a table of size ℓ1/3 precomputed with 1.24·ℓ2/3 multiplications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. –(no editor): 2nd ACM conference on computer and communication security, Fairfax, Virginia, November 1994. Association for Computing Machinery (1994). See [34]

    Google Scholar 

  2. Atallah, M.J., Hopper, N.J. (eds.): Privacy enhancing technologies, 10th international symposium, PETS 2010, Berlin, Germany, July 21-23, 2010, proceedings. LNCS, vol. 6205. Springer (2010). ISBN 978-3-642-14526-1. See [16]

    Google Scholar 

  3. Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C.,Cheng, C.-M., Van Damme, G., de Meulenaer, G., Perez, L.J.D., Fan, J., Güneysu,T., Gürkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar,C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130 (2010), http://eprint.iacr.org/2009/541/ . Citations in this document: §5

  4. Bao, F., Samarati, P., Zhou, J. (eds.): Applied cryptography and network security,10th international conference, ACNS 2012, Singapore, June 26-29, 2012, proceedings (industrial track) (2012), http://icsd.i2r.a-star.edu.sg/acns2012/proceedings-industry.pdf . See [18]

  5. Bernstein, D.J., Lange, T.: Two grumpy giants and a baby. In: Proceedings of ANTS 2012, to appear (2012), http://eprint.iacr.org/2012/294 . Citations inthis document: §2, §2

  6. Bernstein, D.J., Lange, T.: Non-uniform cracks in the concrete: the power of free precomputation (2012), http://eprint.iacr.org/2012/318 . Citations in this document: §1, §1

  7. Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: TCC 2005 [19], pp. 325–341 (2005), http://crypto.stanford.edu/~dabo/abstracts/2dnf.html . Citations in this document: §1, §1, §1

  8. Davies, D.W. (ed.): Advances in cryptology–EUROCRYPT ’91, workshop on the theory and application of cryptographic techniques, Brighton, UK, April 8-11,1991, proceedings. LNCS, vol. 547. Springer (1991). See [24]

    Google Scholar 

  9. Escott, A.E., Sager, J.C., Selkirk, A.P.L., Tsapakidis, D.: Attacking elliptic curve cryptosystems using the parallel Pollard rho method. CryptoBytes 4 (1999), ftp://ftp.rsa.com/pub/cryptobytes/crypto4n2.pdf . Citations in this document: §1, §1, §3, §3

  10. Fischer-Hübner, S., Hopper, N. (eds.): Privacy enhancing technologies–11th international symposium, PETS 2011, Waterloo, ON, Canada, July 27-29, 2011, proceedings. LNCS, vol. 6794. Springer (2011). See [21]

    Google Scholar 

  11. Freeman, D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Eurocrypt 2010 [14], pp. 44–61 (2010), http://theory.stanford.edu/~dfreeman/papers/subgroups.pdf . Citations in this document: §1

  12. Fumy, W. (ed.): Advances in cryptology–EUROCRYPT ’97, international conference on the theory and application of cryptographic techniques, Konstanz, Germany, May 11-15, 1997. LNCS, vol. 1233. Springer (1997). See [32]

    Google Scholar 

  13. Gansner, E.R., North, S.C.: An open graph visualization system and its applications to software engineering. Software: Practice and Experience 30, 1203–1233 (2000). Citations in this document: §3

    Google Scholar 

  14. Gilbert, H. (ed.): Advances in cryptology–EUROCRYPT 2010, 29th annual international conference on the theory and applications of cryptographic techniques, French Riviera, May 30-June 3, 2010, proceedings. LNCS, vol. 6110. Springer(2010). See [11]

    Google Scholar 

  15. Henry, R., Goldberg, I.: Solving discrete logarithms in smooth-order groups with CUDA. In: Workshop Record of SHARCS 2012: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 101–118 (2012), http://2012.sharcs.org/record.pdf . Citations in this document: §1, §1, §1, §4, §4, §4, §4, §4, §4, §4

  16. Henry, R., Henry, K., Goldberg, I.: Making a nymbler Nymble using VERBS. In: PETS 2010 [2], pp. 111–129 (2010), http://www.cypherpunks.ca/~iang/pubs/nymbler-pets.pdf . Citations in this document: §1

  17. Hitchcock, Y., Montague, P., Carter, G., Dawson, E.: The efficiency of solving multiple discrete logarithm problems and the implications for the security of fixed elliptic curves. International Journal of Information Security 3, 86–98 (2004). Citations in this document: §1, §3, §3

    Google Scholar 

  18. Hu, Y., Martin, W.J., Sunar, B.: Enhanced flexibility for homomorphic encryption schemes via CRT. In: ACNS 2012 industrial track [4], pp. 93–110 (2012). Citationsin this document: §1, §1

    Google Scholar 

  19. Kilian, J. (ed.): Theory of cryptography, second theory of cryptography conference, TCC 2005, Cambridge, MA, USA, February 10-12, 2005, proceedings. LNCS, vol. 3378. Springer (2005). ISBN 3-540-24573-1. See [7]

    Google Scholar 

  20. Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithmfor computing multiple discrete logarithms. In: SAC 2001 [36], pp. 212–229 (2001), http://www.distcomp.ethz.ch/publications.html . Citations in this document: §1, §1, §1, §1, §3, §3, §3, §3, §3, §3, §3

  21. Kursawe, K., Danezis, G., Kohlweiss, M.: Privacy-friendly aggregation forthe smart-grid. In: PETS 2011 [10], pp. 175–191 (2011), http://research.microsoft.com/pubs/146092/main.pdf . Citations in this document: §1

  22. Lee, H.T., Cheon, J.H., Hong, J.: Accelerating ID-based encryption based on trapdoor DL using pre-computation. 11 Jan 2012 (2012), http://eprint.iacr.org/2011/187 . Citations in this document: §1, §1, §3, §3, §3, §3, §5

  23. Lewis, D.J. (ed.): 1969 Number Theory Institute: proceedings of the 1969 summer institute on number theory: analytic number theory, Diophantine problems,and algebraic number theory; held at the State University of New York at StonyBrook, Stony Brook, Long Island, New York, July 7-August 1, 1969. Proceedings of Symposia in Pure Mathematics, vol. 20. American Mathematical Society, Providence, Rhode Island (1971). ISBN 0-8218-1420-6. MR 47:3286. See [31]

    Google Scholar 

  24. Maurer, U.M., Yacobi, Y.: Non-interactive public-key cryptography. In: Eurocrypt 1991 [8], pp. 498–507 (1991). Citations in this document: §1, §1

    Google Scholar 

  25. Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes 55, 165–172 (1994). Citations in this document: §2

    Google Scholar 

  26. Nohl, K., Paget, C.: GSM–SRSLY? (2009), http://events.ccc.de/congress/2009/Fahrplan/attachments/1519_26C3.Karsten.Nohl.GSM.pdf . Citations in this document: §3

  27. Paterson, K.G., Srinivasan, S.: On the relations between non-interactive keydistribution, identity-based encryption and trapdoor discrete log groups. Designs, Codes and Cryptography 52, 219–241 (2009), http://www.isg.rhul.ac.uk/~prai175/PatersonS09.pdf . Citations in this document: §1

    Google Scholar 

  28. Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978), http://www.ams.org/mcom/1978-32-143/S0025-5718-1978-0491431-9/S0025-5718-1978-0491431-9.pdf . Citations in this document: §2, §2, §2

  29. Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000). Citations in this document: §2

    Google Scholar 

  30. Sattler, J., Schnorr, C.-P.: Generating random walks in groups. Annales Universitatis Scientiarum Budapestinensis de Rolando Eötvös Nominatae. Sectio Computatorica 6, 65-79 (1989). ISSN 0138-9491. MR 89a:68108, http://ac.inf.elte.hu/Vol_006_1985/065.pdf . Citations in this document: §2

  31. Shanks, D.: Class number, a theory of factorization, and genera. In: [23], pp. 415–440 (1971). MR 47:4932. Citations in this document: §2, §2

    Google Scholar 

  32. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Eurocrypt 1997 [12], pp. 256–266 (1997), http://www.shoup.net/papers/ . Citations in this document: §2

  33. Teske, E.: On random walks for Pollard’s rho method. Mathematics of Computation 70, 809–825 (2001), http://www.ams.org/journals/mcom/2001-70-234/S0025-5718-00-01213-8/S0025-5718-00-01213-8.pdf . Citations in this document: §2

  34. van Oorschot, P.C., Wiener, M.: Parallel collision search with application to hash functions and discrete logarithms. In: [1], pp. 210–218 (1994); see also newer version [35]

    Google Scholar 

  35. van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999); see also older version [34]. ISSN 0933-2790, http://members.rogers.com/paulv/papers/pubs.html . Citations inthis document: §2, §2, §2

    Google Scholar 

  36. Vaudenay, S., Youssef, A.M. (eds.): Selected areas in cryptography: 8th annual international workshop, SAC 2001, Toronto, Ontario, Canada, August 16-17,2001, revised papers. LNCS, vol. 2259. Springer (2001). ISBN 3-540-43066-0. MR2004k:94066. See [20]

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Illinois at Chicago, Chicago, IL, 60607–7053, USA

    Daniel J. Bernstein

  2. Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, P.O. Box 513, 5600, MB, Eindhoven, The Netherlands

    Daniel J. Bernstein & Tanja Lange

Authors
  1. Daniel J. Bernstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tanja Lange
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics, University of Auckland, Private Bag 92019, 1142, Auckland, New Zealand

    Steven Galbraith

  2. Indian Statistical Institute, Applied Statistics Unit, 203 B.T. Road, 700108, Kolkata, West Bengal, India

    Mridul Nandi

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernstein, D.J., Lange, T. (2012). Computing Small Discrete Logarithms Faster. In: Galbraith, S., Nandi, M. (eds) Progress in Cryptology - INDOCRYPT 2012. INDOCRYPT 2012. Lecture Notes in Computer Science, vol 7668. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34931-7_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34931-7_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34930-0

  • Online ISBN: 978-3-642-34931-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation