Abstract
Computations of small discrete logarithms are feasible even in “secure” groups, and are used as subroutines in several cryptographic protocols in the literature. For example, the Boneh–Goh–Nissim degree-2-homomorphic public-key encryption system uses generic square-root discrete-logarithm methods for decryption. This paper shows how to use a small group-specific table to accelerate these subroutines. The cost of setting up the table grows with the table size, but the acceleration also grows with the table size. This paper shows experimentally that computing a discrete logarithm in an interval of order ℓ takes only 1.93·ℓ1/3 multiplications on average using a table of size ℓ1/3 precomputed with 1.21·ℓ2/3 multiplications, and computing a discrete logarithm in a group of order ℓ takes only 1.77·ℓ1/3 multiplications on average using a table of size ℓ1/3 precomputed with 1.24·ℓ2/3 multiplications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
–(no editor): 2nd ACM conference on computer and communication security, Fairfax, Virginia, November 1994. Association for Computing Machinery (1994). See [34]
Atallah, M.J., Hopper, N.J. (eds.): Privacy enhancing technologies, 10th international symposium, PETS 2010, Berlin, Germany, July 21-23, 2010, proceedings. LNCS, vol. 6205. Springer (2010). ISBN 978-3-642-14526-1. See [16]
Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C.,Cheng, C.-M., Van Damme, G., de Meulenaer, G., Perez, L.J.D., Fan, J., Güneysu,T., Gürkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar,C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130 (2010), http://eprint.iacr.org/2009/541/ . Citations in this document: §5
Bao, F., Samarati, P., Zhou, J. (eds.): Applied cryptography and network security,10th international conference, ACNS 2012, Singapore, June 26-29, 2012, proceedings (industrial track) (2012), http://icsd.i2r.a-star.edu.sg/acns2012/proceedings-industry.pdf . See [18]
Bernstein, D.J., Lange, T.: Two grumpy giants and a baby. In: Proceedings of ANTS 2012, to appear (2012), http://eprint.iacr.org/2012/294 . Citations inthis document: §2, §2
Bernstein, D.J., Lange, T.: Non-uniform cracks in the concrete: the power of free precomputation (2012), http://eprint.iacr.org/2012/318 . Citations in this document: §1, §1
Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: TCC 2005 [19], pp. 325–341 (2005), http://crypto.stanford.edu/~dabo/abstracts/2dnf.html . Citations in this document: §1, §1, §1
Davies, D.W. (ed.): Advances in cryptology–EUROCRYPT ’91, workshop on the theory and application of cryptographic techniques, Brighton, UK, April 8-11,1991, proceedings. LNCS, vol. 547. Springer (1991). See [24]
Escott, A.E., Sager, J.C., Selkirk, A.P.L., Tsapakidis, D.: Attacking elliptic curve cryptosystems using the parallel Pollard rho method. CryptoBytes 4 (1999), ftp://ftp.rsa.com/pub/cryptobytes/crypto4n2.pdf . Citations in this document: §1, §1, §3, §3
Fischer-Hübner, S., Hopper, N. (eds.): Privacy enhancing technologies–11th international symposium, PETS 2011, Waterloo, ON, Canada, July 27-29, 2011, proceedings. LNCS, vol. 6794. Springer (2011). See [21]
Freeman, D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Eurocrypt 2010 [14], pp. 44–61 (2010), http://theory.stanford.edu/~dfreeman/papers/subgroups.pdf . Citations in this document: §1
Fumy, W. (ed.): Advances in cryptology–EUROCRYPT ’97, international conference on the theory and application of cryptographic techniques, Konstanz, Germany, May 11-15, 1997. LNCS, vol. 1233. Springer (1997). See [32]
Gansner, E.R., North, S.C.: An open graph visualization system and its applications to software engineering. Software: Practice and Experience 30, 1203–1233 (2000). Citations in this document: §3
Gilbert, H. (ed.): Advances in cryptology–EUROCRYPT 2010, 29th annual international conference on the theory and applications of cryptographic techniques, French Riviera, May 30-June 3, 2010, proceedings. LNCS, vol. 6110. Springer(2010). See [11]
Henry, R., Goldberg, I.: Solving discrete logarithms in smooth-order groups with CUDA. In: Workshop Record of SHARCS 2012: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 101–118 (2012), http://2012.sharcs.org/record.pdf . Citations in this document: §1, §1, §1, §4, §4, §4, §4, §4, §4, §4
Henry, R., Henry, K., Goldberg, I.: Making a nymbler Nymble using VERBS. In: PETS 2010 [2], pp. 111–129 (2010), http://www.cypherpunks.ca/~iang/pubs/nymbler-pets.pdf . Citations in this document: §1
Hitchcock, Y., Montague, P., Carter, G., Dawson, E.: The efficiency of solving multiple discrete logarithm problems and the implications for the security of fixed elliptic curves. International Journal of Information Security 3, 86–98 (2004). Citations in this document: §1, §3, §3
Hu, Y., Martin, W.J., Sunar, B.: Enhanced flexibility for homomorphic encryption schemes via CRT. In: ACNS 2012 industrial track [4], pp. 93–110 (2012). Citationsin this document: §1, §1
Kilian, J. (ed.): Theory of cryptography, second theory of cryptography conference, TCC 2005, Cambridge, MA, USA, February 10-12, 2005, proceedings. LNCS, vol. 3378. Springer (2005). ISBN 3-540-24573-1. See [7]
Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithmfor computing multiple discrete logarithms. In: SAC 2001 [36], pp. 212–229 (2001), http://www.distcomp.ethz.ch/publications.html . Citations in this document: §1, §1, §1, §1, §3, §3, §3, §3, §3, §3, §3
Kursawe, K., Danezis, G., Kohlweiss, M.: Privacy-friendly aggregation forthe smart-grid. In: PETS 2011 [10], pp. 175–191 (2011), http://research.microsoft.com/pubs/146092/main.pdf . Citations in this document: §1
Lee, H.T., Cheon, J.H., Hong, J.: Accelerating ID-based encryption based on trapdoor DL using pre-computation. 11 Jan 2012 (2012), http://eprint.iacr.org/2011/187 . Citations in this document: §1, §1, §3, §3, §3, §3, §5
Lewis, D.J. (ed.): 1969 Number Theory Institute: proceedings of the 1969 summer institute on number theory: analytic number theory, Diophantine problems,and algebraic number theory; held at the State University of New York at StonyBrook, Stony Brook, Long Island, New York, July 7-August 1, 1969. Proceedings of Symposia in Pure Mathematics, vol. 20. American Mathematical Society, Providence, Rhode Island (1971). ISBN 0-8218-1420-6. MR 47:3286. See [31]
Maurer, U.M., Yacobi, Y.: Non-interactive public-key cryptography. In: Eurocrypt 1991 [8], pp. 498–507 (1991). Citations in this document: §1, §1
Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes 55, 165–172 (1994). Citations in this document: §2
Nohl, K., Paget, C.: GSM–SRSLY? (2009), http://events.ccc.de/congress/2009/Fahrplan/attachments/1519_26C3.Karsten.Nohl.GSM.pdf . Citations in this document: §3
Paterson, K.G., Srinivasan, S.: On the relations between non-interactive keydistribution, identity-based encryption and trapdoor discrete log groups. Designs, Codes and Cryptography 52, 219–241 (2009), http://www.isg.rhul.ac.uk/~prai175/PatersonS09.pdf . Citations in this document: §1
Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978), http://www.ams.org/mcom/1978-32-143/S0025-5718-1978-0491431-9/S0025-5718-1978-0491431-9.pdf . Citations in this document: §2, §2, §2
Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000). Citations in this document: §2
Sattler, J., Schnorr, C.-P.: Generating random walks in groups. Annales Universitatis Scientiarum Budapestinensis de Rolando Eötvös Nominatae. Sectio Computatorica 6, 65-79 (1989). ISSN 0138-9491. MR 89a:68108, http://ac.inf.elte.hu/Vol_006_1985/065.pdf . Citations in this document: §2
Shanks, D.: Class number, a theory of factorization, and genera. In: [23], pp. 415–440 (1971). MR 47:4932. Citations in this document: §2, §2
Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Eurocrypt 1997 [12], pp. 256–266 (1997), http://www.shoup.net/papers/ . Citations in this document: §2
Teske, E.: On random walks for Pollard’s rho method. Mathematics of Computation 70, 809–825 (2001), http://www.ams.org/journals/mcom/2001-70-234/S0025-5718-00-01213-8/S0025-5718-00-01213-8.pdf . Citations in this document: §2
van Oorschot, P.C., Wiener, M.: Parallel collision search with application to hash functions and discrete logarithms. In: [1], pp. 210–218 (1994); see also newer version [35]
van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999); see also older version [34]. ISSN 0933-2790, http://members.rogers.com/paulv/papers/pubs.html . Citations inthis document: §2, §2, §2
Vaudenay, S., Youssef, A.M. (eds.): Selected areas in cryptography: 8th annual international workshop, SAC 2001, Toronto, Ontario, Canada, August 16-17,2001, revised papers. LNCS, vol. 2259. Springer (2001). ISBN 3-540-43066-0. MR2004k:94066. See [20]
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernstein, D.J., Lange, T. (2012). Computing Small Discrete Logarithms Faster. In: Galbraith, S., Nandi, M. (eds) Progress in Cryptology - INDOCRYPT 2012. INDOCRYPT 2012. Lecture Notes in Computer Science, vol 7668. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34931-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-34931-7_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34930-0
Online ISBN: 978-3-642-34931-7
eBook Packages: Computer ScienceComputer Science (R0)