A Group Action on \({\mathbb Z}_p^{\times }\) and the Generalized DLP with Auxiliary Inputs

Conference paper

DOI: 10.1007/978-3-662-43414-7_6

Volume 8282 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Cheon J.H., Kim T., Song Y.S. (2014) A Group Action on \({\mathbb Z}_p^{\times }\) and the Generalized DLP with Auxiliary Inputs. In: Lange T., Lauter K., Lisoněk P. (eds) Selected Areas in Cryptography -- SAC 2013. SAC 2013. Lecture Notes in Computer Science, vol 8282. Springer, Berlin, Heidelberg

Abstract

The Discrete Logarithm Problem with Auxiliary Inputs (DLPwAI) is an important cryptographic hard problem to compute \(\alpha \in {\mathbb Z}_p\) for given \(g, g^{\alpha }, \cdots , g^{\alpha ^d}\) where \(g\) is a generator of a group of order \(p\). In this paper, we introduce a generalized version of this problem, so called the generalized DLPwAI (GDLPwAI) problem which is asked to compute \(\alpha \) for given \(g, g^{\alpha ^{e_1}}, \cdots , g^{\alpha ^{e_d}}\), and propose an efficient algorithm when \(K:=\{e_1, \cdots , e_d\}\) is a multiplicative subgroup of \({\mathbb Z}_{p-1}^{\times }\). Although the previous algorithms can only compute \(\alpha \) when \(p\pm 1\) has a small divisor \(d\), our algorithm resolves the problem when neither \(p+1\) or \(p-1\) has an appropriate small divisor. Our method exploits a group action of \(K\) on \({\mathbb Z}_p^{\times }\) to partition \({\mathbb Z}_p^{\times }\) efficiently.

Keywords

The discrete logarithm problem The discrete logarithm problem with auxiliary inputs Cheon’s algorithm 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Department of Mathematical Sciences and ISaC-RIMSeoul National UniversitySeoulSouth Korea