# A Group Action on $${\mathbb Z}_p^{\times }$$ and the Generalized DLP with Auxiliary Inputs

Conference paper

DOI: 10.1007/978-3-662-43414-7_6

Volume 8282 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Cheon J.H., Kim T., Song Y.S. (2014) A Group Action on $${\mathbb Z}_p^{\times }$$ and the Generalized DLP with Auxiliary Inputs. In: Lange T., Lauter K., Lisoněk P. (eds) Selected Areas in Cryptography -- SAC 2013. SAC 2013. Lecture Notes in Computer Science, vol 8282. Springer, Berlin, Heidelberg

## Abstract

The Discrete Logarithm Problem with Auxiliary Inputs (DLPwAI) is an important cryptographic hard problem to compute $$\alpha \in {\mathbb Z}_p$$ for given $$g, g^{\alpha }, \cdots , g^{\alpha ^d}$$ where $$g$$ is a generator of a group of order $$p$$. In this paper, we introduce a generalized version of this problem, so called the generalized DLPwAI (GDLPwAI) problem which is asked to compute $$\alpha$$ for given $$g, g^{\alpha ^{e_1}}, \cdots , g^{\alpha ^{e_d}}$$, and propose an efficient algorithm when $$K:=\{e_1, \cdots , e_d\}$$ is a multiplicative subgroup of $${\mathbb Z}_{p-1}^{\times }$$. Although the previous algorithms can only compute $$\alpha$$ when $$p\pm 1$$ has a small divisor $$d$$, our algorithm resolves the problem when neither $$p+1$$ or $$p-1$$ has an appropriate small divisor. Our method exploits a group action of $$K$$ on $${\mathbb Z}_p^{\times }$$ to partition $${\mathbb Z}_p^{\times }$$ efficiently.

### Keywords

The discrete logarithm problem The discrete logarithm problem with auxiliary inputs Cheon’s algorithm