Algorithmica

, Volume 1, Issue 1–4, pp 1–15 | Cite as

Discrete logarithms inGF(p)

  • Don Coppersmith
  • Andrew M. Odlzyko
  • Richard Schroeppel
Article

Abstract

Several related algorithms are presented for computing logarithms in fieldsGF(p),p a prime. Heuristic arguments predict a running time of exp((1+o(1))\(\sqrt {\log p \log \log p} \)) for the initial precomputation phase that is needed for eachp, and much shorter running times for computing individual logarithms once the precomputation is done. The running time of the precomputation is roughly the same as that of the fastest known algorithms for factoring integers of size aboutp. The algorithms use the well known basic scheme of obtaining linear equations for logarithms of small primes and then solving them to obtain a database to be used for the computation of individual logarithms. The novel ingredients are new ways of obtaining linear equations and new methods of solving these linear equations by adaptations of sparse matrix methods from numerical analysis to the case of finite rings. While some of the new logarithm algorithms are adaptations of known integer factorization algorithms, others are new and can be adapted to yield integer factorization algorithms.

Key words

Cryptography Number theory Discrete logarithms 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Adl]
    L. M. Adleman, “A subexponential algorithm for the discrete logarithm problem with applications to cryptography,”Proc. 20th IEEE Found. Comp. Sci. Symp. (1979), 55–60.Google Scholar
  2. [CEP]
    E. R. Canfield, P. Erdös and C. Pomerance, “On a problem of Oppenheim concerning ‘Factorisatio Numerorum’,”J. Number Theory, vol. 17, 1983, pp. 1–28.MATHCrossRefMathSciNetGoogle Scholar
  3. [Cop]
    D. Coppersmith, “Fast evaluation of logarithms in fields of characteristic two,”IEEE Trans. Inform. Theory IT-30 (1984), 587–594.Google Scholar
  4. [CW]
    D. Coppersmith and S. Winograd, “On the asymptotic complexity of matrix multiplication,”SIAM J. Comput., Vol. 11, No. 3, August 1982, pp. 472–492.MATHCrossRefMathSciNetGoogle Scholar
  5. [ElG]
    T. ElGamal, “A subexponential-time algorithm for computing discrete logarithms overGF(p 2),”IEEE Trans. Inform. Theory, to appear.Google Scholar
  6. [HS]
    M. R. Hestenes and E. Stiefel, “Method of conjugate gradients for solving linear systems,”J. Res. Nat. Bur. Standards, Sect. B, vol. 49 (1952), pp. 409–436.MATHMathSciNetGoogle Scholar
  7. [Lan]
    C. Lanczos, “An iterative method for the solution of the eigenvalue problem of linear differential and integral operators,”J. Res. Nat. Bur. Standards, Sect. B, vol. 45 (1950), pp. 255–282.MathSciNetGoogle Scholar
  8. [Len]
    H. W. Lenstra, Jr., paper in preparation.Google Scholar
  9. [Odl]
    A. M. Odlyzko, “Discrete logarithms in finite fields and their cryptographic significance,” to appear,Proceedings of Eurocrypt '84, Springer Lecture Notes in Computer Science.Google Scholar
  10. [Pol]
    J. M. Pollard, “A Monte Carlo method for factorization,”BIT 15 (1975), 331–334.MATHCrossRefMathSciNetGoogle Scholar
  11. [Pom]
    C. Pomerance, “Analysis and comparison of some integer factoring algorithms,” pp. 89–139 inComputational Methods in Number Theory: Part I, H. W. Lenstra, Jr., and R. Tijdeman, eds., Math. Centre Tract 154, Math. Centre Amsterdam, 1982.Google Scholar
  12. [Rey]
    J. M. Reyneri, unpublished manuscript.Google Scholar
  13. [Str]
    V. Strassen, “Gaussian elimination is not optimal,”Numer. Math., 13 (1969), pp. 354–356.MATHCrossRefMathSciNetGoogle Scholar
  14. [Wie]
    D. Wiedemann, “Solving sparse linear equations over finite fields,”IEEE Trans. Inform. Theory, to appear.Google Scholar
  15. [WM]
    A. E. Western and J. C. P. Miller,Tables of Indices and Primitive Roots, Royal Society Mathematical Tables, vol. 9, Cambridge Univ. Press, 1968.Google Scholar

Copyright information

© Springer-Verlag New York Inc. 1986

Authors and Affiliations

  • Don Coppersmith
    • 1
  • Andrew M. Odlzyko
    • 2
  • Richard Schroeppel
    • 3
  1. 1.IBM ResearchYorktown HeightsUSA
  2. 2.AT & T Bell LaboratoriesMurray HillUSA
  3. 3.Inference CorporationLos AngelesUSA

Personalised recommendations