Skip to main content
SpringerLink
Log in

A variant of the Galbraith–Ruprai algorithm for discrete logarithms with improved complexity

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

The discrete logarithm problem (DLP) in a group is a fundamental assumption that underpins the security of many systems. Hence evaluating its hardness is important. For efficient implementation of cryptographic algorithms, sometimes groups with additional structures are preferred. However, these structures may be used to obtain faster attacks. By using equivalence classes, Galbraith and Ruprai proposed a faster algorithm to solve the DLP in an interval of size N, with expected running time of \(1.361\sqrt{N}\) group operations. Liu generalized their algorithm to the 2-dimensional case, which required \(1.450\sqrt{N}\) group operations. Further, for an elliptic curve with an efficiently computable endomorphism, Liu reduced the complexity to \(1.026\sqrt{N}\). In this paper, we propose a variant of the Galbraith–Ruprai algorithm. This variant has average-case asymptotic complexity close to \(1.253\sqrt{N}\) for sufficiently large N. For certain practical parameters, the complexity is \(1.275\sqrt{N}\) in the 1-dimensional case and \(1.393\sqrt{N}\) in the 2-dimensional case. Then we extend the algorithm for the case of larger equivalence classes. In particular, for the 2-dimensional DLP in a rectangle on an elliptic curve with an efficiently computable endomorphism, we reduce the complexity to \(0.985\sqrt{N}\) for certain fixed parameters. We also discuss some possible further improvements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Bos J.W., Kleinjung T., Lenstra A.K.: On the use of the negation map in the Pollard rho method. In: Algorithmic Number Theory Symposium-ANTS 2010, pp. 66–82. Springer, Berlin (2010).

  2. Galbraith S.D., Holmes M.: A non-uniform birthday problem with applications to discrete logarithms. Discret. Appl. Math. 160(10), 1547–1560 (2012).

    Article  MathSciNet  MATH  Google Scholar 

  3. Galbraith S.D., Ruprai R.S.: An improvement to the Gaudry–Schost algorithm for multidimensional discrete logarithm problems. In: Proceedings of the 12th IMA International Conference on Cryptography and Coding, pp. 368–382. Springer, Berlin (2009).

  4. Galbraith S.D., Ruprai R.S.: Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval. In: Public Key Cryptography-PKC 2010, pp. 368–383. Springer, Berlin (2010).

  5. Galbraith S.D., Lin X., Scott M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. In: Advances in Cryptology-EUROCRYPT 2009, pp. 518–535. Springer, Berlin (2009).

  6. Galbraith S.D., Pollard J.M., Ruprai R.S.: Computing discrete logarithms in an interval. Math. Comput. 82(282), 1181–1195 (2013).

    Article  MathSciNet  MATH  Google Scholar 

  7. Gallant R., Lambert R., Vanstone S.: Improving the parallelized Pollard lambda search on anomalous binary curves. Math. Comput. 69(232), 1699–1705 (2000).

    Article  MathSciNet  MATH  Google Scholar 

  8. Gallant R., Lambert R., Vanstone S.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Advances in Cryptology-CRYPTO 2001, pp. 190–200. Springer, Berlin (2001).

  9. Gaudry P., Schost É.: A low-memory parallel version of Matsuo, Chao, and Tsujii’s algorithm. In: Algorithmic Number Theory Symposium-ANTS 2004, pp. 208–222. Springer, Berlin (2004).

  10. Gennaro R.: An improved pseudo-random generator based on discrete log. In: Advances in Cryptology-CRYPTO 2000, pp. 469–481. Springer, Berlin (2000).

  11. Gopalakrishnan K., Thériault N., Yao C.: Solving discrete logarithms from partial knowledge of the key. In: Progress in Cryptology-INDOCRYPT 2007, pp. 224–237. Springer, Berlin (2007).

  12. Koblit N.: CM-curves with good cryptographic properties. In: Advances in Cryptology-CRYPTO’91, pp. 279–287. Springer, Heidelberg (1992).

  13. Lim C.H., Lee P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Advances in Cryptology-CRYPTO’97, pp. 249–263. Springer, Berlin (1997).

  14. Liu W.: Improved algorithms for the 2-dimensional discrete logarithm problem with equivalence classes. Master’s thesis, University of Auckland (2010).

  15. Longa P., Sica F.: Four-dimensional Gallant–Lambert–Vanstone scalar multiplication. In: Advances in Cryptology-ASIACRYPT 2012, pp. 718–739. Springer, Berlin (2012).

  16. Matsuo K., Chao J., Tsujii S.: An improved baby step giant step algorithm for point counting of hyperelliptic curves over finite fields. In: Algorithmic Number Theory Symposium-ANTS 2002, pp. 461–474. Springer, Berlin (2002).

  17. Patel S., Sundaram G.S.: An efficient discrete log pseudo random generator. In: Advances in Cryptology-CRYPTO’98, pp. 304–317. Springer, Berlin (1998).

  18. Pollard J.M.: Monte Carlo methods for index computation (mod \(p\)). Math. Comput. 32(143), 918–924 (1978).

    MathSciNet  MATH  Google Scholar 

  19. Quisquater J.J., Delescaille J.P.: How easy is collision search? Application to DES. In: Advances in Cryptology- EUROCRYPT’89, pp. 429–434. Springer, Heidelberg (1990).

  20. Shanks D.: Class number, a theory of factorization, and genera. In: Proceedings of Symposia in Pure Mathematics, pp. 415–440 (1971).

  21. Smith B.: Families of fast elliptic curves from \(\mathbb{Q}\)-curves. In: Advances in Cryptology-ASIACRYPT 2013, pp. 61–78. Springer, Berlin (2013).

  22. Teske E.: On random walks for Pollard’s rho method. Math. Comput. 70(234), 809–825 (2001).

    Article  MathSciNet  MATH  Google Scholar 

  23. van Oorschot P.C., Wiener M.J.: On Diffie-Hellman key agreement with short exponents. In: Advances in Cryptology-EUROCRYPT’96, pp. 332–343. Springer, Berlin (1996).

  24. van Oorschot P.C., Wiener M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999).

    Article  MathSciNet  MATH  Google Scholar 

  25. Weng A.: A low-memory algorithm for point counting on picard curves. Des. Codes Cryptogr. 38(3), 383–393 (2006).

    Article  MathSciNet  MATH  Google Scholar 

  26. Wiener M.J., Zuccherato R.J.: Faster attacks on elliptic curve cryptosystems. In: Selected Areas in Cryptography–SAC’98, pp. 190–200. Springer, Berlin (1998).

Download references

Acknowledgements

Funding was provided by National Natural Science Foundation of China (Grant Nos. 61502481 and 61672019). We would like to thank Professor Steven Galbraith for his helpful comments.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Yuqing Zhu, Jincheng Zhuang, Hairong Yi, Chang Lv & Dongdai Lin

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100049, China

    Yuqing Zhu & Hairong Yi

Authors
  1. Yuqing Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jincheng Zhuang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hairong Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chang Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dongdai Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jincheng Zhuang.

Additional information

Communicated by S. D. Galbraith.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, Y., Zhuang, J., Yi, H. et al. A variant of the Galbraith–Ruprai algorithm for discrete logarithms with improved complexity. Des. Codes Cryptogr. 87, 971–986 (2019). https://doi.org/10.1007/s10623-018-0492-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-018-0492-3

Keywords

Mathematics Subject Classification

Search

Navigation