Abstract
The discrete logarithm problem arises from various areas, including counting the number of points of certain curves and diverse cryptographic schemes. The Gaudry–Schost algorithm and its variants are state-of-the-art low-memory methods solving the multi-dimensional discrete logarithm problem through finding collisions between pseudorandom tame walks and wild walks. In this work, we explore the impact on the choice of tame and wild sets of the Gaudry–Schost algorithm, and give two variants with improved average case time complexity for the multidimensional case under certain heuristic assumptions. We explain why the second method is asymptotically optimal.
Similar content being viewed by others
References
Bernstein D.J., Lange T.: Two grumpy giants and a baby. In: Howe E.W., Kedlaya K.S. (eds.) Proceedings of the Tenth Algorithmic Number Theory Symposium, pp. 87–111. Springer, New York (2013).
Brands S.: An efficient off-line electronic cash system based on the representation problem. CWI Technical Report CS-R9323 (1993).
Cramer R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Annual International Cryptology Conference, pp. 13–25. Springer, New York (1998).
Cramer R., Gennaro R., Schoenmakers B.: A secure and optimally efficient multi-authority election scheme. In: Fumy W. (ed.) Advances in Cryptology: EUROCRYPT, vol. 1233, pp. 103–118. Lecture Notes in Computer Science. Springer, New York (1997).
Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976).
ElGamal T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985).
Galbraith S., Ruprai R.S.: An improvement to the Gaudry–Schost algorithm for multidimensional discrete logarithm problems. In: IMA International Conference on Cryptography and Coding, pp. 368–382. Springer, New York (2009).
Galbraith S.D., Ruprai R.S.: Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval. In: International Workshop on Public Key Cryptography, pp. 368–383. Springer, New York (2010).
Galbraith S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012).
Galbraith S.D., Holmes M.: A non-uniform birthday problem with applications to discrete logarithms. Discret. Appl. Math. 160(10–11), 1547–1560 (2012).
Galbraith S.D., Ruprai R.S.: Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval. In: Nguyen P.Q., Pointcheval D. (eds.) Public Key Cryptography: PKC, vol. 6056, pp. 368–383. Lecture Notes in Computer Science. Springer, New York (2010).
Galbraith S., Pollard J., Ruprai R.: Computing discrete logarithms in an interval. Math. Comput. 82(282), 1181–1195 (2013).
Gallant R.P., Lambert R.J., Vanstone S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian J. (ed.) Advances in Cryptology: CRYPTO 2001, pp. 190–200. Springer, Berlin (2001).
Gaudry P., Schost É.: A low-memory parallel version of matsuo, chao, and tsujii’s algorithm. In: International Algorithmic Number Theory Symposium, pp. 208–222. Springer, New York (2004).
Gaudry P., Harley R.: Counting points on hyperelliptic curves over finite fields. In: Bosma W. (ed.) ANTS-IV, vol. 1838, pp. 313–332. Lecture Notes in Computer Science. Springer, New York (2000).
Johnson D., Menezes A., Vanstone S.: The elliptic curve digital signature algorithm (ecdsa). Int. J. Inf. Secur. 1(1), 36–63 (2001).
Matsuo K., Chao J., Tsujii S.: An improved baby step giant step algorithm for point counting of hyperelliptic curves over finite fields. In: Fieker C., Kohel D.R. (eds.) ANTS-V, vol. 2369, pp. 461–474. Lecture Notes in Computer Science. Springer, New York (2002).
Nikolaev M.V.: On the complexity of two-dimensional discrete logarithm problem in a finite cyclic group with efficient automorphism. Math. Voprosy Kriptogr. 6(2), 45–57 (2015).
Nikolaev M.V.: Modified Gaudry Schost algorithm for the two-dimensional discrete logarithm problem. Math. Voprosy Kriptogr. 11(2), 125–135 (2020).
Pollard J.M.: Monte Carlo methods for index computation(mod p). Math. Comput. 32(143), 918–924 (1978).
Ruprai R.: Improvements to the Gaudry–Schost Algorithm for Multidimensional Discrete Logarithm Problems and Applications. Ph.D. thesis, Royal Holloway University of London (2010).
Schnorr C.P.: Efficient identification and signatures for smart cards. In: Conference on the Theory and Application of Cryptology, pp. 239–252. Springer, New York (1989).
Selivanov B.I.: On waiting time in the scheme of random allocation of coloured particies. Discret. Math. Appl. 5(1), 73–82 (1995).
Shanks D.: Class number, a theory of factorization, and genera. Proc. Symp. Math. Soc. 20, 41–440 (1971).
Van Oorschot P.C., Wiener M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999).
Zhu Y., Zhuang J., Yi H., Lv C., Lin D.: A variant of the Galbraith–Ruprai algorithm for discrete logarithms with improved complexity. Des. Codes Cryptogr. 87(5), 971–986 (2019).
Acknowledgements
This work was partially supported by the National Key Research and Development Project (Grant No. 2018YFA0704702) and the Major Basic Research Project of Natural Science Foundation of Shandong Province, China (Grant No. ZR202010220025). The authors thank the editor and anonymous reviewers for very helpful suggestions which improved the paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S. D. Galbraith.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Wu, H., Zhuang, J. Improving the Gaudry–Schost algorithm for multidimensional discrete logarithms. Des. Codes Cryptogr. 90, 107–119 (2022). https://doi.org/10.1007/s10623-021-00966-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-021-00966-5