On the Discrete Logarithm Problem on Algebraic Tori

  • R. Granger
  • F. Vercauteren
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3621)


Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori \(T_2(\mathbb{F}_{p^m})\) and \(T_6(\mathbb{F}_{p^m})\) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest.


Discrete Logarithm Discrete Logarithm Problem Compression Factor Cyclotomic Polynomial Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Adleman, L.M., De Marrais, J.: A subexponential algorithm for discrete logarithms over all finite fields. Math. Comp. 61(203), 1–15 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Brouwer, A.E., Pellikaan, R., Verheul, E.R.: Doing more with fewer bits. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 321–332. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Buchberger, B.: A theoretical basis for the reduction of polynomials to canonical forms. ACM SIGSAM Bull 10(3), 19–29 (1976)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Diem, C.: On the discrete logarithm problem in elliptic curves over non-prime fields. Preprint, Available from the author (2004)Google Scholar
  5. 5.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inform. Theory 22 (6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  7. 7.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases \((F\sb 4)\). J. Pure Appl. Algebra 139(1-3), 61–88 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero \((F\sb 5)\). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, pp. 75–83 (2002)Google Scholar
  9. 9.
    FIPS 186-2, Digital signature standard. Federal Information Processing Standards Publication 186-2 (February 2000)Google Scholar
  10. 10.
    Gaudry, P.: Index calculus for abelian varieties and the elliptic curve discrete logarithm problem. Cryptology ePrint Archive, Report 2004/073 (2004), Available from
  11. 11.
    Gaudry, P., Thomé, E.: A double large prime variation for small genus hyperelliptic index calculus. Cryptology ePrint Archive, Report 2004/153 (2004), Available from
  12. 12.
    Granger, R., Page, D., Stam, M.: A comparison of CEILIDH and XTR. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 235–249. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    LaMacchia, B.A., Odlyzko, A.M.: Solving large sparse linear systems over finite fields. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 109–133. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Lazard, D.: Résolution des systèmes d’équations algébriques. Theoret. Comput. Sci. 15(1), 77–110 (1981)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Lenstra, A.K.: Using cyclotomic polynomials to construct efficient discrete logarithm cryptosystems over finite fields. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 127–138. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  16. 16.
    Lenstra, A.K., Verheul, E.: The XTR public key system. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 1–19. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Lim, S., Kim, S., Yie, I., Kim, J., Lee, H.: XTR extended to GF(p\(^{\mbox{6m}}\)). In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 301–312. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Menezes, A.J., van Oorschot, P., Vanstone, S.A.: The Handbook of Applied Cryptography. CRC press, Boca Raton (1996)CrossRefGoogle Scholar
  19. 19.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals E84-A(5), 1234–1243 (2001)Google Scholar
  20. 20.
    Nagao, K.: Improvement of Thériault algorithm of index calculus for Jacobian of hyperelliptic curves of small genus. Cryptology ePrint Archive, Report 2004/161 (2004), Available from
  21. 21.
    Odlyzko, A.M.: Discrete logarithms in finite fields and their cryptographic significance. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 224–314. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  22. 22.
    Rubin, K., Silverberg, A.: Torus-based cryptography. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 349–365. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Rubin, K., Silverberg, A.: Using primitive subgroups to do more with fewer bits. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 18–41. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4, 161–174 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Smith, P., Skinner, C.: A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms. In: Advances in Cryptology (ASIACRYPT 1995). LNCS, vol. 917, pp. 357–364. Springer, Heidelberg (1995)Google Scholar
  26. 26.
    Thériault, N.: Index calculus attack for hyperelliptic curves of small genus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 75–92. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    van Dijk, M., Granger, R., Page, D., Rubin, K., Silverberg, A., Stam, M., Woodruff, D.: Practical cryptography in high dimensional tori. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 234–250. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    van Dijk, M., Woodruff, D.P.: Asymptotically optimal communication for torus-based cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 157–178. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • R. Granger
    • 1
  • F. Vercauteren
    • 2
  1. 1.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom
  2. 2.Department of Electrical EngineeringUniversity of LeuvenLeuven-HeverleeBelgium

Personalised recommendations