Advertisement

Computation of Discrete Logarithms in Prime Fields

Extended Abstract
  • B. A. LaMacchia
  • A. M. Odlyzko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 537)

Abstract

If p is a prime and g and x integers, then computation of y such that
$$ y \equiv g^x \bmod p,0 \leqslant y \leqslant p - 1 $$
(1.1)
is referred to as discrere exponentiarion. Using the successive squaring method, it is very fast (polynomial in the number of bits of ∣p∣ + ∣g∣ + ∣x∣). On the other hand, the inverse problem, namely, given p, g, and y, to compute some z such that Equation 1.1 holds, which is referred to as the discrete logarithm problem, appears to be quite hard in general. Many of the most widely used public key cryptosystems are based on the assumption that discrete logarithms are indeed hard to compute, at least for carefully chosen primes.

References

  1. [1]
    D. Coppersmith, A. Odlyzko, and R. Schroeppel, Discrete logarithms in GF (p), Algorithmica 1 (1986), 1–15.MathSciNetCrossRefGoogle Scholar
  2. [2]
    B. A. LaMacchia and A. M. Odlyzko, Solving large sparse linear systems over finite fields, Advances in Cryptology: Proceedings of Crypto’ 90, A. Menezes, S. Vanstone, eds., to be published.Google Scholar
  3. [3]
    K. S. McCurley, The discrete logarithm problem, in Cryptography and Computational Number Theory, C. Pomerance, ed., Proc. Symp. Appl. Math., Amer. Math. Soc., 1990, to appear.Google Scholar
  4. [4]
    A. M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, Advances in Cryptology: Proceedings of Eurocrypt’ 84, T. Beth, N. Cot, I. Ingemarsson, eds., Lecture Notes in Computer Science 209, Springer-Verlag, NY (1985), 224–314.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • B. A. LaMacchia
    • 1
  • A. M. Odlyzko
    • 1
  1. 1.AT&T Bell LaboratoriesMurray HillUSA

Personalised recommendations