Designing and Detecting Trapdoors for Discrete Log Cryptosystems

  • Daniel M. Gordon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 740)


Using a number field sieve, discrete logarithms modulo primes of special forms can be found faster than standard primes. This has raised concerns about trapdoors in discrete log cryptosystems, such as the Digital Signature Standard. This paper discusses the practical impact of these trapdoors, and how to avoid them.


  1. 1.
    T. Beth, M. Frisch and G.J. Simmons, eds., Public-key Cryptography, State of the Art and Future Directions, LNCS #578. Springer, 1992.zbMATHGoogle Scholar
  2. 2.
    M. Blum. Coin flipping by telephone: A protocol for solving impossible problems, (Proceedings of the 24th IEEE Computer Conference, 1982, pp. 133–137.Google Scholar
  3. 3.
    E.F. Brickell and K.S. McCurley, An Interactive Identification Scheme Based on Discrete Logarithms and Factoring, Journal of Cryptology, to appear.Google Scholar
  4. 4.
    J. Buchmann and A. Pethö. Computation of independent units in number fields by Dirichlet’s method, Math. Comp., 52 (1989), pp. 149–159.CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    D. Coppersmith, A.M. Odlyzko and R. Schroeppel, Discrete logarithms in GF(p), Algorithmica, 1 (1986), pp. 1–15.CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Trans. Info. Theory, 22 (1976), pp. 644–654.CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    D. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM Journal on Discrete Math., to appear.Google Scholar
  8. 8.
    D.E. Knuth, The Art of Computer Programming, Vol. 2, Seminumerical Algorithms, Second Edition, Addison-Wesley, Massachusetts, 1981.Google Scholar
  9. 9.
    B. LaMacchia and A.M. Odlyzko. Computation of discrete logarithms in prime fields, Designs, Codes and Cryptography, 1 (1991), pp. 47–62.CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    B. LaMacchia and A.M. Odlyzko, Solving large sparse linear systems over finite fields. Advances in Cryptology: Proceedings of Crypto’ 90, (A. Menezes, S. Vanstone, eds.), Lecture Notes in Computer Science. Springer-Verlag, New York, 1991.Google Scholar
  11. 11.
    H.W. Lenstra, Jr., Factoring integers with elliptic curves, Ann. of Math., 126 (1987), pp. 649–673.CrossRefMathSciNetGoogle Scholar
  12. 12.
    A.K. Lenstra, H.W. Lenstra, Jr., and L. Lovász. Factoring polynomials with rational coefficients, Math. Ann. 261 (1982), pp. 515–534.CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse and J.M. Pollard, The number field sieve, Proc. 22nd ACM Symposium on Theory of Computing (1990) pp. 564–572.Google Scholar
  14. 14.
    A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse and J.M. Pollard. The factorization of the ninth Fermat number, preprint, 1991.Google Scholar
  15. 15.
    U.M. Maurer and Y. Yacobi, A non-interactive public-key distribution system, Advances in Cryptology: Proceedings of Eurocrypt’ 91, (D.W. Davies, ed.), Lecture Notes in Computer Science, Springer-Verlag, New York, 1991, pp. 498–507.Google Scholar
  16. 16.
    M. Pohst and H. Zassenhaus, Algorithmic Algebraic Number Theory, Cambridge University Press, Cambridge, 1989.zbMATHGoogle Scholar
  17. 17.
    O. Schirokauer, On pro-finite groups and on discrete logarithms, Ph.D. thesis, University of California, Berkeley, May 1992.Google Scholar
  18. 18.
    C.P. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology, to appear.Google Scholar
  19. 19.
    M.E. Smid and D.K. Branstad. Response to comments on the NIST Proposed Digital Signature Standard, Advances in Cryptology: Proceedings of Crypto’ 92, to appear.Google Scholar
  20. 20.
    D.H. Wiedemann. Solving sparse linear equations over finite fields, IEEE Trans. Info. Theory. 32 (1986), pp. 54–62.CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Specifications for a digital signature standard, National Institute for Standards and Technology, Federal Information Processing Standard Publication XX, draft, August 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  • Daniel M. Gordon
    • 1
  1. 1.Department of Computer ScienceUniversity of GeorgiaAthens

Personalised recommendations