Lower Bounds for Discrete Logarithms and Related Problems
This paper considers the computational complexity of the discrete logarithm and related problems in the context of “generic algorithms”—that is, algorithms which do not exploit any special properties of the encodings of group elements, other than the property that each group element is encoded as a unique binary string. Lower bounds on the complexity of these problems are proved that match the known upper bounds: any generic algorithm must perform Ω(p 1/2) group operations, where p is the largest prime dividing the order of the group. Also, a new method for correcting a faulty Diffie-Hellman oracle is presented.
- 1.L. Babai and E. Szemerédi. On the complexity of matrix group problems I. In 25th Annual Symposium on Foundations of Computer Science, pages 229–240, 1984.Google Scholar
- 2.D. Boneh and R. J. Lipton. Algorithms for black-box fields and their application to cryptography. In Advances in Cryptology—Crypto’ 96, pages 283–297, 1996.Google Scholar
- 3.J. Buchmann, 1995. Personal communication.Google Scholar
- 4.O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In 21st Annual ACM Symposium on Theory of Computing, pages 25–32, 1989.Google Scholar
- 5.U. Maurer. Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms. In Advances in Cryptology—Crypto’ 94, pages 271–281, 1994.Google Scholar
- 6.U. Maurer and S. Wolf. Diffie-Hellman oracles. In Advances in Cryptology—Crypto’ 96, pages 268–282, 1996.Google Scholar