Abstract
The discrete logarithm problem (DLP) generalizes to the constrained DLP, where the secret exponent x belongs to a set known to the attacker. The complexity of generic algorithms for solving the constrained DLP depends on the choice of the set. Motivated by cryptographic applications, we study explicit construction of sets for which the constrained DLP is hard. We draw on earlier results due to Erdös et al. and Schnorr, develop geometric tools such as generalized Menelaus’ theorem for proving lower bounds on the complexity of the constrained DLP, and construct explicit sets with provable non-trivial lower bounds.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bose, R.C., Chowla, S.: Theorems in the additive theory of numbers. Comment. Math. Helv. 37, 141–147 (1962–1963)
Baker, R.C., Harman, G., Pintz, J.: The difference between consecutive primes. II. Proc. London Math. Soc. 83(3), 532–562 (2001)
Bollobás, B.: Modern graph theory. Graduate texts in mathematics, vol. 184. Springer, Heidelberg (1998)
Coron, J.-S., Lefranc, D., Poupard, G.: A new baby-step giant-step algorithm and some applications to cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 47–60. Springer, Heidelberg (2005)
Chateauneuf, M., Ling, A., Stinson, D.R.: Slope packings and coverings, and generic algorithms for the discrete logarithm problem. J. Comb. Designs 11(1), 36–50 (2003)
Carter, L., Wegman, M.N.: Universal classes of hash functions. In: STOC 1977, pp. 106–112 (1977)
Erdös, P., Newman, D.J.: Bases for sets of integers. J. Number Theory 9(4), 420–425 (1977)
Graham, R.L., Sloane, N.J.A.: On additive bases and harmonious graphs. SIAM J. Algebraic and Discrete Methods 1, 382–404 (1980)
Guy, R.K.: Unsolved Problems in Number Theory, 3rd edn. Springer, Heidelberg (2004)
Heiman, R.: A note on discrete logorithms with special structure. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 454–457. Springer, Heidelberg (1993)
Haanpää, H., Huima, A., Östergård, P.R.J.: Sets in ℤ n with distinct sums of pairs. Discrete Applied Mathematics 138(1–2), 99–106 (2004)
Hoffstein, J., Silverman, J.H.: Random small Hamming weight products with applications to cryptography. Discrete Applied Mathematics 130(1), 37–49 (2003)
Knuth, D.E.: Seminumerical Algorithms, 3rd edn. The Art of Computer Programming, vol. 2. Addison-Wesley, Reading (1997)
Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165–172 (1994)
Naor, A., Verstraëte, J.: A note on bipartite graphs without 2k-cycles. Probability, Combinatorics and Computing 14(5–6), 845–849 (2005)
O’Bryant, K.: Sidon Sets and Beatty Sequences. PhD thesis, U. of Illinois in Urbana-Champaign (2002)
O’Bryant, K.: A complete annotated bibliography of work related to Sidon sequences. Electr. J. Combinatorics, DS11 (July 2004)
Odlyzko, A.M.: Discrete logarithms: The past and the future. Des. Codes Cryptography 19(2/3), 129–145 (2000)
Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978)
Pollard, J.M.: Kangaroos, monopoly and discrete logarithms. J. Cryptology 13(4), 437–447 (2000)
Ruzsa, I.Z.: Solving a linear equation in a set of integers. Part I. Acta Arith. 65, 259–282 (1993)
Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. J. ACM 27(4), 701–717 (1980)
Schnorr, C.-P.: Small generic hardcore subsets for the discrete logarithm. Inf. Process. Lett. 79(2), 93–98 (2001)
Shanks, D.: Class number, a theory of factorization, and genera. In: Lewis, D.J. (ed.) 1969 Number Theory Institute, Providence, Rhode Island. Proceedings of Symposia in Pure Mathematics, vol. 20, pp. 415–440. American Mathematical Society (1971)
Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)
Singer, J.: A theorem in finite projective geometry and some applications to number theory. Trans. Amer. Math. Soc. 43, 377–385 (1938)
Sella, Y., Jakobsson, M.: Constrained and constant ratio hash functions (manuscript, 2004)
Stinson, D.R.: Some baby-step giant-step algorithms for the low Hamming weight discrete logarithm problem. Math. Comput. 71(237), 379–391 (2002)
Schirokauer, O., Weber, D., Denny, T.F.: Discrete logarithms: The effectiveness of the index calculus method. In: Cohen, H. (ed.) ANTS 1996. LNCS, vol. 1122, pp. 337–361. Springer, Heidelberg (1996)
Teske, E.: Square-root algorithms for the discrete logarithm problem (a survey). In: Public-Key Cryptography and Computational Number Theory, pp. 283–301 (2001)
van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptology 12(1), 1–28 (1999)
Yacobi, Y.: Fast exponentiation using data compression. SIAM J. Comput. 28(2), 700–703 (1998)
Zarankiewicz, K.: Problem P 101. Colloq. Math. 2, 301 (1951)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mironov, I., Mityagin, A., Nissim, K. (2006). Hard Instances of the Constrained Discrete Logarithm Problem. In: Hess, F., Pauli, S., Pohst, M. (eds) Algorithmic Number Theory. ANTS 2006. Lecture Notes in Computer Science, vol 4076. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11792086_41
Download citation
DOI: https://doi.org/10.1007/11792086_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36075-9
Online ISBN: 978-3-540-36076-6
eBook Packages: Computer ScienceComputer Science (R0)