Computing discrete logarithms with the general number field sieve

  • Damian Weber
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1122)


The difficulty in solving the discrete logarithm problem is of extreme cryptographic importance since it is widely used in signature schemes, message encryption, key exchange, authentication and so on ([15], [17], [21], [29] etc.). The General Number Field Sieve (GNFS) is the asymptotically fastest known method to compute discrete logs mod p [18]. With the first implementation of the GNFS for discrete logs by using Schirokauer's improvement [27] we were able to show its practicability [31].

In this report we write about a new record in computing discrete logarithms mod p and some experimental data collected while finishing the precomputation step for breaking K. McCurley's 129-digit challenge [10].


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    L. M. Adleman, Factoring numbers using singular integers, Proc. 23rd Annual ACM STOC, New Orleans, May 6–8, pp. 64–71, 1991Google Scholar
  2. 2.
    C. Batut, D. Bernardi, H. Cohen, M. Olivier, GP/PARI CALCULATOR Version 1.39.03, 1995Google Scholar
  3. 3.
    D. Bernstein, A. K. Lenstra, A general Number Field Sieve Implementation, in [19], 1991Google Scholar
  4. 4.
    I. Biehl, J. Buchmann, Th. Papanikolaou LiDIA — A library for computational number theory, Universität des Saarlandes, preprint, 1995Google Scholar
  5. 5.
    R. P. Brent, An Improved Monte Carlo Factorization Algorithm, Nordisk Tidskrift för Informationsbehandling (BIT) 20, pp. 176–184, 1980Google Scholar
  6. 6.
    J. Buchmann, J. Loho, J. Zayer, An implementation of the general number field sieve, Advances in Cryptology Crypto '93 Lecture Notes in Computer Science 773, pp. 159–165, 1993Google Scholar
  7. 7.
    J. P. Buhler, H. W. Lenstra, C. Pomerance, Factoring integers with the number field sieve, in [19], 1992Google Scholar
  8. 8.
    H. Cohen, A course in computational algebraic number theory, Springer, 1993Google Scholar
  9. 9.
    D. Coppersmith, A. Odlyzko, R. Schroeppel, Discrete Logarithms in GF(p), Algorithmica 1, pp. 1–15, 1986Google Scholar
  10. 10.
    K. McCurley, The Discrete Logarithm Problem, Cryptology and Computational Number Theory, Proc. Symp. in Applied Mathematics, American Mathematical Society, 1990Google Scholar
  11. 11.
    Th. Denny, A Structured Gauss Implementation for GF(p), Universität des Saarlandes, to appearGoogle Scholar
  12. 12.
    Th. Denny, A Lanczos Implementation for GF(p), Universität des Saarlandes, to appearGoogle Scholar
  13. 13.
    Th. Denny, V. Müller, On the Reduction of Composed Relations from the Number Field Sieve, Algorithmic Number Theory Symposium II (ANTS II), 1996Google Scholar
  14. 14.
    R. Dentzer, libI: eine lange ganzzahlige Arithmetik, IWR Heidelberg, 1991Google Scholar
  15. 15.
    W. Diffie, M. Hellman, New directions in Cryptography. IEEE Trans. Inform. Theory 22, pp. 472–492, 1976Google Scholar
  16. 16.
    B. Dodson, A. K. Lenstra, NFS with four large primes, Advances in Cryptology Crypto '95, Lecture Notes in Computer Science 963, Springer, 1995Google Scholar
  17. 17.
    T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory 31, pp. 469–472, 1985Google Scholar
  18. 18.
    D. Gordon, Discrete Logarithms in GF(p) using the Number Field Sieve, SIAM J. Discrete Math., Vol 6, pp. 124–138., 1993Google Scholar
  19. 19.
    A. K. Lenstra, H. W. Lenstra, The development of the number field sieve, Springer, 1993Google Scholar
  20. 20.
    A. K. Lenstra, H. W. Lenstra, M. S. Manasse, J. M. Pollard, The number field sieve, Abstract: Proc. 22nd Ann. ACM Symp. on Theory of Computing (STOC), 564–572, 1990Google Scholar
  21. 21.
    National Institute of Standards and Technology. The Digital Signature Standard, proposal and discussion, Comm. of the ACM, 35 (7), pp. 36–54, 1992Google Scholar
  22. 22.
    A. Odlyzko, M. LaMacchia, Discrete Logarithms in GF(p), 1991Google Scholar
  23. 23.
    J. M. Pollard, Monte Carlo Methods for Index Computation (mod p), Math. Comp. 32, 918–924, 1978Google Scholar
  24. 24.
    J. M. Pollard, The lattice sieve, in [19], 1991Google Scholar
  25. 25.
    S. Pohlig, M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Trans. on Inform. Theory 24, 106–110, 1978Google Scholar
  26. 26.
    O. Schirokauer, personal communication, 1995Google Scholar
  27. 27.
    O. Schirokauer, Discrete Logarithms and Local Units, Phil. Trans. R. Soc. Lond. A 345, 409–423, 1993Google Scholar
  28. 28.
    Th. Setz, R. Roth, LiPS: a System for Distributed Processing on Workstations, SFB 124 TP D5, Universität des Saarlandes, 1992Google Scholar
  29. 29.
    D. R. Stinson, Cryptography in Theory and Practice, CRC Press, 1995Google Scholar
  30. 30.
    D. Shanks, Class Number, a Theory of Factorization and Genera, Proc. Symposium Pure Mathematics Vol. 20, American Mathematical Society, Providence, R. I., pp. 415–440, 1970Google Scholar
  31. 31.
    D. Weber, An Implementation of the Number Field Sieve to Compute Discrete Logarithms mod p, Advances in Cryptology — Eurocrypt'95, Lecture Notes in Computer Science 921,pp. 95–105, 1995Google Scholar
  32. 32.
    J. Zayer, Faktorisieren mit dem Number Field Sieve, PhD thesis, Saarbrücken, 1995Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Damian Weber
    • 1
  1. 1.FB InformatikUniversität des SaarlandesSaarbrückenGermany

Personalised recommendations