Open Problems in Mathematics and Computational Science

pp 5-36


The Past, Evolving Present, and Future of the Discrete Logarithm

  • Antoine JouxAffiliated withCryptoExpertsChaire de Cryptologie de la Fondation de l’UPMCSorbonne Universités, LIP6, UMR 7606
  • , Andrew OdlyzkoAffiliated withSchool of Mathematics, University of Minnesota
  • , Cécile PierrotAffiliated withDGA/CNRS, Sorbonne Universités, LIP6, UMR 7606 Email author 

* Final gross prices may vary according to local VAT.

Get Access


The first practical public key cryptosystem ever published, the Diffie–Hellman key exchange algorithm, relies for its security on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the security of a large variety of other public key systems and protocols.

Since the introduction of the Diffie–Hellman key exchange more than three decades ago, there have been substantial algorithmic advances in the computation of discrete logarithms. However, in general the discrete logarithm problem is still considered to be hard. In particular, this is the case for the multiplicative groups of finite fields with medium to large characteristic and for the additive group of a general elliptic curve.

This chapter presents a survey of the state of the art concerning discrete logarithms and their computation.