Solving a DLP with Auxiliary Input with the ρ-Algorithm

  • Yumi Sakemi
  • Tetsuya Izu
  • Masahiko Takenaka
  • Masaya Yasuda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7115)


The discrete logarithm problem with auxiliary input (DLPwAI) is a problem to find a positive integer α from elements GαGα d G in an additive cyclic group generated by G of prime order r and a positive integer d dividing r –1. In 2011, Sakemi et al. implemented Cheon’s algorithm for solving DLPwAI, and solved a DLPwAI in a group with 128-bit order r in about 131 hours with a single core on an elliptic curve defined over a prime finite field which is used in the TinyTate library for embedded cryptographic devices. However, since their implementation was based on Shanks’ Baby-step Giant-step (BSGS) algorithm as a sub-algorithm, it required a large amount of memory (246 GByte) so that it was concluded that applying other DLPwAIs with larger parameter is infeasible. In this paper, we implemented Cheon’s algorithm based on Pollard’s ρ-algorithm in order to reduce the required memory. As a result, we have succeeded solving the same DLPwAI in about 136 hours by a single core with less memory (0.5 MByte).


Group Operation Elliptic Curve Random Oracle Single Core Discrete Logarithm Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aoki, K., Ueda, H.: Sieving Using Bucket Sort. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 92–102. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Boyen, X.: Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X., Goh, E.: Hierarchical Identity Based Encryption with Constant Size Ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Box, R., et al.: A Fast Easy Sort. Computer Journal of Byte Magazine 16(4), 315–320 (1991)Google Scholar
  7. 7.
    Cheon, J.H.: Security Analysis of the Strong Diffie-Hellman Problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Cheon, J.H.: Discrete Logarithm Problems with Auxiliary Inputs. Journal of Cryptology 23(3), 457–476 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
  10. 10.
    Izu, T., Takenaka, M., Yasuda, M.: Experimental Results on Cheon’s Algorithm. In: WAIS 2010, The Proceedings of ARES 2010, pp. 625–630. IEEE Computer Science (2010)Google Scholar
  11. 11.
    Izu, T., Takenaka, M., Yasuda, M.: Experimental Analysis of Cheon’s Algorithm against Pairing-Friendly Curves. In: AINA 2011, pp. 90–96. IEEE Computer Science (2011)Google Scholar
  12. 12.
    Jao, D., Yoshida, K.: Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 1–16. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Kozaki, S., Kutsuma, T., Matsuo, K.: Remarks on Cheon’s Algorithms for Pairing-Related Problems. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 302–316. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Montgomery, P.: Speeding the Pollard and Elliptic Curve Methods of Factorization. Math. Comp. 48(177), 243–264 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Oliveira, L., López, J., Dahab, R.: TinyTate: Identity-Based Encryption for Sensor Networks. IACR Cryptology ePrint Archive, Report 2007/020 (2007)Google Scholar
  16. 16.
    Pollard, J.: Monte Carlo Methods for Index Computation (\(\bmod~p\)). Math. Comp. 32, 918–924 (1978)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Sakemi, Y., Izu, T., Takenaka, M., Yasuda, M.: Solving DLP with Auxiliary Input over an Elliptic Curve Used in TinyTate Library. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 116–127. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Shanks, D.: Class Number, a Theory of Factorization, and Genera. In: Proc. of Symp. Math. Soc., vol. 20, pp. 41–440 (1971)Google Scholar
  19. 19.
    Teske, E.: Speeding Up Pollard’s Rho Method for Computing Discrete Logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 541–554. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yumi Sakemi
    • 1
  • Tetsuya Izu
    • 1
  • Masahiko Takenaka
    • 1
  • Masaya Yasuda
    • 1
  1. 1.Fujitsu Laboratories Ltd.Nakahara-kuJapan

Personalised recommendations