Advertisement

Computing Small Discrete Logarithms Faster

  • Daniel J. Bernstein
  • Tanja Lange
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7668)

Abstract

Computations of small discrete logarithms are feasible even in “secure” groups, and are used as subroutines in several cryptographic protocols in the literature. For example, the Boneh–Goh–Nissim degree-2-homomorphic public-key encryption system uses generic square-root discrete-logarithm methods for decryption. This paper shows how to use a small group-specific table to accelerate these subroutines. The cost of setting up the table grows with the table size, but the acceleration also grows with the table size. This paper shows experimentally that computing a discrete logarithm in an interval of order ℓ takes only 1.93·ℓ1/3 multiplications on average using a table of size ℓ1/3 precomputed with 1.21·ℓ2/3 multiplications, and computing a discrete logarithm in a group of order ℓ takes only 1.77·ℓ1/3 multiplications on average using a table of size ℓ1/3 precomputed with 1.24·ℓ2/3 multiplications.

Keywords

Discrete logarithms random walks precomputation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    –(no editor): 2nd ACM conference on computer and communication security, Fairfax, Virginia, November 1994. Association for Computing Machinery (1994). See [34] Google Scholar
  2. 2.
    Atallah, M.J., Hopper, N.J. (eds.): Privacy enhancing technologies, 10th international symposium, PETS 2010, Berlin, Germany, July 21-23, 2010, proceedings. LNCS, vol. 6205. Springer (2010). ISBN 978-3-642-14526-1. See [16] Google Scholar
  3. 3.
    Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C.,Cheng, C.-M., Van Damme, G., de Meulenaer, G., Perez, L.J.D., Fan, J., Güneysu,T., Gürkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar,C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130 (2010), http://eprint.iacr.org/2009/541/. Citations in this document: §5
  4. 4.
    Bao, F., Samarati, P., Zhou, J. (eds.): Applied cryptography and network security,10th international conference, ACNS 2012, Singapore, June 26-29, 2012, proceedings (industrial track) (2012), http://icsd.i2r.a-star.edu.sg/acns2012/proceedings-industry.pdf. See [18]
  5. 5.
    Bernstein, D.J., Lange, T.: Two grumpy giants and a baby. In: Proceedings of ANTS 2012, to appear (2012), http://eprint.iacr.org/2012/294. Citations inthis document: §2, §2
  6. 6.
    Bernstein, D.J., Lange, T.: Non-uniform cracks in the concrete: the power of free precomputation (2012), http://eprint.iacr.org/2012/318. Citations in this document: §1, §1
  7. 7.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: TCC 2005 [19], pp. 325–341 (2005), http://crypto.stanford.edu/~dabo/abstracts/2dnf.html. Citations in this document: §1, §1, §1
  8. 8.
    Davies, D.W. (ed.): Advances in cryptology–EUROCRYPT ’91, workshop on the theory and application of cryptographic techniques, Brighton, UK, April 8-11,1991, proceedings. LNCS, vol. 547. Springer (1991). See [24] Google Scholar
  9. 9.
    Escott, A.E., Sager, J.C., Selkirk, A.P.L., Tsapakidis, D.: Attacking elliptic curve cryptosystems using the parallel Pollard rho method. CryptoBytes 4 (1999), ftp://ftp.rsa.com/pub/cryptobytes/crypto4n2.pdf. Citations in this document: §1, §1, §3, §3
  10. 10.
    Fischer-Hübner, S., Hopper, N. (eds.): Privacy enhancing technologies–11th international symposium, PETS 2011, Waterloo, ON, Canada, July 27-29, 2011, proceedings. LNCS, vol. 6794. Springer (2011). See [21] Google Scholar
  11. 11.
    Freeman, D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Eurocrypt 2010 [14], pp. 44–61 (2010), http://theory.stanford.edu/~dfreeman/papers/subgroups.pdf. Citations in this document: §1
  12. 12.
    Fumy, W. (ed.): Advances in cryptology–EUROCRYPT ’97, international conference on the theory and application of cryptographic techniques, Konstanz, Germany, May 11-15, 1997. LNCS, vol. 1233. Springer (1997). See [32] Google Scholar
  13. 13.
    Gansner, E.R., North, S.C.: An open graph visualization system and its applications to software engineering. Software: Practice and Experience 30, 1203–1233 (2000). Citations in this document: §3 Google Scholar
  14. 14.
    Gilbert, H. (ed.): Advances in cryptology–EUROCRYPT 2010, 29th annual international conference on the theory and applications of cryptographic techniques, French Riviera, May 30-June 3, 2010, proceedings. LNCS, vol. 6110. Springer(2010). See [11] Google Scholar
  15. 15.
    Henry, R., Goldberg, I.: Solving discrete logarithms in smooth-order groups with CUDA. In: Workshop Record of SHARCS 2012: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 101–118 (2012), http://2012.sharcs.org/record.pdf. Citations in this document: §1, §1, §1, §4, §4, §4, §4, §4, §4, §4
  16. 16.
    Henry, R., Henry, K., Goldberg, I.: Making a nymbler Nymble using VERBS. In: PETS 2010 [2], pp. 111–129 (2010), http://www.cypherpunks.ca/~iang/pubs/nymbler-pets.pdf. Citations in this document: §1
  17. 17.
    Hitchcock, Y., Montague, P., Carter, G., Dawson, E.: The efficiency of solving multiple discrete logarithm problems and the implications for the security of fixed elliptic curves. International Journal of Information Security 3, 86–98 (2004). Citations in this document: §1, §3, §3 Google Scholar
  18. 18.
    Hu, Y., Martin, W.J., Sunar, B.: Enhanced flexibility for homomorphic encryption schemes via CRT. In: ACNS 2012 industrial track [4], pp. 93–110 (2012). Citationsin this document: §1, §1 Google Scholar
  19. 19.
    Kilian, J. (ed.): Theory of cryptography, second theory of cryptography conference, TCC 2005, Cambridge, MA, USA, February 10-12, 2005, proceedings. LNCS, vol. 3378. Springer (2005). ISBN 3-540-24573-1. See [7] Google Scholar
  20. 20.
    Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithmfor computing multiple discrete logarithms. In: SAC 2001 [36], pp. 212–229 (2001), http://www.distcomp.ethz.ch/publications.html. Citations in this document: §1, §1, §1, §1, §3, §3, §3, §3, §3, §3, §3
  21. 21.
    Kursawe, K., Danezis, G., Kohlweiss, M.: Privacy-friendly aggregation forthe smart-grid. In: PETS 2011 [10], pp. 175–191 (2011), http://research.microsoft.com/pubs/146092/main.pdf. Citations in this document: §1
  22. 22.
    Lee, H.T., Cheon, J.H., Hong, J.: Accelerating ID-based encryption based on trapdoor DL using pre-computation. 11 Jan 2012 (2012), http://eprint.iacr.org/2011/187. Citations in this document: §1, §1, §3, §3, §3, §3, §5
  23. 23.
    Lewis, D.J. (ed.): 1969 Number Theory Institute: proceedings of the 1969 summer institute on number theory: analytic number theory, Diophantine problems,and algebraic number theory; held at the State University of New York at StonyBrook, Stony Brook, Long Island, New York, July 7-August 1, 1969. Proceedings of Symposia in Pure Mathematics, vol. 20. American Mathematical Society, Providence, Rhode Island (1971). ISBN 0-8218-1420-6. MR 47:3286. See [31] Google Scholar
  24. 24.
    Maurer, U.M., Yacobi, Y.: Non-interactive public-key cryptography. In: Eurocrypt 1991 [8], pp. 498–507 (1991). Citations in this document: §1, §1 Google Scholar
  25. 25.
    Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes 55, 165–172 (1994). Citations in this document: §2 Google Scholar
  26. 26.
    Nohl, K., Paget, C.: GSM–SRSLY? (2009), http://events.ccc.de/congress/2009/Fahrplan/attachments/1519_26C3.Karsten.Nohl.GSM.pdf. Citations in this document: §3
  27. 27.
    Paterson, K.G., Srinivasan, S.: On the relations between non-interactive keydistribution, identity-based encryption and trapdoor discrete log groups. Designs, Codes and Cryptography 52, 219–241 (2009), http://www.isg.rhul.ac.uk/~prai175/PatersonS09.pdf. Citations in this document: §1 Google Scholar
  28. 28.
    Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978), http://www.ams.org/mcom/1978-32-143/S0025-5718-1978-0491431-9/S0025-5718-1978-0491431-9.pdf. Citations in this document: §2, §2, §2
  29. 29.
    Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000). Citations in this document: §2 Google Scholar
  30. 30.
    Sattler, J., Schnorr, C.-P.: Generating random walks in groups. Annales Universitatis Scientiarum Budapestinensis de Rolando Eötvös Nominatae. Sectio Computatorica 6, 65-79 (1989). ISSN 0138-9491. MR 89a:68108, http://ac.inf.elte.hu/Vol_006_1985/065.pdf. Citations in this document: §2
  31. 31.
    Shanks, D.: Class number, a theory of factorization, and genera. In: [23], pp. 415–440 (1971). MR 47:4932. Citations in this document: §2, §2 Google Scholar
  32. 32.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Eurocrypt 1997 [12], pp. 256–266 (1997), http://www.shoup.net/papers/. Citations in this document: §2
  33. 33.
    Teske, E.: On random walks for Pollard’s rho method. Mathematics of Computation 70, 809–825 (2001), http://www.ams.org/journals/mcom/2001-70-234/S0025-5718-00-01213-8/S0025-5718-00-01213-8.pdf. Citations in this document: §2
  34. 34.
    van Oorschot, P.C., Wiener, M.: Parallel collision search with application to hash functions and discrete logarithms. In: [1], pp. 210–218 (1994); see also newer version [35] Google Scholar
  35. 35.
    van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999); see also older version [34]. ISSN 0933-2790, http://members.rogers.com/paulv/papers/pubs.html. Citations inthis document: §2, §2, §2 Google Scholar
  36. 36.
    Vaudenay, S., Youssef, A.M. (eds.): Selected areas in cryptography: 8th annual international workshop, SAC 2001, Toronto, Ontario, Canada, August 16-17,2001, revised papers. LNCS, vol. 2259. Springer (2001). ISBN 3-540-43066-0. MR2004k:94066. See [20] Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
    • 2
  • Tanja Lange
    • 2
  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands

Personalised recommendations