Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q - 1, for which u = g k . The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2 n ). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2 n ) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2 n ) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2 n ) ought to be avoided in all cryptographic applications. On the other hand, ...

Most cryptographic key exchange protocols make use of the presumed difficulty of solving the discrete logarithm problem (DLP) in a certain finite group as the basis of their security. Recently, real quadratic number fields have been proposed for use in the development of such protocols. Breaking such schemes is known to be at least as difficult a problem as integer factorization; furthermore, these are the first discrete logarithm based systems to utilize a structure which is not a group, specifically the collection of reduced ideals which belong to the principal class of the number field. For this structure the DLP is essentially that of determining a generator of a given principal ideal. Unfortunately, there are a few implementation-related disadvantages to these schemes, such as the need for high precision floating point arithmetic and an ambiguity problem that requires a short, second round of communication. In this paper we describe work that has led to the resolution of some of these difficulties. Furthermore, we discuss the security of the system, concentrating on the most recent techniques for solving the DLP in a real quadratic number field.

We show how the discrete logarithm problem in some finite cyclic groups can easily be reduced to the discrete logarithm problem in a finite field. The cyclic groups that we consider are the set of points on a singular elliptic curve over a finite field, the set of points on a genus 0 curve over a finite field given by the Pell equation, and certain subgroups of the general linear group.

The paper analyzes a new public key cryptosystem whose security is based on a matrix version of the discrete logarithm problem over an elliptic curve.

This paper considers the Diffie-Hellman problem (DHP) over the matrix group GL_n over finite fields and shows that for matrices A and exponents k, l satisfying certain conditions called the modulus conditions, the problem can be solved without solving the discrete logarithm problem (DLP) involving only polynomial number of operations in n. A specialization of this result to DHP on F # p m shows that there exists a class of session triples of a DH scheme for which the DHP can be solved in time polynomial in m by operations over F p without solving the DLP. The private keys of such triples are termed weak. A sample of weak keys is computed and it is observed that their number is not too insignificant to be ignored. Next a specialization of the analysis is carried out for pairing based DH schemes on supersingular elliptic curves and it is shown that for an analogous class of session triples, the DHP can be solved without solving the DLP in polynomial number of operations in the embedding degree. A list of weak parameters of the DH scheme is developed on the basis of this analysis.

In this paper we describe a cryptanalysis of a key exchange scheme recently proposed by Álvarez, Tortosa, Vicent and Zamora. The scheme is based on exponentiation of block matrices over a finite field of prime order. We present an efficient reduction of the problem of disclosing the shared key to the discrete logarithm problem (DLP) in an extension of the base field.

Abstract. We propose a polynomial time quantum algorithm for solving the discrete logarithm problem in matrices over finite group rings. The hardness of this problem was recently employed in the design of a key-exchange protocol proposed by D. Kahrobaei, C. Koupparis, and V. Shpilrain [4]. Our result implies that the Kahrobaei et al. protocol does not belong to the realm of post-quantum cryptography. Keywords and phrases: Group-based cryptography, semidirect product, matrix monoids, group-rings, Diffie-Hellman, key-exchange, discrete logarithm problem, quantum algorithms, post-quantum cryptography.