We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running time if a certain smoothness assumption is verified. The algorithm proceeds in two steps: First, it determines the abstract group structure as a product of cyclic groups; second, it computes an explicit isomorphism, which can be used to extract discrete logarithms.

A new probabilistic algorithm for the determination of class groups and regulators of an algebraic number field F is presented. Heuristic evidence is given which shows that the expected running time of the algorithm is exp( p log D log log D) c+o(1) where D is the absolute discriminant of F , where c 2 R?0 is an absolute constant, and where the o(1)-function depends on the degree of F . 1 Introduction Computing the class group and the regulator of an algebraic number field F are two major tasks of algorithmic algebraic number theory. In the last decade, several regulator and class group algorithms have been suggested (e.g. [16],[17],[18],[3]). In [2] the problem of the computational complexity of those algorithms was adressed for the first time. This question was then studied in [2] in great detail. The theoretical results and the computational experience show that computing class groups and regulators is a very difficult problem. More precisely, it turns out that even under the a...

Abstract. We provide a subexponential algorithm for solving the discrete logarithm problem in Jacobians of high-genus hyperelliptic curves over finite fields. Its expected running time for instances with genus g and underlying finite field Fq satisfying g ≥ ϑ log q for a positive constant ϑ is given by

Abstract. The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the difficulty of a discrete logarithm problem in these fields. In this paper, we present a probabilistic algorithm with subexponential running time that computes such discrete logarithms in real quadratic congruence function fields of sufficiently large genus. This algorithm is a generalization of similar algorithms for real quadratic number fields. 1.

Abstract not found

this paper we show how the output of the class group algorithm can be used to simplify the index-calculus algorithm in class groups considerably. This simplification enables us to use a slight modification of our implementation [2] of the algorithm of Hafner and McCurley to calculate discrete logarithms in fairly large class groups. At the end of the paper we will present the results of some experiments which show that the computation of discrete logarithms in class groups is very easy once the class group has been computed by the subexponential algorithm. 2 The idea

This article presents algorithms for computing discrete logarithms in class groups of quadratic number fields. In the case of imaginary quadratic fields, the algorithm is based on methods applied by Hafner and McCurley [HM89] to determine the structure of the class group of imaginary quadratic fields. In the case of real quadratic fields, the algorithm of Buchmann [Buc89] for computation of class group and regulator forms the basis. We employ the rigorous elliptic curve factorization algorithm of Pomerance [Pom87], and an algorithm for solving systems of linear Diophantine equations proposed and analysed by Mulders and Storjohann [MS99]. Under the assumption of the Generalized Riemann Hypothesis, we obtain for fields with discriminant d a rigorously proven time bound of L jdj [ 1 2 ; 3 4 p 2].

Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the second algorithm depends primarily on log |DE|, where DE is the discriminant of the order isomorphic to End(E). As a byproduct, our method yields a short certificate that may be used to verify that the endomorphism ring is as claimed. 1.

. We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Dullmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performance of these algorithms. Computational results are presented which demonstrate that our new techniques yield a significant increase in the sizes of discriminants for which these discrete logarithm problems can be solved. 1. Introduction It is well-known that finite Abelian groups offer an excellent setting for cryptographic protocols [15], in particular, groups G in which the discrete logarithm problem (DLP) is intractable. That is, given g; a 2 G; it should be beyond the reach of an adversary to recover an integer x such that g x = a; or determine that no such x exists. Several types of finite Abelian groups have been proposed for this purpose, including the original idea of the multipl...

Let O be an order of a quadratic number field. In this paper we show that under the assumption of the generalized Riemann hypothesis the following decision problems are in NP " co-NP: 1. Is a given ideal A of O principal? 2. Given ideals A 1 ; : : : ; A k of O, do their equivalence classes generate the class group of O. 3. Given ideals A 1 ; : : : ; A k of O, do their equivalence classes form a basis for the class group of O? 1 Introduction Let \Delta be a rational integer which is not a perfect square, \Delta j 0; 1 mod 4. Then O = Z + Z \Delta + p \Delta 2 is the quadratic order of discriminant \Delta. In McCurley [3] and Buchmann/Williams [1] it was shown that the following decision problems belong to the complexity class NP. (P) Is a given ideal A in O principal? (h) Is h 0 2 Z1 equal to the class number h of O? We remark that (h) could be proved to be in NP only under the assumption of the the generalized Rieman Hypothesis (GRH). In addition, we consider in this paper t...