Results 1 
9 of
9
Discrete Logarithms: the Effectiveness of the Index Calculus Method
, 1996
"... . In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the func ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least nonnegative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...
Using number fields to compute logarithms in finite fields
 Math. Comp
"... Abstract. We describe an adaptation of the number field sieve to the problem of computing logarithms in a finite field. We conjecture that the running time of the algorithm, when restricted to finite fields of an arbitrary but fixed degree, is Lq[1/3; (64/9) 1/3 + o(1)], where q is the cardinality o ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Abstract. We describe an adaptation of the number field sieve to the problem of computing logarithms in a finite field. We conjecture that the running time of the algorithm, when restricted to finite fields of an arbitrary but fixed degree, is Lq[1/3; (64/9) 1/3 + o(1)], where q is the cardinality of the field, Lq[s; c] =exp(c(log q) s (log log q) 1−s), and the o(1) is for q →∞.Thenumber field sieve factoring algorithm is conjectured to factor a number the size of q inthesameamountoftime. 1.
Mathematical Background of Public Key Cryptography
 AGCT 2003), Sémin. Congr
, 2005
"... Abstract. — The two main systems used for public key cryptography are RSA and protocols based on the discrete logarithm problem in some cyclic group. We focus on the latter problem and state cryptographic protocols and mathematical background material. Résumé (Éléments mathématiques de la cryptograp ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Abstract. — The two main systems used for public key cryptography are RSA and protocols based on the discrete logarithm problem in some cyclic group. We focus on the latter problem and state cryptographic protocols and mathematical background material. Résumé (Éléments mathématiques de la cryptographie à clef publique). — Les deux systèmes principaux de cryptographie à clef publique sont RSA et le calcul de logarithmes discrets dans un groupe cyclique. Nous nous intéressons aux logarithmes discrets et présentons les faits mathématiques qu’il faut connaître pour apprendre la cryptographie mathématique. 1. Data Security and Arithmetic Cryptography is, in the true sense of the word, a classic discipline: we find it in Mesopotamia and Caesar used it. Typically, the historical examples involve secret services and military. Information is exchanged amongst a limited community in which each member is to be trusted. Like Caesar’s chiffre these systems were entirely symmetric. Thus, the communicating parties needed to have a common key which is used to de and encrypt. The key exchange posed a problem (and gives a marvellous plot for spynovels) but the number of people involved was rather bounded. This has changed dramatically because of electronic communication in public networks. Since 2000 Mathematics Subject Classification. — 11T71. Key words and phrases. — Elliptic curve cryptography, mathematics of public key cryptography, hyperelliptic curves. The authors would like to thank the organizers of the conference for generous support, an interesting program and last but not least for a very inspiring and pleasant atmosphere. The second author acknowledges financial support by STORK
Cover and Decomposition Index Calculus on Elliptic Curves made practical. Application to a seemingly secure curve over Fp6. Cryptology ePrint Archive, Report 2011/020, 2011. http: //eprint.iacr.org
"... Abstract. We present a new “cover and decomposition ” attack on the elliptic curve discrete logarithm problem, that combines Weil descent and decompositionbased index calculus into a single discrete logarithm algorithm. This attack applies, at least theoretically, to all composite degree extension ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. We present a new “cover and decomposition ” attack on the elliptic curve discrete logarithm problem, that combines Weil descent and decompositionbased index calculus into a single discrete logarithm algorithm. This attack applies, at least theoretically, to all composite degree extension fields, and is particularly wellsuited for curves defined over F p 6. We give a realsize example 3 of discrete logarithm computations on a curve over a 151bit degree 6 extension field, which would not have been practically attackable using previously known algorithms. Key words: elliptic curve, discrete logarithm, index calculus, Weil descent, decomposition attack 1
Algorithms 63 11.8 Discrete logarithms over finite fields
"... Discrete exponentiation in a finite field is a direct analog of ordinary exponentiation. The exponent can only be an integer, say n, but for w in a field F, w n is defined except when w = 0 and n ≤ 0, and satisfies the usual properties, in particular w m+n = w m w n and (for u and v in F) (uv) m = u ..."
Abstract
 Add to MetaCart
Discrete exponentiation in a finite field is a direct analog of ordinary exponentiation. The exponent can only be an integer, say n, but for w in a field F, w n is defined except when w = 0 and n ≤ 0, and satisfies the usual properties, in particular w m+n = w m w n and (for u and v in F) (uv) m = u m v m. The discrete logarithm is the inverse function, in analogy with the ordinary logarithm for real numbers. If F is a finite field, then it has at least one primitive element g; i.e., all nonzero elements of F are expressible as powers of g??. 11.8.1 Definition Given a finite field F, a primitive element g of F, and a nonzero element w of F, the discrete logarithm of w to base g, written as log g(w), is the least nonnegative integer n such that w = g n. 11.8.2 Remark log g(w) is unique modulo q − 1, and 0 ≤ log g(w) ≤ q − 2. It is often convenient to allow it to be represented by any integer n such that w = g n. 11.8.3 Remark The discrete logarithm of w to base g is often called the index of w with respect to the base g. More generally, we can define discrete logarithms in groups. They are commonly called generic discrete logs.
Algorithms 61 11.6 Discrete logarithms over finite fields
"... 11.6.1 Remark Discrete exponentiation in a finite field is a direct analog of ordinary exponentiation. The exponent can only be an integer, say n, but for w in a field F, w n is defined except when w = 0 and n ≤ 0, and satisfies the usual properties, in particular w m+n = w m w n and (for u and v in ..."
Abstract
 Add to MetaCart
11.6.1 Remark Discrete exponentiation in a finite field is a direct analog of ordinary exponentiation. The exponent can only be an integer, say n, but for w in a field F, w n is defined except when w = 0 and n ≤ 0, and satisfies the usual properties, in particular w m+n = w m w n and (for u and v in F) (uv) m = u m v m. The discrete logarithm is the inverse function, in analogy with the ordinary logarithm for real numbers. If F is a finite field, then it has at least one primitive element g; i.e., all nonzero elements of F are expressible as powers of g, see Chapter??. 11.6.2 Definition Given a finite field F, a primitive element g of F, and a nonzero element w of F, the discrete logarithm of w to base g, written as log g(w), is the least nonnegative integer n such that w = g n. 11.6.3 Remark The value log g(w) is unique modulo q − 1, and 0 ≤ log g(w) ≤ q − 2. It is often convenient to allow it to be represented by any integer n such that w = g n. 11.6.4 Remark The discrete logarithm of w to base g is often called the index of w with respect to the base g. More generally, we can define discrete logarithms in groups. They are commonly called generic discrete logs.