On the bounded sum-of-digits discrete logarithm problem in finite fields

On the bounded sum-of-digits discrete logarithm problem in finite fields (2004)

Cached

Download Links

[cr.yp.to]
[www.cs.ou.edu]
[www.iacr.org]
[arxiv.org]

Other Repositories/Bibliography

DBLP

by Qi Cheng

Venue:	In Proc. of the 24th Annual International Cryptology Conference (CRYPTO
Citations:	4 - 1 self

BibTeX

@INPROCEEDINGS{Cheng04onthe,
    author = {Qi Cheng},
    title = {On the bounded sum-of-digits discrete logarithm problem in finite fields},
    booktitle = {In Proc. of the 24th Annual International Cryptology Conference (CRYPTO},
    year = {2004},
    pages = {201--212},
    publisher = {Springer-Verlag}
}

Bookmark

OpenURL

Abstract

Abstract. In this paper, we study the bounded sum-of-digits discrete logarithm problem in finite fields. Our results concern primarily with fields Fqn where n|q − 1. The fields are called Kummer extensions of Fq. It is known that we can efficiently construct an element g with order greater than 2 n in the fields. Let Sq(•) be the function from integers to the sum of digits in their q-ary expansions. We first present an algorithm that given g e (0 ≤ e < q n) finds e in random polynomial time, provided that Sq(e) < n. We then show that the problem is solvable in random polynomial time for most of the exponent e with Sq(e) < 1.32n, by exploring an interesting connection between the discrete logarithm problem and the problem of list decoding of Reed-Solomon codes, and applying the Guruswami-Sudan algorithm. As a side result, we obtain a sharper lower bound on the number of congruent polynomials generated by linear factors than the one based on Stothers-Mason ABC-theorem. We also prove that in the field Fqq−1, the bounded sum-of-digits discrete logarithm with respect to g can be computed in random time O(f(w) log 4 (q q−1)), where f is a subexponential function and w is the bound on the q-ary sum-of-digits of the exponent, hence the problem is fixed parameter tractable. These results are shown to be generalized to Artin-Schreier extension Fpp where p is a prime. Since every finite field has an extension of reasonable degree which is a Kummer extension, our result reveals an unexpected property of the discrete logarithm problem, namely, the bounded sum-of-digits discrete logarithm problem in any given finite field becomes polynomial time solvable in certain low degree extensions. 1

Citations

697	Fellows M: Parameterized Complexity - Downey - 1999
209	Improved decoding of Reed-Solomon and Algebraic-Geometric codes - Guruswami, Sudan - 1999
40	An implementation for a fast public-key cryptosystem - Agnew, Mullin, et al. - 1991
24	Discrete Logarithms: The Past and the Future - Odlyzko - 1999
18	Proving primality in essentially quartic random time - Bernstein
15	Some baby-step giant-step algorithms for the low Hamming weight discrete logarithm problem - Stinson
11	Fixed-parameter complexity and cryptography - Fellows, Koblitz - 1993
11	On some subgroups of the multiplicative group of a finite ring. Journal de théorie des nombres de Bordeaux, 16:233–239, 2004. http://www.ma.utexas.edu/users/voloch/preprint.html JEAN-MARC COUVEIGNES, TONY EZOME, AND REYNALD LERCIER Institut de Mathématiqu - Voloch
7	Normal bases over finite fields - Gao - 1993
5	Sharpening “primes is in p” for a large family of numbers. http://lanl.arxiv.org/abs/math.NT/0211334 - Berrizbeitia - 2002
5	Primality proving via one round in ECPP and one iteration in AKS - Cheng - 2003
5	zur Gathen. Efficient exponentiation in finite fields - von - 1991
4	Constructing finite field extensions with large order elements - Cheng - 2004
3	Sharper ABC-based bounds for congruent polynomials - Bernstein
2	Algorithmic Number theory, volume I - Bach, Shallit - 1996