BibTeX
@TECHREPORT{Lambert96computationalaspects,
author = {Rob Lambert},
title = {Computational Aspects of Discrete Logarithms},
institution = {},
year = {1996}
}
Bookmark
 |
 |
 |
 |
 |
 |
OpenURL
Abstract
I hereby declare that I am the sole author of this thesis. I authorize the University of Waterloo to lend this thesis to other institutions or indi-viduals for the purpose of scholarly research. I further authorize the University of Waterloo to reproduce this thesis by photocopy-ing or by other means, in total or in part, at the request of other institutions or individuals for the purpose of scholarly research. ii The University of Waterloo requires the signatures of all persons using or photocopy-ing this thesis. Please sign below, and give address and date. iii Abstract Integer factorization and discrete logarithm calculation are important to public key cryp-tography. The most efficient known methods for these problems require the solution of large sparse linear systems, modulo two for the factoring case, and modulo large primesfor the logarithm case. This thesis is concerned with solving these equations modulo large primes. The methods typically used in this application are examined and compared, andimprovements are suggested. A solution method derived from the bi-diagonalization method of Golub and Kahan is developed, and shown to require one-half the storage ofthe Lanczos method, one-quarter less than the conjugate gradient method, and no more computation than either of these methods. It is expected that this method will becomethe method of choice for the solution modulo large primes of the equations involved in discrete logarithm calculation. The problem of breakdown for the general case of non-symmetric and possibly sin-gular matrices is considered, and new lookahead methods for orthogonal and conjugate Lanczos algorithms are derived. A unified treatment of the Lanczos algorithms, theconjugate gradient algorithm and the Wiedemann algorithm is given using an orthogonal polynomial approach. It is shown, in particular, that incurable breakdowns can behandled by such an approach. The conjugate gradient algorithm is shown to consist of coupled conjugate and orthogonal Lanczos iterations, linking it to the developmentgiven for Lanczos methods. An efficient integrated lookahead method is developed for the conjugate gradient algorithm.
Citations
| 145 | W: Calculating the Singular Values and Pseudoinverse of a Matrix - GH, Kahan - 1965 |
| 46 | A block Lanczos algorithm for finding dependencies over GF(2 - MONTGOMERY - 1995 |
| 36 | Computational variants of the Lanczos method for the eigenproblem - Paige - 1972 |
| 23 | Discrete logarithms and factoring - Bach - 1984 |
| 18 | Fast, rigorous factorization and discrete logarithm algorithms, Discrete Algorithms and Complexity, edited by - Pomerance - 1987 |
| 11 | Recursive identification of linear systems - Rissanen - 1971 |
| 2 | Nachtigal, An implementation of thelook-ahead Lanczos algorithm for non-Hermitian matrices - Freund, Gutknecht, et al. - 1993 |
| 1 | Factoring with two large primes, Advances inCryptology - EUROCRYPT'90 - Lenstra, Manasse - 1990 |
| 1 | On the Lanczos method over finite fields, preprint - Teitelbaum - 1996 |
