Computing Discrete Logarithms in an Interval

The discrete logarithm problem in an interval of size $N$ in a group $G$ is: Given $g, h \in G$ and an integer $N$ to find an integer $0 \le n \le N$, if it exists, such that $h = g^n$. Previously the best low-storage algorithm to solve this problem was the van Oorschot and Wiener version of the Pollard kangaroo method. The heuristic average case running time of this method is $(2 + o(1)) \sqrt{N}$ group operations. We present two new low-storage algorithms for the discrete logarithm problem in an interval of size $N$. The first algorithm is based on the Pollard kangaroo method, but uses 4 kangaroos instead of the usual two. We explain why this algorithm has heuristic average case expected running time of $(1.715 + o(1)) \sqrt{N}$ group operations. The second algorithm is based on the Gaudry-Schost algorithm and the ideas of our first algorithm. We explain why this algorithm has heuristic average case expected running time of $(1.661 + o(1)) \sqrt{N}$ group operations. We give experimental results that show that the methods do work close to that predicted by the theoretical analysis. This is a revised version since the published paper that contains a corrected proof of Theorem 6 (the statement of Theorem 6 is unchanged). We thank Ravi Montenegro for pointing out the errors

Algorithms for Solving the Discrete Logarithm Problem

In mathematics, there are often many procedures to solve or prove the same problem. The discrete logarithm is one of these problems. The baby step, giant step algorithm and Pollard\u27s kangaroo algorithm are two algorithms that attempt to solve discrete logarithm problems. Explanations on what these two algorithms are will be discussed as well as examples of each algorithm. In addition to these two algorithms, a modified form of Pollard\u27s kangaroo algorithm will be provided with results. Throughout the text, Mathematica programs will be presented that simulate each of the three algorithms above

SIDH hybrid schemes with a classical component based on the discrete logarithm problem over finite field extension

The concept of a hybrid scheme with connection of SIDH and ECDH is nowadays very popular. In hardware implementations it is convenient to use a classical key exchange algorithm, which is based on the same finite field as SIDH. Most frequently used hybrid scheme is SIDH-ECDH. On the other hand, using the same field as in SIDH, one can construct schemes over \Fpn, like Diffie-Hellman or XTR scheme, whose security is based on the discrete logarithm problem. In this paper, idea of such schemes will be presented. The security of schemes, which are based on the discrete logarithm problem over fields \Fp, \Fpd, \Fpc, \Fps and \Fpo, for primes $p$ used in SIDH, will be analyzed. At the end, the propositions of practical applications of these schemes will be presented

ECC2K-130 on NVIDIA GPUs

Abstract. Computations of small discrete logarithms are feasible even in "secure" groups, and are used as subroutines in several cryptographic protocols in the literature. For example, the Boneh-Goh-Nissim degree-2-homomorphic public-key encryption system uses generic square-root discrete-logarithm methods for decryption. This paper shows how to use a small group-specific table to accelerate these subroutines. The cost of setting up the table grows with the table size, but the acceleration also grows with the table size. This paper shows experimentally that computing a discrete logarithm in an interval of order takes only 1.93