11,539 research outputs found
Structure computation and discrete logarithms in finite abelian p-groups
We present a generic algorithm for computing discrete logarithms in a finite
abelian p-group H, improving the Pohlig-Hellman algorithm and its
generalization to noncyclic groups by Teske. We then give a direct method to
compute a basis for H without using a relation matrix. The problem of computing
a basis for some or all of the Sylow p-subgroups of an arbitrary finite abelian
group G is addressed, yielding a Monte Carlo algorithm to compute the structure
of G using O(|G|^0.5) group operations. These results also improve generic
algorithms for extracting pth roots in G.Comment: 23 pages, minor edit
Discrete logarithm computations over finite fields using Reed-Solomon codes
Cheng and Wan have related the decoding of Reed-Solomon codes to the
computation of discrete logarithms over finite fields, with the aim of proving
the hardness of their decoding. In this work, we experiment with solving the
discrete logarithm over GF(q^h) using Reed-Solomon decoding. For fixed h and q
going to infinity, we introduce an algorithm (RSDL) needing O (h! q^2)
operations over GF(q), operating on a q x q matrix with (h+2) q non-zero
coefficients. We give faster variants including an incremental version and
another one that uses auxiliary finite fields that need not be subfields of
GF(q^h); this variant is very practical for moderate values of q and h. We
include some numerical results of our first implementations
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Security Estimates for Quadratic Field Based Cryptosystems
We describe implementations for solving the discrete logarithm problem in the
class group of an imaginary quadratic field and in the infrastructure of a real
quadratic field. The algorithms used incorporate improvements over
previously-used algorithms, and extensive numerical results are presented
demonstrating their efficiency. This data is used as the basis for
extrapolations, used to provide recommendations for parameter sizes providing
approximately the same level of security as block ciphers with
and -bit symmetric keys
A Discrete Logarithm-based Approach to Compute Low-Weight Multiples of Binary Polynomials
Being able to compute efficiently a low-weight multiple of a given binary
polynomial is often a key ingredient of correlation attacks to LFSR-based
stream ciphers. The best known general purpose algorithm is based on the
generalized birthday problem. We describe an alternative approach which is
based on discrete logarithms and has much lower memory complexity requirements
with a comparable time complexity.Comment: 12 page
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
A digital computer is generally believed to be an efficient universal
computing device; that is, it is believed able to simulate any physical
computing device with an increase in computation time of at most a polynomial
factor. This may not be true when quantum mechanics is taken into
consideration. This paper considers factoring integers and finding discrete
logarithms, two problems which are generally thought to be hard on a classical
computer and have been used as the basis of several proposed cryptosystems.
Efficient randomized algorithms are given for these two problems on a
hypothetical quantum computer. These algorithms take a number of steps
polynomial in the input size, e.g., the number of digits of the integer to be
factored.Comment: 28 pages, LaTeX. This is an expanded version of a paper that appeared
in the Proceedings of the 35th Annual Symposium on Foundations of Computer
Science, Santa Fe, NM, Nov. 20--22, 1994. Minor revisions made January, 199
A kilobit hidden SNFS discrete logarithm computation
We perform a special number field sieve discrete logarithm computation in a
1024-bit prime field. To our knowledge, this is the first kilobit-sized
discrete logarithm computation ever reported for prime fields. This computation
took a little over two months of calendar time on an academic cluster using the
open-source CADO-NFS software. Our chosen prime looks random, and
has a 160-bit prime factor, in line with recommended parameters for the Digital
Signature Algorithm. However, our p has been trapdoored in such a way that the
special number field sieve can be used to compute discrete logarithms in
, yet detecting that p has this trapdoor seems out of reach.
Twenty-five years ago, there was considerable controversy around the
possibility of back-doored parameters for DSA. Our computations show that
trapdoored primes are entirely feasible with current computing technology. We
also describe special number field sieve discrete log computations carried out
for multiple weak primes found in use in the wild. As can be expected from a
trapdoor mechanism which we say is hard to detect, our research did not reveal
any trapdoored prime in wide use. The only way for a user to defend against a
hypothetical trapdoor of this kind is to require verifiably random primes
- …