1,940 research outputs found
Discrete logarithm computations over finite fields using Reed-Solomon codes
Cheng and Wan have related the decoding of Reed-Solomon codes to the
computation of discrete logarithms over finite fields, with the aim of proving
the hardness of their decoding. In this work, we experiment with solving the
discrete logarithm over GF(q^h) using Reed-Solomon decoding. For fixed h and q
going to infinity, we introduce an algorithm (RSDL) needing O (h! q^2)
operations over GF(q), operating on a q x q matrix with (h+2) q non-zero
coefficients. We give faster variants including an incremental version and
another one that uses auxiliary finite fields that need not be subfields of
GF(q^h); this variant is very practical for moderate values of q and h. We
include some numerical results of our first implementations
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
A kilobit hidden SNFS discrete logarithm computation
We perform a special number field sieve discrete logarithm computation in a
1024-bit prime field. To our knowledge, this is the first kilobit-sized
discrete logarithm computation ever reported for prime fields. This computation
took a little over two months of calendar time on an academic cluster using the
open-source CADO-NFS software. Our chosen prime looks random, and
has a 160-bit prime factor, in line with recommended parameters for the Digital
Signature Algorithm. However, our p has been trapdoored in such a way that the
special number field sieve can be used to compute discrete logarithms in
, yet detecting that p has this trapdoor seems out of reach.
Twenty-five years ago, there was considerable controversy around the
possibility of back-doored parameters for DSA. Our computations show that
trapdoored primes are entirely feasible with current computing technology. We
also describe special number field sieve discrete log computations carried out
for multiple weak primes found in use in the wild. As can be expected from a
trapdoor mechanism which we say is hard to detect, our research did not reveal
any trapdoored prime in wide use. The only way for a user to defend against a
hypothetical trapdoor of this kind is to require verifiably random primes
Efficient dot product over word-size finite fields
We want to achieve efficiency for the exact computation of the dot product of
two vectors over word-size finite fields. We therefore compare the practical
behaviors of a wide range of implementation techniques using different
representations. The techniques used include oating point representations,
discrete logarithms, tabulations, Montgomery reduction, delayed modulus
Polylog Depth Circuits for Integer Factoring and Discrete Logarithms
AbstractIn this paper, we develop parallel algorithms for integer factoring and for computing discrete logarithms. In particular, we give polylog depth probabilistic boolean circuits of subexponential size for both of these problems, thereby solving an open problem of Adleman and Kompella.
Existing sequential algorithms for integer factoring and discrete logarithms use a prime base which is the set of all primes up to a bound B. We use a much smaller value for B for our parallel algorithms than is typical for sequential algorithms. In particular, for inputs of length n, by setting B = nlogdn with d a positive constant, we construct
•Probabilistic boolean circuits of depth (log) and size exp[(/log)] for completely factoring a positive integer with probability 1−(1), and
•Probabilistic boolean circuits of depth (log + log) and size exp[(/log)] for computing discrete logarithms in the finite field () for a prime with probability 1−(1). These are the first results of this type for both problem
- …