Abstract
Many key distribution systems are based on the assumption that the Discrete-Log (DL) problem is hard. The implementations could be more efficient if a significantly smaller exponent could be used, without lowering the complexity of the DL problem. When the exponent is known to reside in interval of size w, the DL problem can be computed in time O \( \sqrt w \), using Pollard’ “Lambda method for catching Kangaroos”.
Suppose we want a level of security of 300 years on a 1 MIP machine, with 1K bit operations per instruction. Then w = 2127 currently seems sufficient (with 512 bit modulus). It is not clear, however, whether methods other than “Kangaroo” exist, with lower complexity.
Let s and m denote the number of squarings and multiplications, respectively, required to exponentiate. It is well known that s roughly equals the size in bits of the exponent (L), and m is roughly 1.5 · L/lg2(L), for the most efficient methods, in the practical range.
We show that by using an exponent which is known to be compressible by a factor η, using the Ziv-Lempel method, we reduce m exponentially in η, on the average (integer multiplications may be more than twice as expensive as squarings, hence this is not negligible).
This can be used to speed up cryptographic key distribution systems of the Diffie-Hellman family. However, it is not clear how safe compressible exponents are.
Chapter PDF
Similar content being viewed by others
4 References
A.K. Lenstra, and H.W. Lenstra, Jr.: “Algorithms in Number Theory,” Technical Report 87-008, Univ. of Chicago, Dept. of CS, May 1987
J.M. Pollard, “Monte Carlo Methods for Index Computation (mod p),” Math. Comp. 32 (1978), 918–924
Y. Yacobi, “Exponentiating faster with addition chains,” Proceedings of Eurocrypt’90.
J. Ziv, and A. Lempel: “Compression of individual sequences via variable rate coding,” IEEE Trans. Inf. Th. Vol. IT-24, No. 5, Sep. 1978
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1991 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yacobi, Y. (1991). Discrete-Log With Compressible Exponents. In: Menezes, A.J., Vanstone, S.A. (eds) Advances in Cryptology-CRYPTO’ 90. CRYPTO 1990. Lecture Notes in Computer Science, vol 537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-38424-3_47
Download citation
DOI: https://doi.org/10.1007/3-540-38424-3_47
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-54508-8
Online ISBN: 978-3-540-38424-3
eBook Packages: Springer Book Archive