Abstract
Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ∈ GF(q) is that integer k, 1 ≤ k ≤ q−1, for which u = g k. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
L. M. Adleman, A subexponential algorithm for the discrete logarithm problem with applications to cryptography, Proc. 20th IEEE Found. Comp. Sci. Symp. (1979), 55–60.
L. M. Adleman, C. Pomerance and R. S. Rumely, On distinguishing prime numbers from composite numbers, Annals Math. 117 (1983), 173–206.
B. Arazi, Sequences constructed by operations modulo 2n−1 or modulo 2n and their application in evaluating the complexity of a log operation over GF(2n), preprint.
C. P. Arnold, M. I. Parr, and M. B. Dewe, An efficient parallel algorithm for the solution of large sparse linear matrix equations, IEEE Trans. on Computers, C-32 (1983), 265–272.
E. Bach, Discrete logarithms and factoring, to be published.
V. A. Barker, ed., Sparse Matrix Techniques, Lecture Notes in Mathematics #572, Springer-Verlag, 1977.
E. R. Berlekamp, Factoring polynomials over large finite fields, Math. Comp. 24 (1970), 713–735.
I. F. Blake, R. Fuji-Hara, R. C. Mullin, and S. A. Vanstone, Computing logarithms in finite fields of characteristic two, SIAM J. Alg. Disc. Methods, 5 (1984), 276–285.
M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo random bits, SIAM J. Comp., to appear.
A. Borodin and I. Munro, The Computational Complexity of Algebraic and Numeric Problems, American Elsevier, 1975.
A. Brameller, R. N. Allan, and Y. M. Hamam, Sparsity, Pitman 1976.
E. F. Brickell, A fast modular multiplication algorithm with applications to two key crytography, pp. 51–60 in Advances in Cryptology: Proceedings of CRYPTO’ 82, D. Chaum, R. Rivest, and A. Sherman, eds., Plenum Press, 1983.
E. F. Brickell and J. H. Moore, Some remarks on the Herlestam-Johannesson algorithm for computing logarithms over GF(2n), pp. 15–20, in Advances in Cryptology: Proceedings of CRYPTO’ 82, D. Chaum, R. Rivest and A. Sherman, eds., Plenum Press, 1983.
J. Brillhart, D. H. Lehmer, J. L. Selfridge, B. Tuckerman, and S. S. Wagstaff, Jr., Factorizations of b n ± 1, b = 2, 3, 5, 6, 7, 10, 11, 12 up to High Powers, Am. Math. Society, 1983.
N. G. de Bruijn, Asymptotic Methods in Analysis, North-Holland. 1958
D. G. Cantor and H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Math. Comp. 36 (1981), 587–592.
H. Cohen and H. W. Lenstra, Jr., Primality testing and Jacobi sums, Math. Comp., 42 (1984), 297–330.
D. Coppersmith, Evaluating logarithms in GF(2n), pp. 201–207 in Proc. 16th ACM Symp. Theory of Computing, 1984.
D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two, IEEE Trans. Inform. Theory IT-30 (1984), 587–594.
D. Coppersmith and A. M. Odlyzko, manuscript in preparation.
D. Coppersmith and S. Winograd, On the asymptotic complexity of matrix multiplication, SIAM J. Comp. 11 (1982), 472–492.
J. A. Davis, D. B. Holdridge, and G. J. Simmons, Status report on factoring (at the Sandia National Laboratories), to appear in Proc. EUROCRYPT 84.
W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, IT-22 (1976), 644–654.
W. Diffie and M. E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer 10 (1977), 74–84.
T. ElGamal, A subexponential-time algorithm for computing discrete logarithms over GF(p 2), IEEE Trans. Inform. Theory, to appear.
T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, to appear.
A. George and J. W.-H. Liu, Computer Solution of Large Sparse Positive Definite Systems, Prentice-Hall, 1981.
S. Golomb, Shift-register Sequences, Holden-Day, 1967.
F. G. Gustavson, Analysis of the Berlekamp-Massey feedback shift-register synthesis algorithm, IBM J. Res. Dev. 20 (1976), 204–212.
M. E. Hellman and J. M. Reyneri, Fast computation of discrete logarithms in GF(q), pp. 3–13 in Advances in Cryptography: Proceedings of CRYPTO’ 82, D. Chaum, R. Rivest, and A. Sherman, eds., Plenum Press, 1983.
D. Hensley, The number of positive integers ⩽ x and free of prime factors > y, preprint.
T. Herlestam and R. Johannesson, On computing logarithms over GF(2p), BIT 21 (1981), 326–334.
M. R. Hestenes and E. Stiefel, Methods of conjugate gradients for solving linear systems, J. Res. Nat. Bureau of Standards 49 (1952), 409–436.
A. Hildebrand, On the number of positive integers ⩽ x and free of prime factors > y, to be published.
J. Ja’ Ja’ and S. Venkatesan, On the complexity of a parity problem related to coding theory, Pennsylvania State Univ. Computer Sci. Report CS-81-5 (1981).
D. E. Knuth, The Art of Computer Programming: Vol. 2, Seminumerical Algorithms, 2nd ed., Addison-Wesley 1981.
A. G. Konheim, Cryptography: A Primer, Wiley, 19981.
J. Kowalchuk, B. P. Schanning, and S. Powers, Communication privacy: Integration of public and secret key cryptography, NTC Conference Record, Vol. 3, pp. 49.1.1–49.1.5, Dec. 1980.
C. Lanczos, Solution of systems of linear equations by minimized iterations, J. Res. Nat. Bureau of Standards 49 (1952), 33–53.
D. L. Long, Random equivalence of factorization and computation of orders, Theoretical Comp. Sci., to appear.
D. L. Long and A. Wigderson, How discreet is the discrete log?, pp. 413–420 in Proc. 15-th ACM Symp. Theory of Computing, 1983.
F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes, North-Holland, 1977.
H. Maier, On integers free of large prime divisors, to be published.
J. L. Massey, Shift-register synthesis and BCH decoding, IEEE Trans. Inform. Theory IT-15 (1969), 122–127.
J. L. Massey, Logarithms in finite cyclic groups — cryptographic issues, pp. 17–25 in Proc. 4th Benelux Symp. on Inform. Theory, Leuven, Belgium, May 1983.
R. Merkle, Secrecy, authentication, and public key systems, Ph.D. dissertation, Dept. of Electrical Engineering, Stanford Univ., 1979.
J. C. P. Miller, On factorization, with a suggested new approach, Math. Comp. 29 (1975), 155–172.
R. C. Mullin and S. A. Vanstone, manuscript in preparation.
R. W. K. Odoni, V. Varadharajan, and P. W. Sanders, Public key distribution in matrix rings, Electronics Letters 20 (1984), 386–387.
H. Ong, C. P. Schnorr, and A. Shamir, An efficient signature scheme based on quadratic forms, pp. 208–216 in Proc. 16th ACM Symp. Theory of Comp., 1984.
S. C. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Trans. Inform. Theory IT-24 (1978), 106–110.
J. Pollard, Monte Carlo methods for index computations (mod p), Math. Comp. 32 (1978), 918–924.
C. Pomerance, Analysis and comparison of some integer factoring algorithms, pp. 89–139 in Computational Methods in Number Theory: Part 1, H. W. Lenstra, Jr., and R. Tijdeman, eds., Math. Centre Tract 154, Math. Centre Amsterdam, 1982.
G. B. Purdy, A high security log-in procedure, Comm. ACM 17 (1974), 442–445.
M. O. Rabin, Probabilistic algorithms in finite fields, SIAM J. Comp. 9 (1980), 273–280.
J. A. Reeds and N. J. A. Sloane, Shift-register synthesis (modulo m), SIAM J. Comp., to appear.
J. E. Sachs and S. Berkovits, Probabilistic analysis and performance modelling of the “Swedish” algorithm and modifications, to be published.
J. Sattler and C. P. Schnorr, Generating random walks in groups, preprint.
B. P. Schanning, Data encryption with public key distribution, EASCON Conf. Rec., Washington, D.C., Oct. 1979, pp. 653–660.
C. P. Schnorr and H. W. Lenstra, Jr., A Monte Carlo factoring algorithm with linear storage, Math. Comp. 43 (1984), 289–311.
R. Schreiber, A new implementation of sparse gaussian elimination, ACM Trans. Math. Software 8 (1982), 256–276.
J. W. Smith and S. S. Wagstaff, Jr., An extended precision operand computer, pp. 209–216 in Proc. 21st Southeast Region. ACM Conference, 1983.
P. K. S. Wah and M. Z. Wang, Realization and application of the Massey-Omura lock, pp. 175–182 in Proc. Intern. Zurich Seminar, March 6–8, 1984.
A. L. Wells, Jr., A polynomial form for logarithms modulo a prime, IEEE Trans. Inform. Theory, to appear.
A. E. Western and J. C. P. Miller, Tables of Indices and Primitive Roots, Royal Society Mathematical Tables, vol. 9, Cambridge Univ. Press, 1968.
D. Wiedemann, Solving sparse linear equations over finite fields, manuscript in preparation.
R. M. Willett, Finding logarithms over large finite fields, in preparation.
H. C. Williams and B. Schmid, Some remarks concerning the M.I.T. public-key system, BIT 19 (1979), 525–538.
K. Yiu and K. Peterson, A single-chip VLSI implementation of the discrete exponential public key distribution system, Proc. GLOBCOM-82, IEEE 1982, pp. 173–179.
N. Zierler, A conversion algorithm for logarithms on GF(2n), J. Pure Appl. Algebra 4 (1974), 353–356.
N. Zierler and J. Brillhart, On primitive trinomials (mod 2), Inform. Control 13 (1968), 541–554.
N. Zierler and J. Brillhart, On primitive trinomials (mod 2), II., Inform. Control 14 (1969), 566–569.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1985 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Odlyzko, A.M. (1985). Discrete logarithms in finite fields and their cryptographic significance. In: Beth, T., Cot, N., Ingemarsson, I. (eds) Advances in Cryptology. EUROCRYPT 1984. Lecture Notes in Computer Science, vol 209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39757-4_20
Download citation
DOI: https://doi.org/10.1007/3-540-39757-4_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-16076-2
Online ISBN: 978-3-540-39757-1
eBook Packages: Springer Book Archive