Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Computing Interval Discrete Logarithm Problem with Restricted Jump Method

2020 ◽  
Vol 177 (2) ◽  
pp. 189-201
Author(s):  
Bin Qi ◽  
Jie Ma ◽  
Kewei Lv

The interval discrete logarithm problem(IDLP) is to find a solution n such that gn = h in a finite cyclic group G = 〈g〉, where h ∈ G and n belongs to a given interval. To accelerate solving IDLP, a restricted jump method is given to speed up Pollard’s kangaroo algorithm in this paper. Since the Pollard’ kangaroo-like method need to compute the intermediate value during every iteration, the restricted jump method gives another way to reuse the intermediate value so that each iteration is speeded up at least 10 times. Actually, there are some variants of kangaroo method pre-compute the intermediate value and reuse the pre-computed value in each iteration. Different from the pre-compute method that reuse the pre-computed value, the restricted jump method reuse the value naturally arised in pervious iteration, so that the improved algorithm not only avoids precomputation, but also speeds up the efficiency of each iteration. So only two or three large integer multiplications are needed in each iteration of the restricted jump method. And the average large integer multiplication times is (1:633 + o(1)) N in restricted jump method, which is verified in the experiment.

Author(s):  
Phillip Kaye ◽  
Raymond Laflamme ◽  
Michele Mosca

In this chapter we examine one of two main classes of algorithms: quantum algorithms that solve problems with a complexity that is superpolynomially less than the complexity of the best-known classical algorithm for the same problem. That is, the complexity of the best-known classical algorithm cannot be bounded above by any polynomial in the complexity of the quantum algorithm. The algorithms we will detail all make use of the quantum Fourier transform (QFT). We start off the chapter by studying the problem of quantum phase estimation, which leads us naturally to the QFT. Section 7.1 also looks at using the QFT to find the period of periodic states, and introduces some elementary number theory that is needed in order to post-process the quantum algorithm. In Section 7.2, we apply phase estimation in order to estimate eigenvalues of unitary operators. Then in Section 7.3, we apply the eigenvalue estimation algorithm in order to derive the quantum factoring algorithm, and in Section 7.4 to solve the discrete logarithm problem. In Section 7.5, we introduce the hidden subgroup problem which encompasses both the order finding and discrete logarithm problem as well as many others. This chapter by no means exhaustively covers the quantum algorithms that are superpolynomially faster than any known classical algorithm, but it does cover the most well-known such algorithms. In Section 7.6, we briefly discuss other quantum algorithms that appear to provide a superpolynomial advantage. To introduce the idea of phase estimation, we begin by noting that the final Hadamard gate in the Deutsch algorithm, and the Deutsch–Jozsa algorithm, was used to get at information encoded in the relative phases of a state. The Hadamard gate is self-inverse and thus does the opposite as well, namely it can be used to encode information into the phases. To make this concrete, first consider H acting on the basis state |x⟩ (where x ∊ {0, 1}). It is easy to see that You can think about the Hadamard gate as having encoded information about the value of x into the relative phases between the basis states |0⟩ and |1⟩.


2016 ◽  
Vol 19 (1) ◽  
pp. 1-15 ◽  
Author(s):  
Jung Hee Cheon ◽  
Taechan Kim

The aim of the discrete logarithm problem with auxiliary inputs is to solve for ${\it\alpha}$, given the elements $g,g^{{\it\alpha}},\ldots ,g^{{\it\alpha}^{d}}$ of a cyclic group $G=\langle g\rangle$, of prime order $p$. The best-known algorithm, proposed by Cheon in 2006, solves for ${\it\alpha}$ in the case where $d\mid (p\pm 1)$, with a running time of $O(\sqrt{p/d}+d^{i})$ group exponentiations ($i=1$ or $1/2$ depending on the sign). There have been several attempts to generalize this algorithm to the case of ${\rm\Phi}_{k}(p)$ where $k\geqslant 3$. However, it has been shown by Kim, Cheon and Lee that a better complexity cannot be achieved than that of the usual square root algorithms.We propose a new algorithm for solving the DLPwAI. We show that this algorithm has a running time of $\widetilde{O}(\sqrt{p/{\it\tau}_{f}}+d)$ group exponentiations, where ${\it\tau}_{f}$ is the number of absolutely irreducible factors of $f(x)-f(y)$. We note that this number is always smaller than $\widetilde{O}(p^{1/2})$.In addition, we present an analysis of a non-uniform birthday problem.


2016 ◽  
Vol 2016 ◽  
pp. 1-8
Author(s):  
Jiang Weng ◽  
Yunqi Dou ◽  
Chuangui Ma

Cheon first proposed a novel algorithm for solving discrete logarithm problem with auxiliary inputs. Given some pointsP,αP,α2P,…,αdP∈G, an attacker can solve the secret key efficiently. In this paper, we propose a new algorithm to solve another form of elliptic curve discrete logarithm problem with auxiliary inputs. We show that if some pointsP,αP,αkP,αk2P,αk3P,…,αkφ(d)-1P∈Gand a multiplicative cyclic groupK=〈k〉are given, wheredis a prime,φ(d)is the order ofK. The secret keyα∈Fp⁎can be solved inO((p-1)/d+d)group operations by usingO((p-1)/d)storage.


2018 ◽  
Vol 14 (06) ◽  
pp. 1627-1636
Author(s):  
Chao Liu

Let [Formula: see text] be a finite cyclic group of order [Formula: see text]. Every sequence [Formula: see text] over [Formula: see text] can be written in the form [Formula: see text] where [Formula: see text] and [Formula: see text], and the index [Formula: see text] of [Formula: see text] is defined as the minimum of [Formula: see text] over all [Formula: see text] with [Formula: see text]. Let [Formula: see text] and [Formula: see text] be any fixed integers. We prove that, for every sufficiently large integer [Formula: see text] divisible by [Formula: see text], there exists a sequence [Formula: see text] over [Formula: see text] of length [Formula: see text] having no subsequence [Formula: see text] of index [Formula: see text], which has substantially improved the previous results in this direction.


2014 ◽  
Vol 17 (A) ◽  
pp. 230-246 ◽  
Author(s):  
Razvan Barbulescu ◽  
Cécile Pierrot

AbstractIn this paper we study the discrete logarithm problem in medium- and high-characteristic finite fields. We propose a variant of the number field sieve (NFS) based on numerous number fields. Our improved algorithm computes discrete logarithms in $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}\mathbb{F}_{p^n}$ for the whole range of applicability of the NFS and lowers the asymptotic complexity from $L_{p^n}({1/3},({128/9})^{1/3})$ to $L_{p^n}({1/3},(2^{13}/3^6)^{1/3})$ in the medium-characteristic case, and from $L_{p^n}({1/3},({64/9})^{1/3})$ to $L_{p^n}({1/3},((92 + 26 \sqrt{13})/27)^{1/3})$ in the high-characteristic case.


2020 ◽  
Vol 17 (4) ◽  
pp. 31-41
Author(s):  
Bin Qi ◽  
Jie Ma ◽  
Kewei Lv

Export Citation Format

Share Document