Cryptology ePrint Archive: Report 2006/253

Hard Instances of the Constrained Discrete Logarithm Problem

Ilya Mironov and Anton Mityagin and Kobbi Nissim

Abstract: The discrete logarithm problem (DLP) generalizes to the constrained DLP, where the secret exponent $x$ belongs to a set known to the attacker. The complexity of generic algorithms for solving the constrained DLP depends on the choice of the set. Motivated by cryptographic applications, we study sets with succinct representation for which the constrained DLP is hard. We draw on earlier results due to Erd\"os et~al. and Schnorr, develop geometric tools such as generalized Menelaus' theorem for proving lower bounds on the complexity of the constrained DLP, and construct sets with succinct representation with provable non-trivial lower bounds.

Category / Keywords: foundations / discrete logarithm problem

Publication Info: 7th Algorithmic Number Theory Symposium (ANTS VII), pages 582--598, 2006.

Date: received 23 Jul 2006

Contact author: mironov at microsoft com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20060724:100136 (All versions of this report)

Short URL: ia.cr/2006/253

Discussion forum: Show discussion | Start new discussion