Paper 2010/370

Finding discrete logarithms with a set orbit distinguisher

Robert P. Gallant

Abstract

We consider finding discrete logarithms in a group $\text{GG}$ when the help of an algorithm $D$ that distinguishes certain subsets of $\text{GG}$ from each other is available. For a group $\text{GG}$ of prime order $p$, if algorithm $D$ is polynomial-time with complexity c(\log(p))$,wecanfinddiscretelogarithmsfasterthansquare-rootalgorithms.Weconsidertwovariationsonthisideaandgivealgorithmssolvingthediscretelogarithmproblemin$\GG$withcomplexity${\cal O}(p^{\frac{1}{3}}\log(p)^3 + p^{\frac{1}{3}}c(\log(p) )$and${\cal O}(p^{\frac{1}{4}}\log(p)^3 + p^{\frac{1}{4}}c( \log(p) )$inthebestcases.Whenmultipledistinguishersareavailablelogarithmscanbefoundinpolynomialtime.Wediscussnaturalclassesofalgorithms$D$ that distinguish the required subsets, and prove that for {\em some} of these classes no algorithm for distinguishing can be efficient. The subsets distinguished are also relevant in the study of error correcting codes, and we give an application of our work to bounds for error-correcting codes.