Cryptology ePrint Archive: Report 2010/370

Finding discrete logarithms with a set orbit distinguisher

Robert P. Gallant

Abstract: We consider finding discrete logarithms in a group $\GG$ when the help of an algorithm $D$ that distinguishes certain subsets of $\GG$ from each other is available. For a group $\GG$ of prime order $p$, if algorithm $D$ is polynomial-time with complexity c(\log(p))$, we can find discrete logarithms faster than square-root algorithms. We consider two variations on this idea and give algorithms solving the discrete logarithm problem in $\GG$ with complexity ${\cal O}(p^{\frac{1}{3}}\log(p)^3 + p^{\frac{1}{3}}c(\log(p) )$ and ${\cal O}(p^{\frac{1}{4}}\log(p)^3 + p^{\frac{1}{4}}c( \log(p) )$ in the best cases. When multiple distinguishers are available logarithms can be found in polynomial time. We discuss natural classes of algorithms $D$ that distinguish the required subsets, and prove that for {\em some} of these classes no algorithm for distinguishing can be efficient. The subsets distinguished are also relevant in the study of error correcting codes, and we give an application of our work to bounds for error-correcting codes.

Category / Keywords: Discrete logarithm problem, complexity, sparse polynomial, quadratic residue codes

Date: received 28 Jun 2010

Contact author: rpgallant at swgc mun ca

Available format(s): PDF | BibTeX Citation

Version: 20100628:181831 (All versions of this report)

Short URL: ia.cr/2010/370

Discussion forum: Show discussion | Start new discussion