Cryptology ePrint Archive: Report 2010/617

Computing Discrete Logarithms in an Interval

Steven D. Galbraith and John M. Pollard and Raminder S. Ruprai

Abstract: The discrete logarithm problem in an interval of size $N$ in a group $G$ is: Given $g, h \in G$ and an integer $ N$ to find an integer $0 \le n \le N$, if it exists, such that $h = g^n$. Previously the best low-storage algorithm to solve this problem was the van Oorschot and Wiener version of the Pollard kangaroo method. The heuristic average case running time of this method is $(2 + o(1)) \sqrt{N}$ group operations.

We present two new low-storage algorithms for the discrete logarithm problem in an interval of size $N$. The first algorithm is based on the Pollard kangaroo method, but uses 4 kangaroos instead of the usual two. We explain why this algorithm has heuristic average case expected running time of $(1.714 + o(1)) \sqrt{N}$ group operations. The second algorithm is based on the Gaudry-Schost algorithm and the ideas of our first algorithm. We explain why this algorithm has heuristic average case expected running time of $(1.660 + o(1)) \sqrt{N}$ group operations. We give experimental results that show that the methods do work close to that predicted by the theoretical analysis.

Category / Keywords: public-key cryptography / discrete logarithm problem (DLP)

Publication Info: Submitted

Date: received 1 Dec 2010

Contact author: S Galbraith at math auckland ac nz

Available format(s): PDF | BibTeX Citation

Version: 20101208:173241 (All versions of this report)

Short URL: ia.cr/2010/617

Discussion forum: Show discussion | Start new discussion