Unformatted text preview: yptography. Evaluating this expression is easy: ax mod n The inverse problem of modular exponentiation is that of finding the discrete logarithm of a number. This is a hard problem: Find x where ax a b (mod n). For example: If 3x a 15 mod 17, then x = 6 Not all discrete logarithms have solutions (remember, the only valid solutions are integers). It’s easy to see that there is no solution, x, to the equation 3x = 7 (mod 13) It’s far more difficult to solve these problems using 1024bit numbers. Calculating Discrete Logarithms in a Finite Group
There are three main groups whose discrete logarithms are of interest to cryptographers: — The multiplicative group of prime fields: GF(p) — The multiplicative group of finite fields of characteristic 2: GF(2n) — Elliptic curve groups over finite fields F : EC(F) The security of many publickey algorithms is based on the problem of finding discrete logarithms, so the problem has been extensively studied. A good comprehensive overview of the problem, and the best solutions at the time, can be found in [1189, 1039]. The best current article on the topic is [934]. If p is the modulus and is prime, then the complexity of finding discrete logarithms in GF(p) is essentially the same as factoring an integer n of about the same size, when n is the product of two approximately equallength primes [1378, 934]. This is: e(1+ 0(1))(ln (p))(1/2)(ln (ln (p)))(1/2) The number field sieve is faster, with an heuristic asymptotic time estimate of e(1.923+ 0(1))(ln (p))(1/3)(ln (ln (p)))(2/3) Stephen Pohlig and Martin Hellman found a fast way of computing discrete logarithms in GF(p) if p  1 has only small prime factors [1253]. For this reason, only fields where p  1 has at least one large factor are used in cryptography. Another algorithm [14] computes discrete logarithms at a speed comparable to factoring; it has been expanded to fields of the form GF(pn) [716]. This algorithm was criticized [727] for having some theoretical problems. Other artic...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details