The running time for the recursive calls depends on

Info icon This preview shows pages 59–62. Sign up to view the full content.

View Full Document Right Arrow Icon
The running time for the recursive calls depends on the strategy used to choose f . If we always choose f = 1 or f = e - 1, then the running time is for all the recursive calls is O ( e 2 log q · L ( p ) 2 ). However, if we use a “balanced” divide-and-conquer strategy, choosing f e/ 2, then we get O ( e log e log q · L ( p ) 2 ). In summary, the total running time is: O (( eq 1 / 2 + e log e log q ) · L ( p ) 2 ) . 54
Image of page 59

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8.2.4 Discrete logarithms in Z * p Suppose that we are given a prime p , along with the prime factorization p - 1 = r Y i =1 q e i i , a generator γ for Z * p , and α Z * p . We wish to compute log γ α . Suppose that α = γ x , where 0 x < p - 1. Then for 1 i r , α ( p - 1) /q e i i = γ ( p - 1) /q e i i x . Note that γ ( p - 1) /q e i i has order q e i i , and if x i is the discrete logarithm of α ( p - 1) /q e i i to the base γ ( p - 1) /q e i i , then we have 0 x i < q e i i and x x i (mod q e i i ). Thus, if we compute the values x 1 , . . . , x r , using the algorithm in § 8.2.3, we can obtain x using the algorithm of the Chinese Remainder Theorem. If we define q := max { q i : 1 i r } , then the running time of this algorithm will be bounded by q 1 / 2 L ( p ) O (1) . 8.3 Further remarks One conclusion to be drawn from the observations in this cahpter is that if all the prime factors of p - 1 are “small,” then the discrete logarithm problem in Z * p is “easy.” The algorithm we have presented here is by no means the fastest. The fastest known algorithm for this problem is based on a technique called the number field sieve , and runs in time exp( L ( P ) 1 / 3 (log L ( P )) 2 / 3 ) . While this running time is still larger than any polynomial in L ( P ), it is still much smaller than that of the simple algorithm presented above. Finally, we remark that all of the algorithms presented in this chapter work in any finite cyclic group — we really did not exploit any properties about Z * p other than the fact that it is a cyclic group. However, faster discrete logarithm algorithms, like those mentioned above based on the number field sieve, do not work in an arbitrary finite cyclic group; these algorithms only work for Z * p , and more generally, for K * , where K is a finite field. 55
Image of page 60
Chapter 9 Quadratic Residues and Quadratic Reciprocity 9.1 Quadratic Residues For positive integer n , an integer a is called a quadratic residue modulo n if gcd( a, n ) = 1 and x 2 a (mod n ) for some integer x ; in this case, we say that x is a square root of a modulo n . The quadratic residues modulo n correspond exactly to the subgroup of squares ( Z * n ) 2 of Z * n ; that is, a is a quadratic residue modulo n if and only if [ a mod n ] ( Z * n ) 2 . Let us first consider the case where n = p , where p is an odd prime. In this case, we know that Z * p is cyclic of order p - 1. Recall that the subgroups any finite cyclic group are in one-to-one correspondence with the divisors of the order of the group.
Image of page 61

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 62
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern