R i 1 γ i output γ first let us analyze the

Info icon This preview shows pages 57–59. Sign up to view the full content.

View Full Document Right Arrow Icon
r i =1 γ i output γ First, let us analyze the correctness of this algorithm. When the i th loop iteration terminates, by construction, we have γ q e i i i = 1 but γ q e i - 1 i i 6 = 1 . It follows (c.f., Theorem 4.28) that γ i has order q e i i . From this, it follows (c.f., Theorem 4.29) that γ has order p - 1. Thus, we have shown that if the algorithm terminates, its output is always correct. Let us now analyze the running time of this algorithm. Consider the repeat/until loop in the i th iteration of the outer loop. Since the kernel of the ( p - 1) /q i -power map on Z * p has order ( p - 1) /q i , the probability that a random α Z * p lies in the kernel is 1 /q i . It follows that the expected number of iterations of the repeat/until loop is O (1), and therefore, the expected running time of the entire algorithm is O ( r L ( p ) 3 ), and since r log 2 p , this is O ( L ( p ) 4 ). Note that if we are not given the prime factorization of p - 1, but rather, just a prime q dividing p - 1, and we want to find an element of order q in Z * p , then the above algorithm is easily adapted to this problem. We leave the details as an exercise for the reader. 52
Image of page 57

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8.2 Computing Discrete Logarithms Z * p In this section, we consider algorithms for computing the discrete logarithm of α Z * p to a given base γ . The algorithms we present here are in the worst case exponential-time algorithms, and are by no means the best possible; however, in some special cases, these algorithms are not so bad. 8.2.1 Brute-force search Suppose that γ Z * p generates a subgroup of order q (not necessarily prime), and we are given p , q , γ , and α ∈ h γ i , and wish to compute log γ α . The simplest algorithm to solve the problem is brute-force search : β 1 i 0 while β 6 = α do β β · γ i i + 1 output i This algorithm is clearly correct, and the main loop will always halt after at most q iterations (assuming, as we are, that α ∈ h γ i ). So the total running time is O ( q L ( p ) 2 ). 8.2.2 Baby step/giant step method As above, suppose that γ Z * p generates a subgroup of order q (not necessarily prime), and we are given p , q , γ , and α ∈ h γ i , and wish to compute log γ α . A faster algorithm than brute-force search is the baby step/giant step method . It works as follows. Let us choose an approximation m to q 1 / 2 . It does not have to be a very good approximation — we just need m = Θ( q 1 / 2 ). Also, let m 0 = b q/m c , so that m 0 = Θ( q 1 / 2 ) as well. The idea is to compute all the values γ i for 0 i < m (the “baby steps”) and to build a “lookup table” T that contains all the pairs ( γ i , i ). Using an appropriate data structure, such as a search trie , we can build the table in time O ( m L ( p ) 2 ), and we can perform a lookup in time O ( L ( p )). By a lookup, we mean that given β Z * p , we can determine if β = γ i for some i , and if so, determine the value of i . Let us define T ( β ) := i if β = γ i for some i ; and otherwise, T ( β ) := - 1.
Image of page 58
Image of page 59
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern