The discrete logarithm problem for exponents of bounded height

Q1 Mathematics

Lms Journal of Computation and Mathematics Pub Date : 2014-01-01 DOI:10.1112/S1461157014000230

S. Blackburn, Samuel Scott

{"title":"The discrete logarithm problem for exponents of bounded height","authors":"S. Blackburn, Samuel Scott","doi":"10.1112/S1461157014000230","DOIUrl":null,"url":null,"abstract":"Let G be a cyclic group written multiplicatively (and represented in some concrete way). Let n be a positive integer (much smaller than the order of G). Let g, h ∈ G. The bounded height discrete logarithm problem is the task of finding positive integers a and b (if they exist) such that a 6 n, b 6 n and g = h. (Provided that b is coprime to the order of g, we have h = g where a/b is a rational number of height at most n. This motivates the terminology.) The paper provides a reduction to the two-dimensional discrete logarithm problem, so the bounded height discrete logarithm problem can be solved using a low-memory heuristic algorithm for the two-dimensional discrete logarithm problem due to Gaudry and Schost. The paper also provides a low-memory heuristic algorithm to solve the bounded height discrete logarithm problem in a generic group directly, without using a reduction to the two-dimensional discrete logarithm problem. This new algorithm is inspired by (but differs from) the Gaudry– Schost algorithm. Both algorithms use O(n) group operations, but the new algorithm is faster and simpler than the Gaudry–Schost algorithm when used to solve the bounded height discrete logarithm problem. Like the Gaudry–Schost algorithm, the new algorithm can easily be carried out in a distributed fashion. The bounded height discrete logarithm problem is relevant to a class of attacks on the privacy of a key establishment protocol recently published by EMVCo for comment. This protocol is intended to protect the communications between a chip-based payment card and a terminal using elliptic curve cryptography. The paper comments on the implications of these attacks for the design of any final version of the EMV protocol.","PeriodicalId":54381,"journal":{"name":"Lms Journal of Computation and Mathematics","volume":"17 1","pages":"148-156"},"PeriodicalIF":0.0000,"publicationDate":"2014-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1112/S1461157014000230","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Lms Journal of Computation and Mathematics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1112/S1461157014000230","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 4

Abstract

Let G be a cyclic group written multiplicatively (and represented in some concrete way). Let n be a positive integer (much smaller than the order of G). Let g, h ∈ G. The bounded height discrete logarithm problem is the task of finding positive integers a and b (if they exist) such that a 6 n, b 6 n and g = h. (Provided that b is coprime to the order of g, we have h = g where a/b is a rational number of height at most n. This motivates the terminology.) The paper provides a reduction to the two-dimensional discrete logarithm problem, so the bounded height discrete logarithm problem can be solved using a low-memory heuristic algorithm for the two-dimensional discrete logarithm problem due to Gaudry and Schost. The paper also provides a low-memory heuristic algorithm to solve the bounded height discrete logarithm problem in a generic group directly, without using a reduction to the two-dimensional discrete logarithm problem. This new algorithm is inspired by (but differs from) the Gaudry– Schost algorithm. Both algorithms use O(n) group operations, but the new algorithm is faster and simpler than the Gaudry–Schost algorithm when used to solve the bounded height discrete logarithm problem. Like the Gaudry–Schost algorithm, the new algorithm can easily be carried out in a distributed fashion. The bounded height discrete logarithm problem is relevant to a class of attacks on the privacy of a key establishment protocol recently published by EMVCo for comment. This protocol is intended to protect the communications between a chip-based payment card and a terminal using elliptic curve cryptography. The paper comments on the implications of these attacks for the design of any final version of the EMV protocol.

查看原文本刊更多论文

有界高度指数的离散对数问题

设G是一个用乘法表示的循环群(并以某种具体的方式表示)。设n是一个正整数(远小于G阶)。设G, h∈G。有界高度离散对数问题的任务是找到正整数a和b(如果它们存在)，使得a 6n, b 6n和G = h。(假设b是G阶的素，我们有h = G，其中a/b是高度的有理数，最多为n。这就是术语的起源。)本文对二维离散对数问题进行了约简，使得二维离散对数问题的有界高度离散对数问题可以用基于Gaudry和Schost的低内存启发式算法求解。本文还提供了一种低内存启发式算法来直接解决一般群中的有界高度离散对数问题，而不使用对二维离散对数问题的化简。这种新算法的灵感来自于Gaudry - Schost算法(但不同于Gaudry - Schost算法)。这两种算法都使用O(n)群运算，但新算法在求解有界高度离散对数问题时比Gaudry-Schost算法更快更简单。与Gaudry-Schost算法一样，新算法可以很容易地以分布式方式实现。有界高度离散对数问题与EMVCo最近发布的针对密钥建立协议隐私的一类攻击有关。该协议旨在保护基于芯片的支付卡与使用椭圆曲线加密的终端之间的通信。本文评论了这些攻击对EMV协议最终版本设计的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Lms Journal of Computation and Mathematics MATHEMATICS, APPLIED-MATHEMATICS

CiteScore

2.60

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： LMS Journal of Computation and Mathematics has ceased publication. Its final volume is Volume 20 (2017). LMS Journal of Computation and Mathematics is an electronic-only resource that comprises papers on the computational aspects of mathematics, mathematical aspects of computation, and papers in mathematics which benefit from having been published electronically. The journal is refereed to the same high standard as the established LMS journals, and carries a commitment from the LMS to keep it archived into the indefinite future. Access is free until further notice.