Computing discrete logarithms in an interval

Steven D Galbraith,Raminder S Ruprai,John M Pollard

doi:10.1090/s0025-5718-2012-02641-x

Steven D Galbraith, Raminder S Ruprai + Show 1 more

Open Access

https://doi.org/10.1090/s0025-5718-2012-02641-x

Copy DOI

Abstract

The discrete logarithm problem in an interval of size N in a group G is: Given g, h ∈ G and an integer N to find an integer 0 ≤ n ≤ N , if it exists, such that h = gn. Previously the best low-storage algorithm to solve this problem was the van Oorschot and Wiener version of the Pollard kangaroo method. The heuristic average case running time of this method is (2 + o(1)) √ N group operations. We present two new low-storage algorithms for the discrete logarithm problem in an interval of size N . The first algorithm is based on the Pollard kangaroo method, but uses 4 kangaroos instead of the usual two. We explain why this algorithm has heuristic average case expected running time of (1.714 + o(1)) √ N group operations. The second algorithm is based on the Gaudry-Schost algorithm and the ideas of our first algorithm. We explain why this algorithm has heuristic average case expected running time of (1.660 + o(1)) √ N group operations. We give experimental results that show that the methods do work close to that predicted by the theoretical analysis.

Full Text