Cubic Sieve Congruence of the Discrete Logarithm Problem, and fractional part sequences

Abstract

The Cubic Sieve Method for solving the Discrete Logarithm Problem in prime fields requires a nontrivial solution to the Cubic Sieve Congruence (CSC) x3≡y2z(modp), where p is a given prime number. A nontrivial solution must also satisfy x3≠y2z and 1⩽x,y, z<pα, where α is a given real number such that 13<α⩽12. The CSC problem is to find an efficient algorithm to obtain a nontrivial solution to CSC. CSC can be parametrized as x≡v2z(modp) and y≡v3z(modp). In this paper, we give a deterministic polynomial-time (O(ln3p) bit-operations) algorithm to determine, for a given v, a nontrivial solution to CSC, if one exists. Previously it took O˜(pα) time in the worst case to determine this. We relate the CSC problem to the gap problem of fractional part sequences, where we need to determine the non-negative integers N satisfying the fractional part inequality {θN}<ϕ (θ and ϕ are given real numbers). The correspondence between the CSC problem and the gap problem is that determining the parameter z in the former problem corresponds to determining N in the latter problem. We also show in the α=12 case of CSC that for a certain class of primes the CSC problem can be solved deterministically in O˜(p13) time compared to the previous best of O˜(p12). It is empirically observed that about one out of three primes is covered by the above class.