Discrete logarithm problem using index calculus method

Abstract

This paper presents a new methodology for the pre-computation phase of the index calculus method (ICM), which is a popular attack on solving the Discrete Logarithm Problem (DLP). For a prime field Z p ∗ of a multiplicative cyclic group, with a given generator g ∈ Z p ∗ and an element y ∈ Z p ∗ , the problem of finding x , such that g x = y ( mod p ) , is known as the DLP. The ICM has two steps: pre-computation and individual logarithm computation. In the pre-computation step, the logarithms of elements from a subset of the group, known as a factor base, is computed. In the second step, the DLP is computed with the help of the pre-computed logarithms of a factor base. The present work focuses on the pre-computation step. Three steps that have a significant impact on the performance of the pre-computation step are generating a system of equations on the logarithms of the primes in the factor base, reducing its size for computation efficiency, and solving the system for logarithms of elements in the factor base. It is shown that the performance of ICM is improved through reduction in size of the system of equations producing a smaller size matrix for the third step by combining the reduction and generation steps. The size of the factor base, sieve length (length of elements to be searched for generating the linear relations) and the ratio between the rows and columns in the linear relations are viewed in combination and studied in detail. We have achieved 30%–40% improvement in the performance of ICM. Even for a smaller size problem (≈100 bits), the running time is reduced to 667 s from 937 s.