An Analysis of Algorithms for Solving Discrete Logarithms in Fixed Groups

Abstract : Internet protocols such as Secure Shell and Internet Protocol Security rely on the assumption that finding discrete logarithms is hard. The protocols specify fixed groups for Diffie-Hellman key exchange that must be supported. Although the protocols allow flexibility in the choice of group, it is highly likely that the specific groups required by the standards will be used in most cases. There are security implications to using a fixed group, because solving any discrete logarithm within a group is comparatively easier after a group-specific precomputation has been completed. In this work, we more accurately model real-world cryptographic applications with fixed groups. We use an analysis of algorithms to place an upper bound on the complexity of solving discrete logarithms given a group-specific precomputation.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[3]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[4]  Leonard M. Adleman,et al.  A subexponential algorithm for the discrete logarithm problem with applications to cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Andrew M. Odlyzko,et al.  Discrete Logarithms in Finite Fields and Their Cryptographic Significance , 1985, EUROCRYPT.

[7]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[8]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[9]  Adolf Hildebrand,et al.  On integers free of large prime factors , 1986 .

[10]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[11]  Andrew M. Odlyzko,et al.  Solving Large Sparse Linear Systems over Finite Fields , 1990, CRYPTO.

[12]  Kevin S. McCurley,et al.  Massively Parallel Computation of Discrete Logarithms , 1992, CRYPTO.

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Oliver Schirokauer,et al.  Discrete Logarithms: The Effectiveness of the Index Calculus Method , 1996, ANTS.

[15]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[16]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[17]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[18]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[19]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[20]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[21]  Fabian Kuhn,et al.  Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing Multiple Discrete Logarithms , 2001, Selected Areas in Cryptography.

[22]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[23]  Tatu Ylönen,et al.  The Secure Shell (ssh) Transport Layer Protocol , 2006 .

[24]  Tatu Ylönen,et al.  The Secure Shell (SSH) Protocol Architecture , 2006, RFC.

[25]  Niels Provos,et al.  Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol , 2006, RFC.

[26]  C. Cobeli,et al.  ON THE DISCRETE LOGARITHM PROBLEM , 2008, 0811.4182.

[27]  Igor E. Shparlinski,et al.  Divisibility, Smoothness and Cryptographic Applications , 2008, Algebraic Aspects of Digital Communications.

[28]  By J. M. Pollard Monte Carlo Methods for Index Computation (mod p) , 2010 .

[29]  Peter Stevenhagen,et al.  Algorithmic Number Theory: Lattices, Number Fields, Curves and Cryptography , 2011 .