Discrete logarithm problem
Generated by GPT-5-miniExpansion Funnel Raw 82 → Dedup 0 → NER 0 → Enqueued 0
| Discrete logarithm problem | |
|---|---|
 | |
| Name | Discrete logarithm problem |
| Field | Mathematics, Computer Science, Cryptography |
| Introduced | 1970s |
| Notable people | Paul Pollard, Victor Shoup, Don Coppersmith, Richard Brent, Alexandra T. Lenstra |
| Related | Diffie–Hellman key exchange, ElGamal encryption, Digital Signature Algorithm, Elliptic curve cryptography |
Discrete logarithm problem The discrete logarithm problem is a fundamental problem in number theory and cryptography concerning the inversion of exponentiation in finite groups. It underpins public-key protocols such as Diffie–Hellman key exchange and ElGamal encryption, and its assumed hardness drives security for standards like Digital Signature Algorithm and Elliptic curve cryptography. Research on the problem intersects work by Paul Pollard, Don Coppersmith, Victor Shoup, Richard Brent, and institutions like National Institute of Standards and Technology and European Telecommunications Standards Institute.
Definition and Mathematical Formulation
Formally, given a finite cyclic group G generated by g and an element h in G, the task is to find an integer x such that g^x = h. Classical formulations appear in contexts studied by Carl Friedrich Gauss in modular arithmetic and later framed within algebraic structures treated by Évariste Galois and Niels Henrik Abel. Common group settings include multiplicative groups modulo primes as in work used by Ron Rivest, Adi Shamir, and Leonard Adleman and elliptic curve groups studied by Andrew Wiles and contributors to Hasse's theorem research. The problem's statement is central to protocols standardized by bodies such as Internet Engineering Task Force and operated by companies like RSA Security and Microsoft.
Computational Complexity and Hardness
The complexity status relates to classes explored by Alan Turing, Stephen Cook, and Leonid Levin through notions of polynomial time and reductions. There is no known reduction placing the discrete logarithm problem in NP-complete problems as defined in treatments by Cook–Levin theorem expositors, and cryptographic hardness assumptions are often framed by theorists at Bell Labs and research from MIT and Princeton University. Quantum algorithms by Peter Shor demonstrate solvability in polynomial time on quantum devices, prompting research by IBM, Google, and D-Wave Systems into post-quantum alternatives. Complexity analyses reference methods developed at Los Alamos National Laboratory and algorithmic frameworks from Stefan Goldwasser and Silvio Micali.
Algorithms and Methods for Solving
Classical generic algorithms include exhaustive search, baby-step giant-step introduced by Daniel Shanks, and Pollard's rho method by Paul Pollard. Subexponential algorithms for groups of prime order originate in the subfield advanced by H. Lenstra and A. K. Lenstra with the number field sieve adapted by John Pollard and innovators at CWI and INRIA. Index calculus methods trace roots to work by Adleman and implementations studied at University of Bonn and University of Bristol. Specific algorithmic advances are attributed to researchers like Don Coppersmith, Richard Brent, Victor Shoup, and teams from Bellcore and AT&T Labs. For elliptic curves, algorithms such as Schoof's method and improvements by Noam Elkies and A. O. L. Atkin address point counting and vulnerability analysis used by Certicom and academic groups at University of Waterloo.
Cryptographic Applications
Protocols relying on discrete logarithm hardness include Diffie–Hellman key exchange, ElGamal encryption, and Digital Signature Algorithm, which have been standardized by NIST and used in implementations from OpenSSL and products by Cisco Systems. Identity-based schemes following work by Adi Shamir and pairing-based cryptography developed by researchers at IBM Research exploit group structures related to discrete logarithms. Standards bodies such as IETF and ISO reference parameters influenced by studies at University of Cambridge and ETH Zurich. Attacks on implementations have engaged security teams at Google and Facebook, while mitigation guidance appears in advisories from US-CERT and ENISA.
Variants and Generalizations
Variants include the computational Diffie–Hellman problem and decisional Diffie–Hellman problem analyzed by Moni Naor and Mihir Bellare, the discrete log in finite fields of small characteristic studied by groups at Tsinghua University and École Polytechnique, and elliptic curve discrete logarithm in curves parameterized by standards from SECG. Extensions to pairing-friendly curves involve contributions by Dan Boneh and Matt Franklin, while hyperelliptic curve discrete logarithm research involves contributors from University of Sydney and University of Waterloo. Quantum-resistant alternatives prompted by Peter Shor's algorithm led to lattice-based and multivariate schemes explored at NIST and CNRS.
Practical Considerations and Parameter Selection
Parameter choices derive from analyses by NIST, ENISA, and cryptographers at Microsoft Research and IBM Research. Key size recommendations reflect advances reported by Certicom and results from distributed computations such as those coordinated by CWI and international teams at University of Bonn. Implementation considerations include side-channel countermeasures researched at University of California, Berkeley and KU Leuven, and standardized curves like those promoted by SECG and critiqued in analyses by Cryptography Research, Inc. and researchers at Radboud University. Transition guidance for post-quantum migration is provided by NIST and debated in workshops at IACR and RSA Conference.