# The Past, Evolving Present, and Future of the Discrete Logarithm

@inproceedings{Joux2014ThePE, title={The Past, Evolving Present, and Future of the Discrete Logarithm}, author={Antoine Joux and Andrew M. Odlyzko and C{\'e}cile Pierrot}, booktitle={Open Problems in Mathematics and Computational Science}, year={2014} }

The first practical public key cryptosystem ever published, the Diffie–Hellman key exchange algorithm, relies for its security on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the security of a large variety of other public key systems and protocols.

## 34 Citations

Technical history of discrete logarithms in small characteristic finite fields

- Computer Science, MathematicsDes. Codes Cryptogr.
- 2016

A road leads from the original belief that this problem was hard enough for cryptographic purpose to the current state of the art where the algorithms are so efficient and practical that the problem can no longer be considered for cryptographic use.

The Discrete-Logarithm Problem with Preprocessing

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

Motivated by surprising recent preprocessing attacks on the discrete-log problem, this paper study the power and limits of such algorithms that use preprocessing.

On the security of pairing implementations

- Computer Science, Mathematics
- 2014

This study evaluated the resistance to fault attacks in pairing implementations, and sent electromagnetic pulses in the chip computing a pairing at a precise instant to recover the cryptographic secret which should be protected in the computation.

A Survey on Fully Homomorphic Encryption

- Computer Science, MathematicsACM Comput. Surv.
- 2018

In this survey, both previous and current Somewhat Homomorphic Encryption schemes are reviewed, and the more powerful and recent Fully HomomorphicEncryption (FHE) schemes are comprehensively studied.

A new generalization of the KMOV cryptosystem

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2017

This paper proposes a generalization of the KMOV cryptosystem with a prime power modulus of the form n=p^{r}q^{s}$$n=prqs and study its resistance to the known attacks.

First Practical Side-channel Attack to Defeat Point Randomization in Secure Implementations of Pairing-based Cryptography

- Computer Science, MathematicsSECRYPT
- 2017

An updated review of the state of the art countermeasures against side channel attacks that target PBC implementations is provided and a collision based side-channel attack against an implementation embedding the point randomization countermeasure is proposed.

Zero-knowledge proofs for secure computation

- Computer Science, Mathematics
- 2017

A new type of zero-knowledge proofs is introduced that stands between two existing notions, interactive zeroknowledge proofs and non-interactive zero- knowledge proofs, and can be built from essentially the same cryptographic assumptions than the former, which allows to get improved efficiency and security guarantees.

On Search Complexity of Discrete Logarithm

- Computer Science, MathematicsMFCS
- 2021

The main results establish that suitable variants of the discrete logarithm problem are complete for the complexity class PPP and PWPP, i.e., the subclasses of TFNP capturing total search problems with a solution guaranteed by the pigeon hole principle, respectively the weak pigeonhole principle.

Resistance of the Point Randomisation Countermeasure for Pairings Against Side-Channel Attack

- Computer Science, MathematicsICETE
- 2017

An updated review of the state of the art countermeasures against side channel attacks against PBC implementations and proposes a collision based side-channel attack against an implementation embedding the point randomization countermeasure.

Sieve algorithms for the discrete logarithm in medium characteristic finite fields. (Algorithmes de crible pour le logarithme discret dans les corps finis de moyenne caractéristique)

- Computer Science, Mathematics
- 2017

This thesis proposes and study two new sieve algorithms allowing us to treat any dimensions, with an emphasis on the three-dimensional case, and provides a complete implementation of the relation collection for some variants of the NFS in three dimensions.

## References

SHOWING 1-10 OF 79 REFERENCES

A public key cryptosystem and a signature scheme based on discrete logarithms

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1984

A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.

A One Round Protocol for Tripartite Diffie–Hellman

- Mathematics, Computer ScienceJournal of Cryptology
- 2004

A three participants variation of the Diffie--Hellman protocol is proposed, based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curve to the discreteLogarithms problem in a finite field.

Public-Key Cryptosystems Based on Composite Degree Residuosity Classes

- Computer Science, MathematicsEUROCRYPT
- 1999

A new trapdoor mechanism is proposed and three encryption schemes are derived : a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA, which are provably secure under appropriate assumptions in the standard model.

Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model

- Computer Science, MathematicsASIACRYPT
- 2002

This paper shows that there exist cryptographic schemes that are provably hard in the generic group model but easy to break in practice whenever the random encoding function is replaced with a specific encoding function (or one drawn from a specific set of encoding functions).

Identity-Based Encryption from the Weil Pairing

- Computer Science, MathematicsCRYPTO
- 2001

This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.

Short Signatures from the Weil Pairing

- Computer Science, MathematicsJ. Cryptol.
- 2004

A short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves is introduced for systems where signatures are typed in by a human or are sent over a low-bandwidth channel.

Diffie-Hellman Oracles

- Mathematics, Computer ScienceCRYPTO
- 1996

Several new conditions for the polynomial-time equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms in G are derived which extend former results by den Boer and Maurer.

Discrete Logarithms: The Effectiveness of the Index Calculus Method

- Mathematics, Computer ScienceANTS
- 1996

This article surveys recent developments concerning the discrete logarithm problem in the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieves.

The random oracle methodology, revisited

- Computer Science, MathematicsJACM
- 2004

There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes.

Reducing elliptic curve logarithms to logarithms in a finite field

- Mathematics, Computer ScienceSTOC '91
- 1991

The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logariths problem in the multiplicative group of an extension of the underlying finite field, thus providing a probabilistic subexponential time algorithm for the former problem.