Next: The State of the Up: Lecture 8: Public-key Crypto Previous: Let's try it!

The Discrete Logarithm Problem

Let be positive real numbers. Recall that

if and only if

Thus the function solves the following problem: Given a base  and a power  of , find an exponent  such that

That is, given and , find .

Example 4.1   , . A calculator quickly gives that

The discrete log problem is the analogue of this problem modulo :

Discrete Log Problem: Given and , find . Put another way, compute , when .

As far as we know, this problem is VERY HARD to solve quickly. Nobody has admitted publicly to having proved that the discrete log can't be solved quickly, but many very smart people have tried hard and not succeeded. It's easy to write a slow program to solve the discrete log problem. (There are better methods but we won't discuss them in this class.)

? dislog(x,g, s) = s=g; for(n=1,znorder(g),if(x==s, return(n), s=s*g)); 0;
? dislog(18,Mod(5,23))
%6 = 12
? dislog(20,Mod(5,23))
%7 = 5

So the example above was far too simple. Let's try a slightly larger prime:
? p=nextprime(9584)
%8 = 9587
? isprime((p-1)\2)
%9 = 1
? znorder(Mod(2,p))
%10 = 9586
? g=Mod(2,p)
%11 = Mod(2, 9587)
? a = g^389
%15 = Mod(7320, 9587)
? dislog(a,g)
%16 = 389

This is still very easy to crack''. Let's try an even bigger one.
? p = 9048610007
%1 = 9048610007
?  g = Mod(5,p)
%2 = Mod(5, 9048610007)
? a = g^948603
%3 = Mod(3668993056, 9048610007)
? dislog(a,g)              \\ this take a while
%4 = 948603
? znlog(a,g)        \\ builtin super-optimized version takes about 1/2 second
%31 = 948603

Computing the discrete log gets slow quickly, the larger we make the . Doubling the number of digits of the modulus makes the discrete log much much harder.

Subsections

Next: The State of the Up: Lecture 8: Public-key Crypto Previous: Let's try it!
William A Stein 2001-09-28