SlideShare a Scribd company logo

DISCRETE LOGARITHM PROBLEM

Download as PPTX, PDF
M
MANISH KUMAR

TOPIC OF CRYPTOGRAPHY

Education
1 of 15
CONTENTS  INTRODUCTION  DEFINITION  ELGAMEL PUBLIC KEY CRYPTOSYSTEM  DIFFIE-HELLMAN KEY EXCHANGE  ALGORITHM FOR DLP Baby-step giant-step Pohlig–Hellman algorithm Pollard rho algorithm  Reduction of DLP hard problem  REFERENCE
INTRODUCTION The theme of these presentation concerns public cryptosystem based on discrete logarithm problem . The first and well known for these is the elgamel cyptosystem . The discrete logarithm problem forms the basis of numerous cryptographic protocol . In this presentation we survey the methods known for solving the discrete logarithm problem ∝𝑖= β in various group G .
DEFINITION Consider a finite group (G,.). For an element ∝ ∈ 𝐺, . having an order n . Let <∝> = ∝𝑖 ; 0 ≤ 𝑖 ≤ 𝑛 − 1 . The Discrete logarithm problem (DLP) is to find the unique integer 𝑖 , 0 ≤ 𝑖 ≤ 𝑛 − 1 , such that ∝𝑖 = β We know this integer 𝑖 = 𝐿𝑜𝑔∝β  ∝ is suggested to be a primitive element modulo n .  Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that ax ≡ b (mod p) is called the discrete logarithm problem.  In the ElGamal method, the difficulty of solving the discrete logarithm problem yields good cryptosystems .
ELGAMEL PUBLIC KEY CRYPTOSYSTEM Let p be a prime such that DLP in (𝑍 𝑃 ∗ ,.) is hard and let ∝ be a primitive element and let P(plaintext)= 𝑍 𝑃 ∗ and C(cipher text) =𝑍 𝑃 ∗ × 𝑍 𝑃 ∗ and Define K={(𝑝, 𝛼, 𝑎, 𝛽) : 𝛼 𝑎 ≡ 𝛽 𝑚𝑜𝑑(𝑝)} where p, 𝛼, 𝛽 is public and a is private key. For a given key k = (𝑝, 𝛼, 𝑎, 𝛽) and for a secret random number 𝑟 𝜖 𝑍 𝑃−1 ∗ , define 𝑒 𝑘 𝑥, 𝑟 = (𝑦1, 𝑦2) , where 𝑦1 = 𝛼 𝑟 𝑚𝑜𝑑 𝑝 and 𝑦2 = 𝑥𝛽 𝑟 𝑚𝑜𝑑 𝑝 For 𝑦1 , 𝑦2 ∈ 𝑍 𝑃 ∗ , define 𝑑 𝑘 𝑦1, 𝑦2 = 𝑦2(𝑦1 𝑎 )−1 Exampe: - Suppose p=2579 and 𝛼=2 is a primitive elements mod p . Let 𝑎=765 so 𝛽=2765 modp=949 Alice want to send message x=1299 to bob. Take 853 is the random key choose by Alice THEN Alice computes 𝑦1 = 2853 𝑚𝑜𝑑2579 = 435 and 𝑦2 = 1299 × 949853 𝑚𝑜𝑑2579 = 2396 When bob receive the cipher text y = (435,2396) , he computes x = 2396 × (435765)−1mod(2579) = 1299 which was the plain text that alice encrypted .
Diffie - hellman key exchange Choose a prime p and choose a generator ∝ , publish its publicaly Middle Man EVE ALICE (15) ALICE HAS PRIVATE KEY 15 Alice using his private key and send 315 𝑚𝑜𝑑17 = 6 and send publicaly to bob. Now alice use recieve public key i.e… 1215 𝑚𝑜𝑑17 = 10 And key is 10. BOB (13) BOB HAS PRIVATE KEY 13 BOB using his private key and send 313 𝑚𝑜𝑑17 = 12 and send publicaly to alice. Now bob use recieve public key i.e… 613 𝑚𝑜𝑑17 = 10 And key is 10. 3 𝑋 ≡ 𝑌 𝑚𝑜𝑑17 Key exchange completed
DISCRETE LOGARITHM PROBLEM ALGORITHM :- 1. Generic Algorithm : Works in any cyclic group (a) Brute Force (b) Shank baby-step/giant-step algorithm (c) POHLIG – HELLMAN Algorithm (d) Pollard’s rho Algorithm 2. Non – Generic Algorithm : works only in specific groups , particular in 𝑍 𝑝 . (a) Index calculus method
Shank baby-step/giant-step algorithm Baby-step/giant-step algorithm is a time-memory tradeoff method, which reduces the time of a brute-force search at the cost of extra storage. Input: Elements 𝑔, ℎ ∈ 𝐺 and the order 𝐺 is 𝑞 i.e.. 𝐺 = 𝑞 Output: 𝑙𝑜𝑔 𝑔ℎ t = [ 𝑞 ] For 𝑖 = 0 𝑡𝑜 [ 𝑞 𝑡 ] : Compute 𝑔𝑖 = 𝑔 𝑖.𝑡 sort the pairs (𝑖, 𝑔𝑖) by their second component this is the baby step phase that requires 𝑞 steps and need to store 𝑞 group elements . For 𝑖 = 1 𝑡𝑜 𝑡 : Compute ℎ𝑖 = ℎ. 𝑔 𝑖 IF ℎ𝑖 = 𝑔 𝑘 for some k , return [ 𝑘𝑡 − 𝑖 𝑚𝑜𝑑 𝑞 ] This is the giant steps. COMPLEXITY : The baby-step giant-step method requires O( 𝑞) computational steps and O( 𝑞) amount of memory.
EXAMPLE We show an application of the algorithm in the cyclic group 𝑍29 ∗ of order 𝑞 = 29 − 1 = 28 . Take 𝑔 = 2 𝑎𝑛𝑑 ℎ = 17 . We set 𝑡 = [ 28 ] = 5 and compute 20 = 1 , 25 = 3 , 210 = 9 , 215 = 27 , 220 = 23 , 225 = 11 (It should be understood that all operations are in 𝑍29 ∗ . ) Then compute: 17.21 = 5 , 17.22 = 10 , 17.23 = 20 , 17.24 = 11 , and notice that 17.24 = 11 = 225 . We thus have 𝑙𝑜𝑔217 = 25 − 4 = 21 . Hence , 221 ≡ 17 𝑚𝑜𝑑29
POHLIG – HELLMAN ALGORITHM ∅ 𝑝 = 𝑝 − 1 = 𝑖 𝑝𝑖 𝑒 𝑖 . 𝑝 − 1 𝑖𝑠 𝑠𝑚𝑜𝑜𝑡ℎ i.e. has no large prime factors. Suppose 𝑎 ≡ 𝑏 𝑥 (𝑚𝑜𝑑 𝑝) . Find 𝑥 . 𝑎∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ (𝑏 𝑥 ) ∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ (𝑏 𝑝 𝑖 𝑒 𝑖 𝑞 𝑖+𝑟 𝑖 ) ∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ( put 𝑥 = 𝑝𝑖 𝑒𝑖 𝑞𝑖 + 𝑟𝑖 ) ≡ (𝑏 𝑝 𝑖 𝑒 𝑖 𝑞 𝑖) ∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 . (𝑏𝑖 𝑟 𝑖 )∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ (𝑏∅(𝑝) ) 𝑞 𝑖 . 𝑏 𝑟 𝑖 .∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ 𝑏 𝑟 𝑖 .∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 (𝑚𝑜𝑑 𝑝) Find 𝑟𝑖 ∈ 0 , . . . , 𝑝𝑖 𝑒 𝑖 − 1 so that 𝑎∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ 𝑏 𝑟 𝑖 .∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 (𝑚𝑜𝑑 𝑝) Thereby solving 𝑥 ≡ 𝑟𝑖 (𝑚𝑜𝑑 𝑝𝑖 𝑒 𝑖 ) . Solve all these congruences by Chinese remainder theorem . TIME COMPLEXITY : The run time of the algorithm clearly depends on the prime factors of the group order. To prevent the attack, the group order must have its largest prime factor in the range of 2160.
Example 2 𝑥 ≡ 41 𝑚𝑜𝑑 211 . Find x 𝑝 = 211 𝑠𝑜 ∅ 𝑝 = 𝑝 − 1 = 210 = 2 . 3 .5 .7 ("𝑝 − 1 𝑖𝑠 𝑠𝑚𝑜𝑜𝑡ℎ “) 𝑎 = 41 = 2 𝑥 . Find x Now Taking 𝑝1 = 7 𝑎∅(𝑝)/7 = (2 𝑥)∅(𝑝)/7 ⇒ (27𝑞+𝑟)∅(𝑝)/7 ⇒ (27𝑞)∅(𝑝)/7 . (2 𝑟)∅(𝑝)/7 ⇒ (2∅ 𝑝 ) 𝑞.2 𝑟.∅(𝑝)/7 ⇒ 2 𝑟.∅(𝑝)/7 ⇒ 2 𝑟.2.3.5(𝑚𝑜𝑑211) (put 7q + r to find q and r) 𝑎∅(𝑝)/7 ≡ 2 𝑟.2.3.5(𝑚𝑜𝑑211) Test 𝑟 ∈ {0,1,2,3,4,5,6} for 412.3.5 ≡ (22.3.5) 𝑟 𝑚𝑜𝑑 211 , 𝑠𝑜 x ≡ 3 (mod 7) Similarly for 𝑝2 = 5 , 𝑤𝑒 𝑔𝑒𝑡 x ≡ 2 (mod 5) Similarly for 𝑝3 = 3 , we get x ≡ 2 (mod 3) Similarly for 𝑝4 = 2 , 𝑤𝑒 𝑔𝑒𝑡 x ≡ 1 (mod 2) And by using Chinese remainder theorem we get x ≡ 17 ( mod 210 ) Hence , 217 ≡ 41 𝑚𝑜𝑑 211
Pollard’s rho discrete logarithm algorithm A generator 𝛼 of a cyclic group G and 𝛽 is an element of G . Find 𝑙𝑜𝑔 𝑔 𝛼 compute integers s and t such that 𝛽 𝑠 = 𝛼 𝑡 1. partition the group G into three roughly equal-sized set 𝑆1 , 𝑆2 and 𝑆3 and let 𝑥0 = 1 and 𝑥0 is not in 𝑆2 . Let 𝑥𝑖+1 = 𝛽 𝑥𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆1 𝑥𝑖 2 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆2 𝛼𝑥𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆3 Let 𝑥𝑖 = 𝛽 𝑎 𝑖 𝛼 𝑏 𝑖 𝑎𝑖+1 = 𝑎𝑖 + 1𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆1 2 𝑎𝑖 𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆2 𝑎𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆3 𝑏𝑖+1= 𝑏𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆1 2𝑏𝑖 𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆2 𝑏𝑖 + 1𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆3 Where n= p-1 where 𝐺 = 𝑍 𝑃 ∗ and set (𝑥0, 𝑎0, 𝑏0)=(1, 0, 0) 2. Use 𝑥𝑖−1, 𝑎𝑖−1, 𝑏𝑖−1 to compute 𝑥𝑖 , 𝑎𝑖 , 𝑏𝑖 and use 𝑥2𝑖−2, 𝑎2𝑖−2, 𝑏2𝑖−2 to compute 𝑥2𝑖 , 𝑎2𝑖 , 𝑏2𝑖 3. If 𝑥𝑖 = 𝑥2𝑖 , then do the following set 𝑟 = 𝑏𝑖 − 𝑏2𝑖 if gcd 𝑟, 𝑛 ≠ 1 , then return ‘failure’ else return r(𝑎2𝑖 − 𝑎𝑖)−1mod n
Eg. 𝛼 = 2 is a generator of the subgroup G of 𝑍383 ∗ of order n= 191. Suppose β = 228 and find 𝑙𝑜𝑔2228 solution : Partition G into 3 subsets, let 𝑆1 = 𝑥 ∈ 𝐺 𝑥 = 1(𝑚𝑜𝑑 3)} 𝑆2 = 𝑥 ∈ 𝐺 𝑥 = 0(𝑚𝑜𝑑 3)} 𝑆3 = 𝑥 ∈ 𝐺 𝑥 = 2(𝑚𝑜𝑑 3)} We have 𝑥14 = 𝑥28=144 𝑟 = 12 − 10 = 2 r(𝑎2𝑖 − 𝑎𝑖)−1mod n =2(𝑎28 − 𝑎14) −1 𝑚𝑜𝑑191 =2 66 𝑚𝑜𝑑191 =33−1 𝑚𝑜𝑑191 =110 𝑚𝑜𝑑191 Hence, 2110 ≡ 228 𝑚𝑜𝑑 383 COMPLEXITY : The time complexity of Pollard’s rho method is O( 𝐺) computations .
Reduction of DLP hard problem  Some algorithms run faster than the naive algorithm, some of them proportional to the square root of the size of the group . However none of them run in polynomial time .  Let A and B be two computational problems. Then A is said to polytime reduce to B, written A ≤ B if (A) There is an algorithm which solves A using an algorithm which solves B . (B) This algorithm runs in polynomial time if the algorithm for B does .  Assume we have an efficient algorithm to solve problem B.  We then use this algorithm to give an efficient algorithm for problem A
REFERENCES 1. Cryptography: An Introduction (3rd Edition) Nigel Smart 2. Handbook of Applied Cryptography by A. Menezes, P. van Oorschot and S.Vanstone 3. Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar , Jan Pelzl . Springer Publication
THANK YOU

Recommended

Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Diffiehellman
DiffiehellmanDiffiehellman
Diffiehellmanchenlahero
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmSrinadh Muvva
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 

Recommended

Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Diffiehellman
DiffiehellmanDiffiehellman
Diffiehellmanchenlahero
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmSrinadh Muvva
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key ExchangeSAURABHDHAGE6
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystemAbhishek Gautam
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptxSou Jana
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMSathish Kumar
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Chap4
Chap4Chap4
Chap4nathanurag
 
EULER AND FERMAT THEOREM
EULER AND FERMAT THEOREMEULER AND FERMAT THEOREM
EULER AND FERMAT THEOREMankita pandey
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...JAINAM KAPADIYA
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxIndian Institute of information technology Una
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Hash crypto
Hash cryptoHash crypto
Hash cryptoYoung Alista
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Btech_II_ engineering mathematics_unit2
Btech_II_ engineering mathematics_unit2Btech_II_ engineering mathematics_unit2
Btech_II_ engineering mathematics_unit2Rai University
 
B.tech ii unit-2 material beta gamma function
B.tech ii unit-2 material beta gamma functionB.tech ii unit-2 material beta gamma function
B.tech ii unit-2 material beta gamma functionRai University
 

More Related Content

What's hot

Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key ExchangeSAURABHDHAGE6
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptxSou Jana
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
EULER AND FERMAT THEOREM
EULER AND FERMAT THEOREMEULER AND FERMAT THEOREM
EULER AND FERMAT THEOREMankita pandey
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...JAINAM KAPADIYA
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 

What's hot (20)

Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Chap4
Chap4Chap4
Chap4
 
EULER AND FERMAT THEOREM
EULER AND FERMAT THEOREMEULER AND FERMAT THEOREM
EULER AND FERMAT THEOREM
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptx
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 

Similar to DISCRETE LOGARITHM PROBLEM

Btech_II_ engineering mathematics_unit2
Btech_II_ engineering mathematics_unit2Btech_II_ engineering mathematics_unit2
Btech_II_ engineering mathematics_unit2Rai University
 
B.tech ii unit-2 material beta gamma function
B.tech ii unit-2 material beta gamma functionB.tech ii unit-2 material beta gamma function
B.tech ii unit-2 material beta gamma functionRai University
 
Introduction to PyTorch
Introduction to PyTorchIntroduction to PyTorch
Introduction to PyTorchJun Young Park
 
BSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICS
BSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICSBSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICS
BSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICSRai University
 
ملزمة الرياضيات للصف السادس الاحيائي الفصل الاول
ملزمة الرياضيات للصف السادس الاحيائي الفصل الاولملزمة الرياضيات للصف السادس الاحيائي الفصل الاول
ملزمة الرياضيات للصف السادس الاحيائي الفصل الاولanasKhalaf4
 
A Szemeredi-type theorem for subsets of the unit cube
A Szemeredi-type theorem for subsets of the unit cubeA Szemeredi-type theorem for subsets of the unit cube
A Szemeredi-type theorem for subsets of the unit cubeVjekoslavKovac1
 
Semana 24 funciones iv álgebra uni ccesa007
Semana 24 funciones iv álgebra uni ccesa007Semana 24 funciones iv álgebra uni ccesa007
Semana 24 funciones iv álgebra uni ccesa007Demetrio Ccesa Rayme
 
ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022
ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022 ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022
ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022anasKhalaf4
 
A Non Local Boundary Value Problem with Integral Boundary Condition
A Non Local Boundary Value Problem with Integral Boundary ConditionA Non Local Boundary Value Problem with Integral Boundary Condition
A Non Local Boundary Value Problem with Integral Boundary ConditionIJMERJOURNAL
 
CP2-Chp2-Series.pptx
CP2-Chp2-Series.pptxCP2-Chp2-Series.pptx
CP2-Chp2-Series.pptxNasimSalim2
 
Secure Domination in graphs
Secure Domination in graphsSecure Domination in graphs
Secure Domination in graphsMahesh Gadhwal
 
Split and list technique for solving hard problems
Split and list technique for solving hard problemsSplit and list technique for solving hard problems
Split and list technique for solving hard problemsRohit Kumar Singh
 
Introduction to the AKS Primality Test
Introduction to the AKS Primality TestIntroduction to the AKS Primality Test
Introduction to the AKS Primality TestPranshu Bhatnagar
 

Similar to DISCRETE LOGARITHM PROBLEM (20)

Btech_II_ engineering mathematics_unit2
Btech_II_ engineering mathematics_unit2Btech_II_ engineering mathematics_unit2
Btech_II_ engineering mathematics_unit2
 
B.tech ii unit-2 material beta gamma function
B.tech ii unit-2 material beta gamma functionB.tech ii unit-2 material beta gamma function
B.tech ii unit-2 material beta gamma function
 
Introduction to PyTorch
Introduction to PyTorchIntroduction to PyTorch
Introduction to PyTorch
 
BSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICS
BSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICSBSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICS
BSC_COMPUTER _SCIENCE_UNIT-2_DISCRETE MATHEMATICS
 
Aed.pptx
Aed.pptxAed.pptx
Aed.pptx
 
FUNCTIONS L.1.pdf
FUNCTIONS L.1.pdfFUNCTIONS L.1.pdf
FUNCTIONS L.1.pdf
 
ملزمة الرياضيات للصف السادس الاحيائي الفصل الاول
ملزمة الرياضيات للصف السادس الاحيائي الفصل الاولملزمة الرياضيات للصف السادس الاحيائي الفصل الاول
ملزمة الرياضيات للصف السادس الاحيائي الفصل الاول
 
A Szemeredi-type theorem for subsets of the unit cube
A Szemeredi-type theorem for subsets of the unit cubeA Szemeredi-type theorem for subsets of the unit cube
A Szemeredi-type theorem for subsets of the unit cube
 
Semana 24 funciones iv álgebra uni ccesa007
Semana 24 funciones iv álgebra uni ccesa007Semana 24 funciones iv álgebra uni ccesa007
Semana 24 funciones iv álgebra uni ccesa007
 
ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022
ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022 ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022
ملزمة الرياضيات للصف السادس التطبيقي الفصل الاول الاعداد المركبة 2022
 
A Non Local Boundary Value Problem with Integral Boundary Condition
A Non Local Boundary Value Problem with Integral Boundary ConditionA Non Local Boundary Value Problem with Integral Boundary Condition
A Non Local Boundary Value Problem with Integral Boundary Condition
 
CP2-Chp2-Series.pptx
CP2-Chp2-Series.pptxCP2-Chp2-Series.pptx
CP2-Chp2-Series.pptx
 
Secure Domination in graphs
Secure Domination in graphsSecure Domination in graphs
Secure Domination in graphs
 
A05330107
A05330107A05330107
A05330107
 
Split and list technique for solving hard problems
Split and list technique for solving hard problemsSplit and list technique for solving hard problems
Split and list technique for solving hard problems
 
Algorithm.ppt
Algorithm.pptAlgorithm.ppt
Algorithm.ppt
 
Introduction to the AKS Primality Test
Introduction to the AKS Primality TestIntroduction to the AKS Primality Test
Introduction to the AKS Primality Test
 
B.Tech-II_Unit-II
B.Tech-II_Unit-IIB.Tech-II_Unit-II
B.Tech-II_Unit-II
 
lecture10.pdf
lecture10.pdflecture10.pdf
lecture10.pdf
 
Isomorphism
IsomorphismIsomorphism
Isomorphism
 

Recently uploaded

EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

DISCRETE LOGARITHM PROBLEM

  • 1. CONTENTS  INTRODUCTION  DEFINITION  ELGAMEL PUBLIC KEY CRYPTOSYSTEM  DIFFIE-HELLMAN KEY EXCHANGE  ALGORITHM FOR DLP Baby-step giant-step Pohlig–Hellman algorithm Pollard rho algorithm  Reduction of DLP hard problem  REFERENCE
  • 2. INTRODUCTION The theme of these presentation concerns public cryptosystem based on discrete logarithm problem . The first and well known for these is the elgamel cyptosystem . The discrete logarithm problem forms the basis of numerous cryptographic protocol . In this presentation we survey the methods known for solving the discrete logarithm problem ∝𝑖= β in various group G .
  • 3. DEFINITION Consider a finite group (G,.). For an element ∝ ∈ 𝐺, . having an order n . Let <∝> = ∝𝑖 ; 0 ≤ 𝑖 ≤ 𝑛 − 1 . The Discrete logarithm problem (DLP) is to find the unique integer 𝑖 , 0 ≤ 𝑖 ≤ 𝑛 − 1 , such that ∝𝑖 = β We know this integer 𝑖 = 𝐿𝑜𝑔∝β  ∝ is suggested to be a primitive element modulo n .  Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that ax ≡ b (mod p) is called the discrete logarithm problem.  In the ElGamal method, the difficulty of solving the discrete logarithm problem yields good cryptosystems .
  • 4. ELGAMEL PUBLIC KEY CRYPTOSYSTEM Let p be a prime such that DLP in (𝑍 𝑃 ∗ ,.) is hard and let ∝ be a primitive element and let P(plaintext)= 𝑍 𝑃 ∗ and C(cipher text) =𝑍 𝑃 ∗ × 𝑍 𝑃 ∗ and Define K={(𝑝, 𝛼, 𝑎, 𝛽) : 𝛼 𝑎 ≡ 𝛽 𝑚𝑜𝑑(𝑝)} where p, 𝛼, 𝛽 is public and a is private key. For a given key k = (𝑝, 𝛼, 𝑎, 𝛽) and for a secret random number 𝑟 𝜖 𝑍 𝑃−1 ∗ , define 𝑒 𝑘 𝑥, 𝑟 = (𝑦1, 𝑦2) , where 𝑦1 = 𝛼 𝑟 𝑚𝑜𝑑 𝑝 and 𝑦2 = 𝑥𝛽 𝑟 𝑚𝑜𝑑 𝑝 For 𝑦1 , 𝑦2 ∈ 𝑍 𝑃 ∗ , define 𝑑 𝑘 𝑦1, 𝑦2 = 𝑦2(𝑦1 𝑎 )−1 Exampe: - Suppose p=2579 and 𝛼=2 is a primitive elements mod p . Let 𝑎=765 so 𝛽=2765 modp=949 Alice want to send message x=1299 to bob. Take 853 is the random key choose by Alice THEN Alice computes 𝑦1 = 2853 𝑚𝑜𝑑2579 = 435 and 𝑦2 = 1299 × 949853 𝑚𝑜𝑑2579 = 2396 When bob receive the cipher text y = (435,2396) , he computes x = 2396 × (435765)−1mod(2579) = 1299 which was the plain text that alice encrypted .
  • 5. Diffie - hellman key exchange Choose a prime p and choose a generator ∝ , publish its publicaly Middle Man EVE ALICE (15) ALICE HAS PRIVATE KEY 15 Alice using his private key and send 315 𝑚𝑜𝑑17 = 6 and send publicaly to bob. Now alice use recieve public key i.e… 1215 𝑚𝑜𝑑17 = 10 And key is 10. BOB (13) BOB HAS PRIVATE KEY 13 BOB using his private key and send 313 𝑚𝑜𝑑17 = 12 and send publicaly to alice. Now bob use recieve public key i.e… 613 𝑚𝑜𝑑17 = 10 And key is 10. 3 𝑋 ≡ 𝑌 𝑚𝑜𝑑17 Key exchange completed
  • 6. DISCRETE LOGARITHM PROBLEM ALGORITHM :- 1. Generic Algorithm : Works in any cyclic group (a) Brute Force (b) Shank baby-step/giant-step algorithm (c) POHLIG – HELLMAN Algorithm (d) Pollard’s rho Algorithm 2. Non – Generic Algorithm : works only in specific groups , particular in 𝑍 𝑝 . (a) Index calculus method
  • 7. Shank baby-step/giant-step algorithm Baby-step/giant-step algorithm is a time-memory tradeoff method, which reduces the time of a brute-force search at the cost of extra storage. Input: Elements 𝑔, ℎ ∈ 𝐺 and the order 𝐺 is 𝑞 i.e.. 𝐺 = 𝑞 Output: 𝑙𝑜𝑔 𝑔ℎ t = [ 𝑞 ] For 𝑖 = 0 𝑡𝑜 [ 𝑞 𝑡 ] : Compute 𝑔𝑖 = 𝑔 𝑖.𝑡 sort the pairs (𝑖, 𝑔𝑖) by their second component this is the baby step phase that requires 𝑞 steps and need to store 𝑞 group elements . For 𝑖 = 1 𝑡𝑜 𝑡 : Compute ℎ𝑖 = ℎ. 𝑔 𝑖 IF ℎ𝑖 = 𝑔 𝑘 for some k , return [ 𝑘𝑡 − 𝑖 𝑚𝑜𝑑 𝑞 ] This is the giant steps. COMPLEXITY : The baby-step giant-step method requires O( 𝑞) computational steps and O( 𝑞) amount of memory.
  • 8. EXAMPLE We show an application of the algorithm in the cyclic group 𝑍29 ∗ of order 𝑞 = 29 − 1 = 28 . Take 𝑔 = 2 𝑎𝑛𝑑 ℎ = 17 . We set 𝑡 = [ 28 ] = 5 and compute 20 = 1 , 25 = 3 , 210 = 9 , 215 = 27 , 220 = 23 , 225 = 11 (It should be understood that all operations are in 𝑍29 ∗ . ) Then compute: 17.21 = 5 , 17.22 = 10 , 17.23 = 20 , 17.24 = 11 , and notice that 17.24 = 11 = 225 . We thus have 𝑙𝑜𝑔217 = 25 − 4 = 21 . Hence , 221 ≡ 17 𝑚𝑜𝑑29
  • 9. POHLIG – HELLMAN ALGORITHM ∅ 𝑝 = 𝑝 − 1 = 𝑖 𝑝𝑖 𝑒 𝑖 . 𝑝 − 1 𝑖𝑠 𝑠𝑚𝑜𝑜𝑡ℎ i.e. has no large prime factors. Suppose 𝑎 ≡ 𝑏 𝑥 (𝑚𝑜𝑑 𝑝) . Find 𝑥 . 𝑎∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ (𝑏 𝑥 ) ∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ (𝑏 𝑝 𝑖 𝑒 𝑖 𝑞 𝑖+𝑟 𝑖 ) ∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ( put 𝑥 = 𝑝𝑖 𝑒𝑖 𝑞𝑖 + 𝑟𝑖 ) ≡ (𝑏 𝑝 𝑖 𝑒 𝑖 𝑞 𝑖) ∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 . (𝑏𝑖 𝑟 𝑖 )∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ (𝑏∅(𝑝) ) 𝑞 𝑖 . 𝑏 𝑟 𝑖 .∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ 𝑏 𝑟 𝑖 .∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 (𝑚𝑜𝑑 𝑝) Find 𝑟𝑖 ∈ 0 , . . . , 𝑝𝑖 𝑒 𝑖 − 1 so that 𝑎∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 ≡ 𝑏 𝑟 𝑖 .∅ 𝑝 /𝑝 𝑖 𝑒 𝑖 (𝑚𝑜𝑑 𝑝) Thereby solving 𝑥 ≡ 𝑟𝑖 (𝑚𝑜𝑑 𝑝𝑖 𝑒 𝑖 ) . Solve all these congruences by Chinese remainder theorem . TIME COMPLEXITY : The run time of the algorithm clearly depends on the prime factors of the group order. To prevent the attack, the group order must have its largest prime factor in the range of 2160.
  • 10. Example 2 𝑥 ≡ 41 𝑚𝑜𝑑 211 . Find x 𝑝 = 211 𝑠𝑜 ∅ 𝑝 = 𝑝 − 1 = 210 = 2 . 3 .5 .7 ("𝑝 − 1 𝑖𝑠 𝑠𝑚𝑜𝑜𝑡ℎ “) 𝑎 = 41 = 2 𝑥 . Find x Now Taking 𝑝1 = 7 𝑎∅(𝑝)/7 = (2 𝑥)∅(𝑝)/7 ⇒ (27𝑞+𝑟)∅(𝑝)/7 ⇒ (27𝑞)∅(𝑝)/7 . (2 𝑟)∅(𝑝)/7 ⇒ (2∅ 𝑝 ) 𝑞.2 𝑟.∅(𝑝)/7 ⇒ 2 𝑟.∅(𝑝)/7 ⇒ 2 𝑟.2.3.5(𝑚𝑜𝑑211) (put 7q + r to find q and r) 𝑎∅(𝑝)/7 ≡ 2 𝑟.2.3.5(𝑚𝑜𝑑211) Test 𝑟 ∈ {0,1,2,3,4,5,6} for 412.3.5 ≡ (22.3.5) 𝑟 𝑚𝑜𝑑 211 , 𝑠𝑜 x ≡ 3 (mod 7) Similarly for 𝑝2 = 5 , 𝑤𝑒 𝑔𝑒𝑡 x ≡ 2 (mod 5) Similarly for 𝑝3 = 3 , we get x ≡ 2 (mod 3) Similarly for 𝑝4 = 2 , 𝑤𝑒 𝑔𝑒𝑡 x ≡ 1 (mod 2) And by using Chinese remainder theorem we get x ≡ 17 ( mod 210 ) Hence , 217 ≡ 41 𝑚𝑜𝑑 211
  • 11. Pollard’s rho discrete logarithm algorithm A generator 𝛼 of a cyclic group G and 𝛽 is an element of G . Find 𝑙𝑜𝑔 𝑔 𝛼 compute integers s and t such that 𝛽 𝑠 = 𝛼 𝑡 1. partition the group G into three roughly equal-sized set 𝑆1 , 𝑆2 and 𝑆3 and let 𝑥0 = 1 and 𝑥0 is not in 𝑆2 . Let 𝑥𝑖+1 = 𝛽 𝑥𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆1 𝑥𝑖 2 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆2 𝛼𝑥𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆3 Let 𝑥𝑖 = 𝛽 𝑎 𝑖 𝛼 𝑏 𝑖 𝑎𝑖+1 = 𝑎𝑖 + 1𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆1 2 𝑎𝑖 𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆2 𝑎𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆3 𝑏𝑖+1= 𝑏𝑖 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆1 2𝑏𝑖 𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆2 𝑏𝑖 + 1𝑚𝑜𝑑 𝑛 𝑓𝑜𝑟 𝑥𝑖 ∈ 𝑆3 Where n= p-1 where 𝐺 = 𝑍 𝑃 ∗ and set (𝑥0, 𝑎0, 𝑏0)=(1, 0, 0) 2. Use 𝑥𝑖−1, 𝑎𝑖−1, 𝑏𝑖−1 to compute 𝑥𝑖 , 𝑎𝑖 , 𝑏𝑖 and use 𝑥2𝑖−2, 𝑎2𝑖−2, 𝑏2𝑖−2 to compute 𝑥2𝑖 , 𝑎2𝑖 , 𝑏2𝑖 3. If 𝑥𝑖 = 𝑥2𝑖 , then do the following set 𝑟 = 𝑏𝑖 − 𝑏2𝑖 if gcd 𝑟, 𝑛 ≠ 1 , then return ‘failure’ else return r(𝑎2𝑖 − 𝑎𝑖)−1mod n
  • 12. Eg. 𝛼 = 2 is a generator of the subgroup G of 𝑍383 ∗ of order n= 191. Suppose β = 228 and find 𝑙𝑜𝑔2228 solution : Partition G into 3 subsets, let 𝑆1 = 𝑥 ∈ 𝐺 𝑥 = 1(𝑚𝑜𝑑 3)} 𝑆2 = 𝑥 ∈ 𝐺 𝑥 = 0(𝑚𝑜𝑑 3)} 𝑆3 = 𝑥 ∈ 𝐺 𝑥 = 2(𝑚𝑜𝑑 3)} We have 𝑥14 = 𝑥28=144 𝑟 = 12 − 10 = 2 r(𝑎2𝑖 − 𝑎𝑖)−1mod n =2(𝑎28 − 𝑎14) −1 𝑚𝑜𝑑191 =2 66 𝑚𝑜𝑑191 =33−1 𝑚𝑜𝑑191 =110 𝑚𝑜𝑑191 Hence, 2110 ≡ 228 𝑚𝑜𝑑 383 COMPLEXITY : The time complexity of Pollard’s rho method is O( 𝐺) computations .
  • 13. Reduction of DLP hard problem  Some algorithms run faster than the naive algorithm, some of them proportional to the square root of the size of the group . However none of them run in polynomial time .  Let A and B be two computational problems. Then A is said to polytime reduce to B, written A ≤ B if (A) There is an algorithm which solves A using an algorithm which solves B . (B) This algorithm runs in polynomial time if the algorithm for B does .  Assume we have an efficient algorithm to solve problem B.  We then use this algorithm to give an efficient algorithm for problem A
  • 14. REFERENCES 1. Cryptography: An Introduction (3rd Edition) Nigel Smart 2. Handbook of Applied Cryptography by A. Menezes, P. van Oorschot and S.Vanstone 3. Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar , Jan Pelzl . Springer Publication