1
$\begingroup$

As far I understand, when it comes to finite fields, Pollard rho and Pollard’s lambda are still the best algorithm for solving discrete logarithms in a multiplicative subgroup/suborder….

Index calculus methods like nfs can be made to target multiplicative subgroups, but they don’t work in multiplicative subgroups : given a finite fields with a very large characteristic which is enough larger than the target subgroup, they can have an higher complexity than using a Pollard’s method.

Therefore, if we discard quantum computers and Oracle based situations, there’s no known sub‑exponential algorithm that can take real advantage from knowledge the solution of a specific discrete logarithm is below a specific integer.
This even lead to cryptographic systems where the publicly known and used finite field’s order is relatively small for a would be sub‑exponential algorithm but the finite field itself is too large for index calculus (still used today).

Now, is it because of lack of research or is there a reason in number theory that prevents creating an algorithm having at least a $<\sqrt{\text{multiplicative subgroup}}$ time and space complexity ?

Improve this question
$\endgroup$
7
  • $\begingroup$ I deleted my answer, didn't notice the strict inequality in complexity, sorry. Comments from there (not visible to everyone) are below $\endgroup$ Commented Jun 17 at 6:43
  • $\begingroup$ that is true in the generic group model, see Victor Shoup. "Lower Bounds for Discrete Logarithms and Related Problems", not in the multiplicative group (ℤ/𝑝ℤ)∗ which subexponential algorithms for discrete logarithm are typically studied in. – Daniel Weber Commented1 hour ago $\endgroup$ Commented Jun 17 at 6:43
  • $\begingroup$ OP: @DanielWeber I just read Victor Shoup created a theorem to prove this is impossible but I can’t find which one $\endgroup$ Commented Jun 17 at 6:44
  • $\begingroup$ @kodlu how do I reach DanielVeber now ? $\endgroup$ Commented Jun 19 at 13:37
  • 1
    $\begingroup$ @kodlu no : the notification system only work if the person interacted with the post in order to avoid ꜱᴘᴀᴍ. I would also need the research paper you posted as a comment in order to see if any research improved it to the subexponential point (as they would normally cite your paper). $\endgroup$ Commented Jun 19 at 14:07

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.