This chapter is devoted to the generic methods for computing discrete logarithms in commutative groups and group orders. There are also applications where, apart from the group order, we have additional knowledge on the logarithm logg(h), such as a certain amount of high or low order bits, or a probability distribution of the logarithm, or else the interval in which it lies is known beforehand. The last kind of information is exploited, for example, by the kangaroo methods (see Section 19.6): if we are interested in the order of an elliptic or hyperelliptic curve, this information by Hasse’s bound (see Section 5.2.3) is an interval centered on the cardinality of the underlying field. In general, such knowledge (especially information about certain bits) can be used to reduce the running time for solving the DLP, so the designer of a DL system must take it into account [NGSH 2003]. The adaptation of the methods described here to the context where one has that particular information is often quite straightforward.
|Title of host publication||Handbook of Elliptic and Hyperelliptic Curve Cryptography|
|Number of pages||18|
|ISBN (Print)||1584885181, 9781584885184|
|State||Published - 1 Jan 2005|
Bibliographical notePublisher Copyright:
© 2006 Taylor & Francis Group, LLC.
ASJC Scopus subject areas
- Mathematics (all)
- Computer Science (all)