Bounds in Various Generalized Settings of the Discrete Logarithm Problem

  • Jason H. M. YingEmail author
  • Noboru Kunihiro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)


This paper examines the generic hardness of the generalized multiple discrete logarithm problem, where the solver has to solve k out of n instances for various settings of the discrete logarithm problem. For generic k and n, we introduce two techniques to establish the lower bounds for this computational complexity. One method can be shown to achieve asymptotically tight bounds for small inputs in the classical setting. The other method achieves bounds for larger inputs as well as being able to adapt for applications in other discrete logarithm settings. In the latter, we obtain the generalized lower bounds by applying partitions of n and furthermore show that our chosen method of partition achieves the best bounds. This work can be regarded as a generalization and extension on the hardness of the multiple discrete logarithm problem analyzed by Yun (EUROCRYPT ’15). Some explicit bounds for various n with respect to k are also computed.


Discrete logarithm Generalized multiple discrete logarithm Chebyshev’s inequality Optimization Gaussian elimination 



The authors wish to thank Phong Nguyen for valuable discussions and all anonymous reviewers for their helpful comments. This research was partially supported by JST CREST Grant Number JPMJCR14D6, Japan and JSPS KAKENHI Grant Number 16H02780.


  1. 1.
    Digital signature standard (DSS). NIST (National Institute of Standards and Technology) FIPS, 186–4 (2013)Google Scholar
  2. 2.
    Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). doi: 10.1007/11745853_14 CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J., Lange, T., Schwabe, P.: On the correct use of the negation map in the Pollard Rho method. In: Public Key Cryptography, pp. 128–146 (2011)Google Scholar
  4. 4.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_14 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_4 CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). doi: 10.1007/11535218_16 CrossRefGoogle Scholar
  7. 7.
    Cheon, J.H., Hong, J., Kim, M.: Accelerating Pollard’s Rho algorithm on finite fields. J. Cryptol. 25(2), 195–242 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithm. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Fouque, P.-A., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, even-Mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 420–438. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45611-8_22 Google Scholar
  11. 11.
    Hitchcock, Y., Montague, P., Carter, G., Dawson, E.: The efficiency of solving multiple discrete logarithm problems and the implications for the security of fixed elliptic curves. Int. J. Inf. Secur. 3(2), 86–98 (2004)CrossRefGoogle Scholar
  12. 12.
    Kim, T.: Multiple discrete logarithm problems with auxiliary inputs. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 174–188. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48797-6_8 CrossRefGoogle Scholar
  13. 13.
    Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s Rho algorithm for computing multiple discrete logarithms. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 212–229. Springer, Heidelberg (2001). doi: 10.1007/3-540-45537-X_17 CrossRefGoogle Scholar
  14. 14.
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 85(2), 481–484 (2002)Google Scholar
  15. 15.
    Pollard, J.: Monte Carlo methods for index computations mod \({p}\). Math. Comput. 32(143), 918–924 (1978)MathSciNetzbMATHGoogle Scholar
  16. 16.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). doi: 10.1007/0-387-34805-0_22 CrossRefGoogle Scholar
  17. 17.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_18 Google Scholar
  18. 18.
    Teske, E.: On random walks for Pollard’s Rho method. Math. Comput. 70, 809–825 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Yun, A.: Generic hardness of the multiple discrete logarithm problem. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 817–836. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_27 Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.The University of TokyoTokyoJapan

Personalised recommendations