Search

Literature
Nature
For children
Physics
The world around us
Seasons

Digest of the latest advances in cryptography. First issue

Home Paintings by artists

Example 13.13

For what value of n does the group have primitive roots: 17, 20, 38 and 50?

Solution

a. has primitive roots because 17 is a prime number (p t, where t is 1).

b. has no primitive roots.

c. and 19 is a prime number.

d. has primitive roots because , and 5 is a prime number.

If a group has a primitive root, it usually has several such roots. The number of primitive roots can be calculated as - . For example, the number of primitive roots - This - . Please note that you must first check whether the group has any primitive root before finding the number of roots.

If group G =< Z n* , x > has at least one primitive root, then the number of primitive roots is ((n))

Let's consider three questions:

1. Given an element a and a group, how can one determine whether a is a primitive root of G? This is not such an easy task.

A. We must find - this task is similar in complexity to the task of factoring the number n.

b. We must find .

2. Given a group, how to find all primitive roots? This problem is more difficult than the first problem because we must repeat the calculations in step 1.b for the entire group.

3. If a group is given, then how to choose a primitive root G? In cryptography, we must find at least one primitive root in a group. However, in this case, the value of n is chosen by the user, and the user knows . The user tries several elements in succession until he finds the first one.

Cyclic group. Cyclic groups have already been discussed in lectures 5-6. Please note that if a group has primitive roots, then they repeat cyclically. Each primitive root is a generator and can be used to create an entire set. In other words, if g is a primitive root in a group, we can generate the set Zn* as

Example 13.14

Group has two primitive roots, because and . You can find primitive roots - these are 3 and 7. Below is how you can create an entire set of Z 10* using each primitive root.

g = 3 -> g 1 mod 10 = 3 g 2 mod 10 = 9 g 3 mod 10 = 7 g 4 mod 10 = 1 g = 7 -> g 1 mod 10 = 7 g 2 mod 10 = 9 g 3 mod 10 = 3 g 4 mod 10 = 1

Please note that the group always cyclic because p is prime.

Group G =< Z n * , x >is a cyclic group if it has primitive roots. Group G =< Z p * , x >is always cyclic.

The idea of ​​a discrete logarithm. Group has several interesting properties.

Solving modular logarithm using discrete logarithms

Now let's look at how problems like y = a x (mod n) are solved, i.e. given y, and we must find x.

Tabulating discrete logarithms. One way to solve the above problem is to use a table for each Z p* and the various bases. This type of table can be pre-calculated and saved. For example, Table 13.4 shows the values discrete logarithm for Z 7*. We know that we have two primitive roots or bases in this set.

Table 13.4. Discrete logarithm for G =
y 1 2 3 4 5 6
x = L 3 y 6 2 1 4 5 3
x = L 5 y 6 4 5 2 1 3

Making tables for others discrete logarithms for all groups and all possible bases, we can solve any discrete logarithmic problem. This approach is similar to the traditional logarithms studied in the past. Before the advent of calculators and computers, tables were used to calculate logarithms to base 10.

Example 13.15

Find x in each of the following cases:

a.

b.

We can easily use Table 13.4 discrete logarithm.

Discrete logarithm

Discrete logarithm(DLOG) – function inversion task g x in some finite multiplicative group G .

Most often, the floppy logarithm problem is considered in the group of invertible elements of the residue ring, in the multiplicative group of a finite field, or in the group of points on an elliptic curve over a finite field. Efficient algorithms for solving the floppy logarithm problem are generally unknown.

For given g And a solution x equations g x = a called discrete logarithm element a based on g. In case G is the group of invertible elements of the residue ring modulo m, the solution is also called index numbers a based on g. Number index a based on g is guaranteed to exist if g is a primitive root modulo m.

The solution to the discrete logarithm problem is to find some non-negative integer x, satisfying equation (1). If it is solvable, it must have at least one natural solution not exceeding the order of the group. This immediately gives a rough estimate of the complexity of the solution search algorithm from above - the exhaustive search algorithm would find a solution in a number of steps no higher than the order of the given group.

Most often the case is considered when , that is, the group is cyclic generated by the element g. In this case, the equation always has a solution. In the case of an arbitrary group, the question of the solvability of the discrete logarithm problem, that is, the question of the existence of solutions to equation (1), requires separate consideration.

Example

The easiest way is to consider the problem of discrete logarithm in the residue ring modulo a prime number.

Let the comparison be given

We will solve the problem using the brute force method. Let's write out a table of all powers of the number 3. Each time we calculate the remainder of division by 17 (for example, 3 3 ≡27 - the remainder of division by 17 is 10).

3 1 ≡ 3 3 2 ≡ 9 3 3 ≡ 10 3 4 ≡ 13 3 5 ≡ 5 3 6 ≡ 15 3 7 ≡ 11 3 8 ≡ 16
3 9 ≡ 14 3 10 ≡ 8 3 11 ≡ 7 3 12 ≡ 4 3 13 ≡ 12 3 14 ≡ 2 3 15 ≡ 6 3 16 ≡ 1

Now it is easy to see that the solution to the comparison in question is x=4, since 3 4 ≡13.

In practice, the modulus is usually a large enough number that the brute force method is too slow, so there is a need for faster algorithms.

Solution algorithms

In an arbitrary multiplicative group

The article is devoted to the solvability and solution of the discrete logarithm problem in an arbitrary finite Abelian group BuchmannJ., Jacobson M.J., Teske E. On some computational problems in finite abelian groups. The algorithm uses a table consisting of pairs of elements and performs multiplications. This algorithm is slow and not suitable for practical use. Specific groups have their own, more effective, algorithms.

Another possibility for efficiently solving the problem of computing a discrete logarithm involves quantum computing. It has been theoretically proven that, using them, the discrete logarithm can be calculated in polynomial time. In any case, if the polynomial algorithm for calculating the discrete logarithm is implemented, this will mean the practical unsuitability of cryptosystems based on it.

Classic cryptographic schemes based on the complexity of the discrete logarithm problem are the Diffie-Hellman public key generation scheme, the El-Gamal electronic signature scheme, and the Massey-Omura cryptosystem for message transmission.

Links

  • Vasilenko O. N. Number Theoretic Algorithms in Cryptography. - Moscow: MTsNMO, 2003. - 328 p. - ISBN 5-94057-103-4
  • Koblitz N. Number theory and cryptography course. - Moscow: TVPb, 2001. - 254 p. - ISBN 5-85484-014-6
  • Odlyzko A. M. Discrete logarithms in finite fields and their cryptographic significance // LNCS. - 1984. - T. 209. - P. 224-316.
  • Buchmann J., Jacobson M.J., Teske E. On some computational problems in finite abelian groups // Mathematics of Computation. - 1997. - T. 66. - No. 220. - P. 1663-1687.
  • Article Discrete logarithm on the Scientific Network website
  • Review of methods for calculating discrete logarithms (in English)
  • Nechaev V.I. On the question of the complexity of a deterministic algorithm for a discrete logarithm // Math Notes. - 1994. - V. 2. - T. 55. - P. 91-101.

Wikimedia Foundation. 2010.

See what “Discrete logarithm” is in other dictionaries:

    discrete logarithm- There are two elements d in the group; g are such that there is an integer r satisfying the condition gr = d; r is called the discrete logarithm of d to base g. Topics information technology in general EN discrete logarithm ... Technical Translator's Guide

    Polig's Hellman algorithm (also called Silver Polig's Hellman algorithm) is a deterministic discrete logarithm algorithm in the residue ring modulo a prime number. One of the features of the algorithm is that... ... Wikipedia

    - (English: Baby step giant step; also called the algorithm of large and small steps) in group theory, a deterministic algorithm for discrete logarithm in the residue ring modulo a prime number. For modules of a special type this ... ... Wikipedia

So, we have powers of two. If you take the number from the bottom line, you can easily find the power to which you will have to raise two to get this number. For example, to get 16, you need to raise two to the fourth power. And to get 64, you need to raise two to the sixth power. This can be seen from the table.

And now - actually, the definition of the logarithm:

The base a logarithm of x is the power to which a must be raised to get x.

Designation: log a x = b, where a is the base, x is the argument, b is what the logarithm is actually equal to.

For example, 2 3 = 8 ⇒ log 2 8 = 3 (the base 2 logarithm of 8 is three because 2 3 = 8). With the same success log 2 64 = 6, since 2 6 = 64.

The operation of finding the logarithm of a number to a given base is called logarithmization. So, let's add a new line to our table:

2 1 2 2 2 3 2 4 2 5 2 6
2 4 8 16 32 64
log 2 2 = 1log 2 4 = 2 log 2 8 = 3log 2 16 = 4 log 2 32 = 5log 2 64 = 6

Unfortunately, not all logarithms are calculated so easily. For example, try finding log 2 5 . The number 5 is not in the table, but logic dictates that the logarithm will lie somewhere on the segment. Because 2 2< 5 < 2 3 , а чем больше степень двойки, тем больше получится число.

Such numbers are called irrational: the numbers after the decimal point can be written ad infinitum, and they are never repeated. If the logarithm turns out to be irrational, it is better to leave it that way: log 2 5, log 3 8, log 5 100.

It is important to understand that a logarithm is an expression with two variables (the base and the argument). At first, many people confuse where the basis is and where the argument is. To avoid annoying misunderstandings, just look at the picture:

Before us is nothing more than the definition of a logarithm. Remember: logarithm is a power, into which the base must be built in order to obtain an argument. It is the base that is raised to a power - it is highlighted in red in the picture. It turns out that the base is always at the bottom! I tell my students this wonderful rule at the very first lesson - and no confusion arises.

We've figured out the definition - all that remains is to learn how to count logarithms, i.e. get rid of the "log" sign. To begin with, we note that two important facts follow from the definition:

  1. The argument and the base must always be greater than zero. This follows from the definition of a degree by a rational exponent, to which the definition of a logarithm is reduced.
  2. The base must be different from one, since one to any degree still remains one. Because of this, the question “to what power must one be raised to get two” is meaningless. There is no such degree!

Such restrictions are called range of acceptable values(ODZ). It turns out that the ODZ of the logarithm looks like this: log a x = b ⇒ x > 0, a > 0, a ≠ 1.

Note that there are no restrictions on the number b (the value of the logarithm). For example, the logarithm may well be negative: log 2 0.5 = −1, because 0.5 = 2 −1.

However, now we are considering only numerical expressions where it is not required to know the VA of the logarithm. All restrictions have already been taken into account by the authors of the tasks. But when logarithmic equations and inequalities come into play, DL requirements will become mandatory. After all, the basis and argument may contain very strong constructions that do not necessarily correspond to the above restrictions.

Now let's look at the general scheme for calculating logarithms. It consists of three steps:

  1. Express the base a and the argument x as a power with the minimum possible base greater than one. Along the way, it’s better to get rid of decimals;
  2. Solve the equation for variable b: x = a b ;
  3. The resulting number b will be the answer.

That's it! If the logarithm turns out to be irrational, this will be visible already in the first step. The requirement that the base be greater than one is very important: this reduces the likelihood of error and greatly simplifies the calculations. It’s the same with decimal fractions: if you immediately convert them into ordinary ones, there will be many fewer errors.

Let's see how this scheme works using specific examples:

Task. Calculate the logarithm: log 5 25

  1. Let's imagine the base and argument as a power of five: 5 = 5 1 ; 25 = 5 2 ;

    2. Let's create and solve the equation:
    log 5 25 = b ⇒ (5 1) b = 5 2 ⇒ 5 b = 5 2 ⇒ b = 2 ;

  2. We received the answer: 2.

Task. Calculate the logarithm:

Task. Calculate the logarithm: log 4 64

  1. Let's imagine the base and argument as a power of two: 4 = 2 2 ; 64 = 2 6 ;
  2. Let's create and solve the equation:
    log 4 64 = b ⇒ (2 2) b = 2 6 ⇒ 2 2b = 2 6 ⇒ 2b = 6 ⇒ b = 3 ;
  3. We received the answer: 3.

Task. Calculate the logarithm: log 16 1

  1. Let's imagine the base and argument as a power of two: 16 = 2 4 ; 1 = 2 0 ;
  2. Let's create and solve the equation:
    log 16 1 = b ⇒ (2 4) b = 2 0 ⇒ 2 4b = 2 0 ⇒ 4b = 0 ⇒ b = 0 ;
  3. We received the answer: 0.

Task. Calculate the logarithm: log 7 14

  1. Let's imagine the base and argument as a power of seven: 7 = 7 1 ; 14 cannot be represented as a power of seven, since 7 1< 14 < 7 2 ;
  2. From the previous paragraph it follows that the logarithm does not count;
  3. The answer is no change: log 7 14.

A small note on the last example. How can you be sure that a number is not an exact power of another number? It’s very simple - just factor it into prime factors. If the expansion has at least two different factors, the number is not an exact power.

Task. Find out whether the numbers are exact powers: 8; 48; 81; 35; 14.

8 = 2 · 2 · 2 = 2 3 - exact degree, because there is only one multiplier;
48 = 6 · 8 = 3 · 2 · 2 · 2 · 2 = 3 · 2 4 - is not an exact power, since there are two factors: 3 and 2;
81 = 9 · 9 = 3 · 3 · 3 · 3 = 3 4 - exact degree;
35 = 7 · 5 - again not an exact power;
14 = 7 · 2 - again not an exact degree;

Note also that the prime numbers themselves are always exact powers of themselves.

Decimal logarithm

Some logarithms are so common that they have a special name and symbol.

The decimal logarithm of x is the logarithm to base 10, i.e. The power to which the number 10 must be raised to obtain the number x. Designation: lg x.

For example, log 10 = 1; log 100 = 2; lg 1000 = 3 - etc.

From now on, when a phrase like “Find lg 0.01” appears in a textbook, know that this is not a typo. This is a decimal logarithm. However, if you are unfamiliar with this notation, you can always rewrite it:
log x = log 10 x

Everything that is true for ordinary logarithms is also true for decimal logarithms.

Natural logarithm

There is another logarithm that has its own designation. In some ways, it's even more important than decimal. We are talking about the natural logarithm.

The natural logarithm of x is the logarithm to base e, i.e. the power to which the number e must be raised to obtain the number x. Designation: ln x .

Many will ask: what is the number e? This is an irrational number; its exact value cannot be found and written down. I will give only the first figures:
e = 2.718281828459...

We will not go into detail about what this number is and why it is needed. Just remember that e is the base of the natural logarithm:
ln x = log e x

Thus ln e = 1 ; ln e 2 = 2; ln e 16 = 16 - etc. On the other hand, ln 2 is an irrational number. In general, the natural logarithm of any rational number is irrational. Except, of course, for one: ln 1 = 0.

For natural logarithms, all the rules that are true for ordinary logarithms are valid.

Most Frequently Asked Questions

Is it possible to make a stamp on a document according to the sample provided? Answer Yes, it's possible. Send a scanned copy or a good quality photo to our email address, and we will make the necessary duplicate.

What types of payment do you accept? Answer You can pay for the document upon receipt by the courier, after checking the correctness of completion and quality of execution of the diploma. This can also be done at the office of postal companies offering cash on delivery services.
All terms of delivery and payment for documents are described in the “Payment and Delivery” section. We are also ready to listen to your suggestions regarding the terms of delivery and payment for the document.

Can I be sure that after placing an order you will not disappear with my money? Answer We have quite a long experience in the field of diploma production. We have several websites that are constantly updated. Our specialists work in different parts of the country, producing over 10 documents a day. Over the years, our documents have helped many people solve employment problems or move to higher-paying jobs. We have earned trust and recognition among clients, so there is absolutely no reason for us to do this. Moreover, this is simply impossible to do physically: you pay for your order the moment you receive it in your hands, there is no prepayment.

Can I order a diploma from any university? Answer In general, yes. We have been working in this field for almost 12 years. During this time, an almost complete database of documents issued by almost all universities in the country and for different years of issue was formed. All you need is to select a university, specialty, document, and fill out the order form.

What to do if you find typos and errors in a document? Answer When receiving a document from our courier or postal company, we recommend that you carefully check all the details. If a typo, error or inaccuracy is discovered, you have the right not to pick up the diploma, but you must indicate the detected defects personally to the courier or in writing by sending an email.
We will correct the document as soon as possible and resend it to the specified address. Of course, shipping will be paid by our company.
To avoid such misunderstandings, before filling out the original form, we send a mock-up of the future document by email to the customer for checking and approval of the final version. Before sending the document by courier or mail, we also take additional photos and videos (including in ultraviolet light) so that you have a clear idea of ​​what you will receive in the end.

What should I do to order a diploma from your company? Answer To order a document (certificate, diploma, academic certificate, etc.), you must fill out the online order form on our website or provide your email so that we can send you an application form, which you need to fill out and send back to us.
If you do not know what to indicate in any field of the order form/questionnaire, leave them blank. Therefore, we will clarify all the missing information over the phone.

Latest reviews

Valentina:

You saved our son from being fired! The fact is that, having dropped out of college, my son joined the army. And when he returned, he didn’t want to recover. Worked without a diploma. But recently they began to fire everyone who does not have a “crust.” That’s why we decided to contact you and did not regret it! Now he works calmly and is not afraid of anything! Thank you!

Discrete logarithm(DLOG) - function inversion problem g x (\displaystyle g^(x)) in some finite multiplicative group G (\displaystyle G).

Most often, the discrete logarithm problem is considered in the multiplicative group of a residue ring or a finite field, as well as in the group of points of an elliptic curve over a finite field. Efficient algorithms for solving the discrete logarithm problem are generally unknown.

For given g And a solution x equation is called discrete logarithm element a based on g. In case G is the multiplicative group of the residue ring modulo m, the solution is also called index numbers a based on g. Number index a based on g is guaranteed to exist if g is a primitive root modulo m.

Encyclopedic YouTube

    1 / 5

    ✪ The task of calculating the discrete logarithm

    ✪ Discrete logarithm (part 11)| Cryptography | Programming

    ✪ Diffie-Hellman Protocol (part 12) | Cryptography | Programming

    ✪ Portable encryption machine “Enigma” (part 6) | Cryptography | Programming

    ✪ Vernam Cipher (part 4) | Cryptography | Programming

    Subtitles

    We need a numerical procedure that is easy to do in one direction and much more difficult to do in the opposite direction. This brings us to modular arithmetic, also known as "clock arithmetic" (or "remainders"). For example, to find 46 modulo 12, you can take a rope 46 units long and wrap it around a clock, which is called a modulus. Where the rope ends is the solution. That is, 46 modulo 12 is equivalent to 10. It's simple. Now let's take a simple module to do this. 17, for example. Then we find the primitive root of 17, in this case three. It has a very important property when raised to different powers - the values ​​are evenly distributed around the clock. 3 is called the generating element or generator. If you raise 3 to any power x, then the result is equally likely to be any number from 1 to 16. That is, the reverse procedure is quite complicated. Let's say, what power of 3 will result in 12? This is the problem of calculating the discrete logarithm. And now we have a one-way function. Simple for direct execution and difficult for reverse execution. For a given number 12, we have to resort to trying many erroneous options to find the right exponent. So how difficult is it? Well, with small values ​​this is easy, but if a simple module of hundreds of characters long is used, the problem becomes almost insurmountable. Even if you have access to all the computing power of the Earth, trying out all the options could take thousands of years. Thus, the strength of a one-way function is based on the time it takes to reverse the conversion.

Statement of the problem

Let in some finite multiplicative Abelian group G (\displaystyle G) the equation is given

g x = a (\displaystyle g^(x)=a). (1)

The solution to the discrete logarithm problem is to find some non-negative integer x (\displaystyle x), satisfying equation (1). If it is solvable, it must have at least one natural solution not exceeding the order of the group. This immediately gives a rough estimate of the complexity of the algorithm for finding solutions from above - an exhaustive search algorithm would find a solution in a number of steps no higher than the order of the given group.

The most often considered case is when G = ⟨ g ⟩ (\displaystyle G=\langle g\rangle ), that is, the group is cyclic generated by the element g (\displaystyle g). In this case, the equation always has a solution. In the case of an arbitrary group, the question of the solvability of the discrete logarithm problem, that is, the question of the existence of solutions to equation (1), requires separate consideration.

Example

Let us consider the problem of discrete logarithm in the residue ring modulo a prime number. Let the comparison be given

3 x ≡ 13 (mod 17) . (\displaystyle 3^(x)\equiv 13(\pmod (17)).)

For numbers of a special type, the result can be improved. In some cases, it is possible to construct an algorithm for which the constants will be c ≈ 1.00475 (\displaystyle c\approx 1.00475), d = 2 5 (\displaystyle d=(\frac (2)(5))). Due to the fact that the constant c (\displaystyle c) is close enough to 1, similar algorithms can outperform the algorithm with d = 1 3 (\displaystyle d=(\frac (1)(3))).

In an arbitrary finite field

The problem is considered in the field  GF(q), Where q = p n (\displaystyle q=p^(n)), p (\displaystyle p)- simple.

In a group of points on an elliptic curve

A group of points of an elliptic curve over a finite field is considered. This group defines the operation of adding two points. Then m P (\displaystyle mP)- This P + … + P ⏟ m (\displaystyle \underbrace (P+\ldots +P) \limits _(m)). The solution to the discrete logarithm problem on an elliptic curve is to find such a natural number m (\displaystyle m), What m P = A (\displaystyle mP=A) for given points P (\displaystyle P) And A. (\displaystyle A.)

Before 1990, there were no discrete logarithm algorithms that took into account the structural features of a group of points on an elliptic curve. Subsequently, Alfred J. Menezes, Tatsuaki Okamoto, and Scott A. Vanstone proposed an algorithm using Weyl pairing. For an elliptic curve defined over a field G F (q) (\displaystyle GF(q)), this algorithm reduces the problem of discrete logarithm to a similar problem in the field G F (q k) (\displaystyle GF(q^(k))). However, this information is only useful if the degree k (\displaystyle k) small This condition is satisfied mainly for supersingular elliptic curves. In other cases, such a reduction almost never leads to subexponential algorithms.

Computational complexity and applications in cryptography

The discrete logarithm problem is one of the main problems on which public-key cryptography is based. Classic cryptographic schemes based on it are the Diffie-Hellman public key generation scheme, the El-Gamal electronic signature scheme, and the Massey-Omura cryptosystem for message transmission. Their cryptographic strength is based on the supposedly high computational complexity of inverting the exponential function. Although the exponential function itself is calculated quite efficiently, even the most modern algorithms for calculating the discrete logarithm have a very high complexity, which is comparable to the complexity of the fastest algorithms



Did you like the article? Share with your friends!
Read also
Planets of the solar system: their order and history of names
Planets of the solar system: their order and history of names
Choosing a Career (Teacher)
Choosing a Career (Teacher)
Chapter ten Nikolai Yavorsky - founder of the ballet school in Cuba A school where children love to learn and teachers love to teach
Chapter ten Nikolai Yavorsky - founder of the ballet school in Cuba A school where children love to learn and teachers love to teach
Manifesto for the liberation of the peasants Both peasants and landowners were dissatisfied
Manifesto for the liberation of the peasants Both peasants and landowners were dissatisfied
Ural Cossacks - anti-Bolshevik struggle and exodus to Persia Where the Cossacks run everything
Ural Cossacks - anti-Bolshevik struggle and exodus to Persia Where the Cossacks run everything
Yusupov. Incredible stories. No, I don’t dare compare myself with a genius Prince Boris Nikolaevich Yusupov
Yusupov. Incredible stories. No, I don’t dare compare myself with a genius Prince Boris Nikolaevich Yusupov
Farewell in German - German online - Start Deutsch Greetings in a letter in German
Farewell in German - German online - Start Deutsch Greetings in a letter in German
Graph theory Application of graph theory in chemistry
Graph theory Application of graph theory in chemistry