Scribd
Upload
278 views2 pages

Pohlig-Hellman Algorithm Guide

The Pohlig-Hellman algorithm computes the discrete logarithm a = log modulo a prime p. It does so by factorizing p-1 into prime powers and computing a modulo each prime power factor. This involves expressing a in terms of powers of the prime factors and using congruences to solve for the coefficients. Specifically, it computes a0 from using a relation involving p-1, then computes subsequent coefficients ai from i using a generalized relation. It updates i after each ai is found using a simple recurrence. Repeating this process for each prime power factor allows a to be fully determined.

Uploaded by

Cristian Cojocaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
278 views2 pages

Pohlig-Hellman Algorithm Guide

The Pohlig-Hellman algorithm computes the discrete logarithm a = log modulo a prime p. It does so by factorizing p-1 into prime powers and computing a modulo each prime power factor. This involves expressing a in terms of powers of the prime factors and using congruences to solve for the coefficients. Specifically, it computes a0 from using a relation involving p-1, then computes subsequent coefficients ai from i using a generalized relation. It updates i after each ai is found using a simple recurrence. Repeating this process for each prime power factor allows a to be fully determined.

Uploaded by

Cristian Cojocaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

The Pohlig-Hellman Algorithm

D. R. Stinson

We provide here a bit of further explanation concerning the workings of


the Pohlig-Hellman algorithm. We use the same notation as in the text: p is
prime, is a primitive element in Zp , and 2 Zp  . Our goal is to determine
a = log , where, without loss of generality, 0  a  p 2.
The prime power factorization of p 1 is
p 1 = p1 c p2 c : : : pk ck ;
where the pi 's are distinct primes. The main step is to compute a mod pi ci ,
1  i  k. So suppose that q = pi and c = ci for some i, 1  i  k. We will
show how to compute x = a mod qc.
First, x is expressed as
cX1
x = ai q i ;
1

i=0

where 0  ai  q 1 (0  i  c 1). From this it follows that


a = a0 + a1 q + : : : + ac 1 qc 1 + sqc;
for some integer s.
The computation of a0 follows from the fact that
p

a0 (p
q

1)

mod p:
(1)
Here is a proof of Equation (1) that is simpler than the one given in the
text:
p
p
q  ( a ) q mod p

 a


a q :::+ac 1 qc

0+ 1 +

p

sqc

1+

pq 1

mod p

 a Kq q mod p (where K is an integer)


a p
 q K p mod p
a p
 q mod p:
0+

0(

1)

0(

1)

1)

From this, it is a simple matter to determine a0 .


The next step would be to compute a1 ; : : : ; ac 1 (if c > 1). These computations can be done from a suitable generalization of Equation (1).
First, de ne 0 = , and
j =

a q :::+aj 1 qj

( 0+ 1 +

1)

mod p;

for 0  j  c 1. We make use of the following generalization of Equation


(1):
aj p
p
(2)
( j ) qj  q mod p:
(Observe that when j = 0, Equation (2) reduces to Equation (1).)
The proof of Equation (2) is much the same as that of Equation (1):
(

1
+1

( j )

p 1
qj +1




(a +a q+:::+aj
0

 aj qj

 aj qj

aj (p

1)

:::+ac 1 qc

Kj qj +1

sqc

 pj +11
q

qj

1)

)  qj mod p
p

 pj +11
q

mod p

1
+1

mod p
(where Kj is an integer)

 q Kj p mod p
aj p
 q mod p:
(

1)

1)

Hence, given j , it is straightforward to compute aj from Equation (2).


To complete the description of the algorithm, it suces to observe that
j +1 can be computed from j by means of a simple recurence relation, once
aj is known. This follows from the following relation, which is proved easily:
j +1 = j

aj qj

mod p:

Now, we can compute a0 , 1 , a1 , 2 , : : : , c 1 , ac


applying Equations (2) and (3).

(3)
1

by alternately

You might also like