Baby-Step Giant-Step Method

© All Rights Reserved

0 views

Baby-Step Giant-Step Method

© All Rights Reserved

- Taller Ingenieria de Las Reacciones - Determinacion Del Orden de Reaccion
- Danish Javed_3405403_Frameworks Project Report
- Logarithms Formula Sheet
- Rates of Reaction
- Tps1000 Application Reference Manual En
- Indicadores de Desigualdad en Salud (Crítica y Modelo) 2001
- C for Engineers and Scientist
- view
- NEW CEMENTATION FACTOR CORRELATION IN CARBONATE PARTS OF SOUTH-WEST IRANIAN OIL FIELDS
- Cara Mudah Mengitung LOG
- Food Safety Objective
- Decline Curves
- Foc Model Question Paper(Sem-1)
- ch06_selected.pdf
- Algorithms Basics
- Tutoria 1 _ Graphs
- pH
- Inbound Shortage Requirement
- COT 1-DLL
- Polar Plot

You are on page 1of 3

William Gasarch

Definition 1.1. The Discrete Log Problem is as follows. Let p be a prime and g be a

generator. These are considered parameters. Given y ∈ {1, . . . , p − 1} find x such that

y = gx.

Here is an algorithm for DL that is slow.

1. Input(y)

2. For x = 0 to p − 1

(a) Compute g x .

(b) If g x = y then output(x) and STOP

Note that in the worst case this could take roughly p steps. But worse than that—

its average case also is not very good (we will not go into this). What we mean is that

in MANY cases it will take a lot of time.

Giant-Step Algorithm

Can we do better than p steps? How much better? Recall that we thing of p as large

and log p as small. Hence if DL could be solved in log p steps even (log p)2 steps or even

(log p)10 steps that would be fast. Alas we cannot do that. However, we can do DL in

√

roughly p steps. p

First we do some informal reasoning. Define m = Floor( p − 1). Thus whenever we

√

do something m times, we are doing it roughly p times.

Given y we want to find x such that y = g x .

KEY IDEA ONE: Think of dividing x by m. Thus x = qm + r. Since we divided by

m we know that 0 ≤ r ≤ m. Since m × m is roughly p we can assume 0 ≤ x ≤ m.

1

KEY IDEA TWO: Lets say we GUESS what q is. If we are CORRECT then there is

some r such that

y = g qm+r

y = g qm g r

g r = y × g −qm

AND recall that 0 ≤ r ≤ m. So if we guess q correctly then y × g −qm has to itself

have discrete log ≤ m.

KEY IDEA THREE: Prepossess! Before doing any discrete logs have tables of powers

of g that are helpful. Then we can check if some numbers has DL ≤ m. Can’t prepossess

too much since that would take too much time.

We will now do the PREPOSSESS and ALGORITHM.

PREPROCESSING

1. For i = 0 to m computer gi . Put them in a table that looks like this (I made the

numbers up and so they are NOT TRUE. We are assuming p = 7 for illustration.)

i gi

1 6

2 4

3 2

4 5

5 3

6 1

Now SORT the table on the SECOND entry. Hence we have, in our example,

i gi

6 1

3 2

5 3

2 4

4 5

1 6

Example with made up numbers with 7. So here m = 3.

i g −3i

1 3

2 5

3 4

4 1

5 2

6 6

2

No need to sort.

ALGORITHMS

and hence we seek q, r.)

(Comment- if q is correct then y = g qm+r = g rm g r , so g × g −qm = q r )

Find g −qm on the second table.

Compute y × g −qm . KEY- Look for this in the first table (sorted version). Use

binary search (so take roughly log m steps).

IF find it then find the r such that g r = g −qm . OUTPUT x = qm + r.

IF do not find it then FINE, just go to next value of q.

How long does this take. The preprocessing takes roughly m steps. But you may

not want to really count that since you do it once and may use the data over and over

again.

The algorithm also takes roughly m iterations, each one takes log p steps. So this

√

takes m p steps.

√ p

Since that m is roughly p. So the entire algorithm takes (p) log p steps.

3 What of it?

√

So DL can be solved in p steps. This is still not that fast. However, its far faster than

we thought. Lets say that 2100 is too big for a computer to do that many steps.

OLD MENTALITY: Need p such that log p is small and p is large. Take p = 2100 .

√

NEW MENTALITY: Need p such that log p is small and p is large. Take p = 2200 .

This is a warning. Clever math has not yet made us think that DL is easy (and hence

Diffie Helman is breakable but this clever math has made us increase our parameter.

State of the art: So far better algorithms for TIME are not known. However, note

√ √

that our algorithm takes p space which is alot. There are algorithms that take p

time and much less space then the one presented.

- Taller Ingenieria de Las Reacciones - Determinacion Del Orden de ReaccionUploaded byJesus Julio
- Danish Javed_3405403_Frameworks Project ReportUploaded byDanish Javed
- Logarithms Formula SheetUploaded bysethi
- Rates of ReactionUploaded byjennchm_739644410
- Tps1000 Application Reference Manual EnUploaded bySivananthaa Murthee
- Indicadores de Desigualdad en Salud (Crítica y Modelo) 2001Uploaded byFernando Arteaga-Suárez
- C for Engineers and ScientistUploaded byhappyharroween
- viewUploaded byYassaar Aali
- NEW CEMENTATION FACTOR CORRELATION IN CARBONATE PARTS OF SOUTH-WEST IRANIAN OIL FIELDSUploaded bycrown212
- Cara Mudah Mengitung LOGUploaded byPurwadany Samuel Pouw
- Food Safety ObjectiveUploaded bySusheel Talreja
- Decline CurvesUploaded bykittyiii
- Foc Model Question Paper(Sem-1)Uploaded byHudson Paul
- ch06_selected.pdfUploaded byTeresa Roberts
- Algorithms BasicsUploaded bymamcapiral25
- Tutoria 1 _ GraphsUploaded byJavel Wilson
- pHUploaded byAdrien Ofthestone
- Inbound Shortage RequirementUploaded bysapdhanush
- COT 1-DLLUploaded byNecilyn Balatibat Angeles
- Polar PlotUploaded byrajivnoble
- 8542008 b 208Uploaded bysanh137
- Achie EquationUploaded byHelder Boavida
- Algorithms 1upUploaded byChuah Chian Yeong
- Tute Week2Uploaded byMrZaggy
- jpsUploaded byOkafor Stanley
- NHCC NewtonUploaded bylucas
- Weibull Template (1)Uploaded byMohamed Alkhiat
- stmacroCh2Uploaded byjai_haas06
- ExtrapolationUploaded byendoparasite
- rutier1Uploaded bybog2dan

- Fr3 Synthesis of 1 Phenylazo 2 NaphtholUploaded byRon Andrei Soriano
- Chem 31.1 Review for FinalsUploaded byJuan De Foca
- Admission RequirementsUploaded byJuan De Foca
- Recit 9Uploaded byJuan De Foca
- Carboxylic Acids and Acid DerivativesUploaded byRose Anne Evangelista Acedera
- Physics Lecture 26Uploaded byJuan De Foca
- FR Sample JournalUploaded byJuan De Foca
- Benedict's SpecificUploaded byJuan De Foca

- Analyticon Combi Scan 500 - User ManualUploaded bymylove2804
- வீடு கட்ட ப்ளான் பண்ணுபவர்களுக்கு உதவும் இலவச மென்பொருள்Uploaded byshvimal
- QTP MaterialUploaded byJashwanth Chowdary
- agent based priorityUploaded byLovey Saluja
- Vigor3900 User Guide V1.8.pdfUploaded byhomero Valenzuela
- Ari - Twitter PageUploaded byExtortionLetterInfo.com
- MADM 3500Uploaded byrksingh00722
- Online Banking IIUploaded byNitin Sharma
- Install Ulang RT1904Uploaded byChandra
- A Practical Guide for the Cake and Bread Baker (1884)Uploaded byFoodOfHistory
- TitanSDR_DatasheetUploaded byBill Lee
- 128199-How to Configuration OPNET Vendor Specifc Attribute to ACS SEUploaded byab_laaroussi
- Bruel&Kjaer-2238 Logging Slm SoftwareUploaded byAnonymous KO7A7RcYp2
- A00-281 Certification Guide and How to Crack Exam on SAS Clinical Trials Programmer - Accelerated VersionUploaded byPalak Mazumdar
- CS7103 multi core architreture cycle testUploaded byammapet
- plc mitsubishiUploaded byHeidi Shaw
- rash&ghoyUploaded byrashschuck
- Ip Camera User Manual for Fi9818w Fi9821w Fi9826w Fi9831w Fi9821ep_english_v2.6Uploaded bynericervin
- A153-Data Security in the WorldUploaded byRohitash Kumar Bayal
- Courseware_SCJP3Uploaded byNavneen Yadav
- dovetail_oracle.docxUploaded byManmohan Sharma
- mpmc lab manualUploaded bydivyadinesh
- Fortran_Fortran examples - Wikibooks, open books for an open world.pdfUploaded byGoce Vasilevski
- klpjb4coco23342PLEASE READ.pdfUploaded bypianjay21
- Data Analysis Through ExcelUploaded byNirmal Raj Deivasigamani
- Xcell80Uploaded byFernando Crivellaro
- Data Modeling Tips, Tricks, And CustomizationsUploaded bypericlay
- Clinic WebsiteUploaded byFreeProjectz.com
- SCADA ComunicationUploaded byMuhammad Al Roshady Said
- ASSET Design User Reference GuideUploaded byAbdullah M. Saleh