TY - GEN
T1 - Discrete logarithms in finite fields and their cryptographic significance
AU - Odlyzko, A. M.
N1 - Publisher Copyright:
© 1985, Springer-Verlag Berlin Heidelberg.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.
PY - 1985
Y1 - 1985
N2 - Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ∈ GF(q) is that integer k, 1 ≤ k ≤ q−1, for which u = g k. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.
AB - Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ∈ GF(q) is that integer k, 1 ≤ k ≤ q−1, for which u = g k. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.
UR - http://www.scopus.com/inward/record.url?scp=84957014368&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84957014368&partnerID=8YFLogxK
U2 - 10.1007/3-540-39757-4_20
DO - 10.1007/3-540-39757-4_20
M3 - Conference contribution
AN - SCOPUS:84957014368
SN - 9783540160762
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 224
EP - 314
BT - Advances in Cryptology
A2 - Ingemarsson, Ingemar
A2 - Cot, Norbert
A2 - Beth, Thomas
PB - Springer Verlag
T2 - Workshop on the Theory and Application of Cryptographic Techniques, EUROCRYPT 1984
Y2 - 9 April 1984 through 11 April 1984
ER -