TY - GEN

T1 - Discrete logarithms in finite fields and their cryptographic significance

AU - Odlyzko, A. M.

N1 - Publisher Copyright:
© 1985, Springer-Verlag Berlin Heidelberg.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.

PY - 1985

Y1 - 1985

N2 - Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ∈ GF(q) is that integer k, 1 ≤ k ≤ q−1, for which u = g k. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.

AB - Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u ∈ GF(q) is that integer k, 1 ≤ k ≤ q−1, for which u = g k. The well-known problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2n). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2n) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2n) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2n) ought to be avoided in all cryptographic applications. On the other hand, the fields GF(p) with p prime appear to offer relatively high levels of security.

UR - http://www.scopus.com/inward/record.url?scp=84957014368&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84957014368&partnerID=8YFLogxK

U2 - 10.1007/3-540-39757-4_20

DO - 10.1007/3-540-39757-4_20

M3 - Conference contribution

AN - SCOPUS:84957014368

SN - 9783540160762

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 224

EP - 314

BT - Advances in Cryptology

A2 - Ingemarsson, Ingemar

A2 - Cot, Norbert

A2 - Beth, Thomas

PB - Springer Verlag

T2 - Workshop on the Theory and Application of Cryptographic Techniques, EUROCRYPT 1984

Y2 - 9 April 1984 through 11 April 1984

ER -