Finding discrete logarithms with a set orbit distinguisher

Abstract

We consider finding discrete logarithms in a group G of prime order p when the help of an algorithm D that distinguishes certain subsets of G from each other is available. If the complexity of D is a polynomial, say d(log(p)), then we can find discrete logarithms faster than square-root algorithms. We consider two variations on this idea and give algorithms solving the discrete logarithm problem in G with complexity O(p 1/3 log(p)3 C p 1/3 d(log(p)) and O(p 1/4 log p)3 C p 1/4 d(log(p)) when p - 1 has factors of suitable size. When multiple distinguishers are available and p - 1 is sufficiently smooth, logarithms can be found in polynomial time. We discuss natural classes of algorithms D that distinguish the required subsets, and prove that for some of these classes no algorithm for distinguishing can be efficient. The subsets distinguished are also relevant in the study of error correcting codes, and we give an application of our work to bounds for error-correcting codes. © de Gruyter 2012.