Abstract
We discuss the discrete logarithm problem over the class group Cl(Δ) of an imaginary quadratic order \({\cal O}_\Delta\), which was proposed as a public-key cryptosystem by Buchmann and Williams [8]. While in the meantime there has been found a subexponential algorithm for the computation of discrete logarithms in Cl(Δ) [16], this algorithm only has running time \(L_{\Delta}[\frac{1}{2},c]\) and is far less efficient than the number field sieve with \(L_p[\frac{1}{3},c]\) to compute logarithms in \(\mathbb{F}_p^*\). Thus one can choose smaller parameters to obtain the same level of security. It is an open question whether there is an \(L_{\Delta}[\frac{1}{3},c]\) algorithm to compute discrete logarithms in arbitrary Cl(Δ).
In this work we focus on the special case of totally non-maximal imaginary quadratic orders \({\cal O}_{\Delta_p}\) such that Δ p = Δ1 p 2 and the class number of the maximal order h(Δ1)=1, and we will show that there is an \(L_{\Delta_p}[\frac{1}{3},c]\) algorithm to compute discrete logarithms over the class group Cl(Δ p ). The logarithm problem in Cl(Δ p ) can be reduced in (expected) O(log3 p) bit operations to the logarithm problem in \(\mathbb{F}_p^*\) (if \((\frac{\Delta_1}{p})=1\)) or \(\mathbb{F}_{p^2}^*\) (if \((\frac{\Delta_1}{p})=-1\)) respectively. This result implies that the recently proposed efficient DSA-analogue in totally non-maximal imaginary quadratic order \({\cal O}_{\Delta_p}\) [21] are only as secure as the original DSA scheme based on finite fields and hence loose much of its attractiveness.
Chapter PDF
Similar content being viewed by others
References
Bach, E., Shallit, J.: Algorithmic number theory. Efficient Algorithms, Foundations of computing, vol. 1. MIT press, Cambridge (1996) ISBN 0-262-02405-5
Biehl, I., Buchmann, J.: An analysis of the reduction algorithms for binary quadratic forms. In: Voronoi’s Impact on Modern Science. Institute of Mathematics of National Academy of Sciences, vol. 1, Kyiv, Ukraine (1998)
Biehl, I., Paulus, S., Takagi, T.: An efficient undeniable signature scheme based on non-maximal imaginary quadratic orders. In: Proceedings of Mathematics of Public Key Cryptography, Toronto (1999)
Brent, R.: ECM champs, ftp.comlab.ox.ac.uk/pub/Documents/techpapers/Richard.Brent/champs.ecm
Buchmann, J., Düllmann, S.: On the computation of discrete logarithms in class groups. In: Advances in Cryptology - CRYPTO 1990. LNCS, vol. 773, pp. 134–139. Springer, Heidelberg (1991)
Buchmann, J., Düllmann, S., Williams, H.C.: On the complexity and efficiency of a new key exchange system. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 597–616. Springer, Heidelberg (1990)
Borevich, Z.I., Shafarevich, I.R.: Number Theory. Academic Press, New York (1966)
Buchmann, J., Williams, H.C.: A key-exchange system based on imaginary quadratic fields. Journal of Cryptology 1, 107–118 (1988)
Cowie, J., Dodson, B., Elkenbracht-Huizing, M., Lenstra, A.K., Montgomery, P.L., Zayer, J.: A worldwide number field sieve factoring record: on to 512 bits. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 382–394. Springer, Heidelberg (1996)
Cohen, H.: A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics, vol. 138. Springer, Berlin (1993)
Coppersmith, D., Odlyzko, A.M., Schroeppel, R.: Discrete logarithms in GF(p). Algorithmica 1, 1–15 (1986)
Cox, D.A.: Primes of the form x2 + ny2. John Wiley & Sons, New York (1989)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 472–492 (1976)
Düllmann, S.: Ein Algorithmus zur Bestimmung der Klassenzahl positiv definiter binärer quadratischer Formen, PHD-thesis, University of Saarbrücken (1991)
Gordon, D.M.: Discrete logarithms in GF(p) using the number field sieve. SIAM Journal on Discrete Mathematics 6, 124–138 (1993)
Hafner, J.L., McCurley, K.S.: A rigorous subexponential algorithm for computation of class groups. Journal of the American Mathematical Society 2, 837–850 (1989)
Hua, L.K.: Introduction to Number Theory. Springer, New York (1982)
Hartmann, M., Paulus, S., Takagi, T.: NICE - New Ideal Coset Encryption. To appear in Workshop on Cryptographic Hardware and Embedded Systems
Hühnlein, D., Jacobson, M.J., Paulus, S., Takagi, T.: A cryptosystem based on non-maximal imaginary quadratic orders with fast decryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 294–307. Springer, Heidelberg (1998)
Hühnlein, D., Meyer, A., Takagi, T.: Rabin and RSA analogues based on nonmaximal imaginary quadratic orders. In: Proceedings of ICICS 1998, pp. 221–240 (1998) ISBN 89-85305- 14-X
Hühnlein, D.: Efficient implementation of cryptosystems based on non-maximal imaginary quadratic orders. T.R. TI-6, Technische Universtät Darmstadt (1999), available at http://www.informatik.tu-darmstadt.de/TI/Veroeffentlichung/TR/Welcome.html
Jacobson Jr., M.J.: Subexponential Class Group Computation in Quadratic Orders, PhD thesis, Technische Universtät Darmstadt (1999) (to appear)
Lenstra, H.W.: On the computation of regulators and class numbers of quadratic fields. London Math. Soc. Lecture Notes 56, 123–150 (1982)
Lenstra, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics. Springer, Heidelberg (1993)
National Institute of Standards and Technology (NIST): Digital Signature Standard (DSS). In: Federal Information Processing Standards Publication 186, FIPS- 186 May 19, (1994)
Paulus, S., Takagi, T.: A new public-key cryptosystem over the quadratic order with quadratic decryption time. To appear in Journal of Cryptology
te Riele, H.J.J.: Factorization of RSA-140wit h the Number Field Sieve, posting in sci.crypt.research (February 1999)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key-cryptosystems. Communications of the ACM 21, 120–126 (1978)
Silverman, R.D.: The multiple polynomial quadratic sieve. Math. Comp. 48, 229–329 (1987)
Schoof, R.J.: Quadratic Fields and Factorization. Computational Methods in Number Theory. Math. Centrum Tracts Part II. Amsterdam 155, 235–286 (1983)
Weber, D.: Computing discrete logarithms with quadratic number rings. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 171–183. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hühnlein, D., Takagi, T. (1999). Reducing Logarithms in Totally Non-maximal Imaginary Quadratic Orders to Logarithms in Finite Fields. In: Lam, KY., Okamoto, E., Xing, C. (eds) Advances in Cryptology - ASIACRYPT’99. ASIACRYPT 1999. Lecture Notes in Computer Science, vol 1716. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-48000-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-48000-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66666-0
Online ISBN: 978-3-540-48000-6
eBook Packages: Springer Book Archive