Computer Security and Cryptography

14.5 THE INDEX-CALCULUS METHOD

Let q be a generator of a cyclic group = {1, 2, …, p − 1} of order p − 1 and y = q^x (modulo p).

Proposition 14.5 (The Index-Calculus Algorithm): Initialization: Select a factor base = {p₁, p₂, …, p_s} consisting of elements of . is chosen so that a significant proportion of the elements of can be expressed in the form with n_i ≥ 0.

14.5a

Select a random k with 0 ≤ k < n and compute q^k (modulo p).

14.5b

Try to write q^k (modulo p) as a product with c_i, ≥ 0:

if unsuccessful, return to Step 14.5a and choose another value for k;
if successful, write k = [c₁ log_q p₁ + [c₂ log_q p₂ + … + [c_s log_q p_s](modulo p − 1).

14.5c

Repeat Steps 14.5a–b until a sufficient number of linear relations as above are found in order to solve the system of equations to determine ...

Get Computer Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Computer Security and Cryptography by Alan G. Konheim

14.5 THE INDEX-CALCULUS METHOD

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly