Computer Security and Cryptography

14.5 THE INDEX-CALCULUS METHOD

Let q be a generator of a cyclic group = {1, 2, …, p − 1} of order p − 1 and y = q^x (modulo p).

Proposition 14.5 (The Index-Calculus Algorithm): Initialization: Select a factor base = {p₁, p₂, …, p_s} consisting of elements of . is chosen so that a significant proportion of the elements of can be expressed in the form with n_i ≥ 0.

14.5a

Select a random k with 0 ≤ k < n and compute q^k (modulo p).

14.5b

Try to write q^k (modulo p) as a product with c_i, ≥ 0:

if unsuccessful, return to Step 14.5a and choose another value for k;
if successful, write k = [c₁ log_q p₁ + [c₂ log_q p₂ + … + [c_s log_q p_s](modulo p − 1).

14.5c

Repeat Steps 14.5a–b until a sufficient number of linear relations as above are found in order to solve the system of equations to determine ...

Get Computer Security and Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.

Start your free trial

Computer Security and Cryptography by

14.5 THE INDEX-CALCULUS METHOD

Don’t leave empty-handed

It’s yours, free.