Des. Codes Cryptogr.
A variant of the Galbraith–Ruprai algorithm for discrete
logarithms with improved complexity
· Jincheng Zhuang
· Chang Lv
· Dongdai Lin
Received: 11 February 2018 / Revised: 24 April 2018 / Accepted: 7 May 2018
© Springer Science+Business Media, LLC, part of Springer Nature 2018
Abstract The discrete logarithm problem (DLP) in a group is a fundamental assumption
that underpins the security of many systems. Hence evaluating its hardness is important.
For efﬁcient implementation of cryptographic algorithms, sometimes groups with additional
structures are preferred. However, these structures may be used to obtain faster attacks. By
using equivalence classes, Galbraith and Ruprai proposed a faster algorithm to solve the
DLPinanintervalofsizeN, with expected running time of 1.361
N group operations.
Liu generalized their algorithm to the 2-dimensional case, which required 1.450
operations. Further, for an elliptic curve with an efﬁciently computable endomorphism, Liu
reduced the complexity to 1.026
N. In this paper, we propose a variant of the Galbraith–
Ruprai algorithm. This variant has average-case asymptotic complexity close to 1.253
for sufﬁciently large N. For certain practical parameters, the complexity is 1.275
N in the
1-dimensional case and 1.393
N in the 2-dimensional case. Then we extend the algorithm
for the case of larger equivalence classes. In particular, for the 2-dimensional DLP in a
rectangle on an elliptic curve with an efﬁciently computable endomorphism, we reduce the
Communicated by S. D. Galbraith.
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese
Academy of Sciences, Beijing 100093, China
School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China