Rigorously Analyzed Algorithms for the Discrete Logarithm Problem in Quadratic Number Fields

• Main Author: Vollmer, Ulrich
• Format: Others
• Language: English; en
• Published: 2004
• Online Access: http://tuprints.ulb.tu-darmstadt.de/494/1/thesis.pdf; Vollmer, Ulrich <http://tuprints.ulb.tu-darmstadt.de/view/person/Vollmer=3AUlrich=3A=3A.html> : Rigorously Analyzed Algorithms for the Discrete Logarithm Problem in Quadratic Number Fields. [Online-Edition] Technische Universität, Darmstadt [Ph.D. Thesis], (2004)

The purpose of this thesis is to study the complexity of the discrete logarithm problem (DLP) and related problems in quadratic orders. The significance of these problems stems in large part from their application in quadratic number field cryptography (QNFC). QNFC was proposed by Buchmann and Williams [Buchmann/Williams, 1988], [Buchmann/Williams, 1990], and relies on the fact that the DLP in quadratic orders is hard. The question whether QNFC is secure at all, and the choice of cryptographically secure key-sizes, if it is, requires the study of the difficulty of the DLP. This thesis takes a rigorous theoretical approach to this question. In the case of the probabilistic algorithms the analysis relies on the well-established Generalized Riemann Hypothesis (GRH). Starting point for the proposed deterministic algorithms were the works of Shanks [Shanks, 1971], [Shanks, 1972] and the variant of Shanks' idea for general groups suggested by Terr [Terr, 2000]. We give a detailed analysis of the run-time of our algorithms and indicate apart from the square root of the regulator at which (minimzed) power the logarithm of the discriminant enters the run-time bound. Starting point for the proposed probabilistic algorithms were the work of Hafner and McCurley [Hafner/McCurley, 1989] for negative discriminants and of Buchmann [Buchmann, 1990] for positive ones. The heart of the presented approach lies in the restriction of the computations to essential data (in particular partial instead of full relation lattice and sparse bases) and the use of fast sub-algorithms. One of these sub-algorithms is a newly developed algorithm for the computation of the Hermite Normal Form (HNF) of an integer matrix in cubic time. In summary we obtain the currently fastest deterministic and probabilistic algorithms for the problems at hand, and gives a rigorous analysis of their properties. Thus we establish an upper bound for the complexity of the DLP.