Refine
Year of publication
- 2000 (1)
Document Type
- Article (1)
Language
- English (1) (remove)
Has Fulltext
- yes (1)
Is part of the Bibliography
- no (1) (remove)
Keywords
- discrete logarithm (DL) (1) (remove)
Institute
- Mathematik (1) (remove)
Let G be a group of prime order q with generator g. We study hardcore subsets H is include in G of the discrete logarithm (DL) log g in the model of generic algorithms. In this model we count group operations such as multiplication, division while computations with non-group data are for free. It is known from Nechaev (1994) and Shoup (1997) that generic DL-algorithms for the entire group G must perform p2q generic steps. We show that DL-algorithms for small subsets H is include in G require m/ 2 + o(m) generic steps for almost all H of size #H = m with m <= sqrt(q). Conversely, m/2 + 1 generic steps are su±cient for all H is include in G of even size m. Our main result justifies to generate secret DL-keys from seeds that are only 1/2 * log2 q bits long.