The Discrete Logarithm Problem

Let $a, b, n$ be positive real numbers. Recall that

$$\log_b(a) = n$$    if and only if $$a=b^n.$$

Thus the $\log_b$ function solves the following problem: Given a base $b$ and a power $a$ of $b$, find an exponent $n$ such that

$$a=b^n.$$

That is, given $b^n$ and $b$, find $n$.

Example 4.1   $a = 19683$, $b=3$. A calculator quickly gives that

$$n = \log(19683) / \log(3) = 9.$$

The discrete log problem is the analogue of this problem modulo $p$:

Discrete Log Problem: Given $b\pmod{p}$ and $b^n\pmod{p}$, find $n$. Put another way, compute $\log_b(a)$, when $a, b \in\mathbb{Z}/p\mathbb{Z}$.

As far as we know, this problem is VERY HARD to solve quickly. Nobody has admitted publicly to having proved that the discrete log can't be solved quickly, but many very smart people have tried hard and not succeeded. It's easy to write a slow program to solve the discrete log problem. (There are better methods but we won't discuss them in this class.)

? dislog(x,g, s) = s=g; for(n=1,znorder(g),if(x==s, return(n), s=s*g)); 0;
? dislog(18,Mod(5,23))
%6 = 12
? dislog(20,Mod(5,23))
%7 = 5

So the example above was far too simple. Let's try a slightly larger prime:

? p=nextprime(9584)
%8 = 9587
? isprime((p-1)\2)
%9 = 1
? znorder(Mod(2,p))
%10 = 9586
? g=Mod(2,p)
%11 = Mod(2, 9587)
? a = g^389
%15 = Mod(7320, 9587)
? dislog(a,g)
%16 = 389

This is still very easy to ``crack''. Let's try an even bigger one.

? p = 9048610007
%1 = 9048610007
?  g = Mod(5,p)
%2 = Mod(5, 9048610007)
? a = g^948603
%3 = Mod(3668993056, 9048610007)
? dislog(a,g)              \\ this take a while
%4 = 948603
? znlog(a,g)        \\ builtin super-optimized version takes about 1/2 second
%31 = 948603

Computing the discrete log gets slow quickly, the larger we make the $p$. Doubling the number of digits of the modulus makes the discrete log much much harder.