Affiliation:
1. KTH Royal Institute of Technology , Stockholm , Sweden ; Swedish NCSA, Swedish Armed Forces , Stockholm , Sweden
Abstract
Abstract
We generalize our earlier works on computing short discrete logarithms with tradeoffs, and bridge them with Seifert's work on computing orders with tradeoffs, and with Shor's groundbreaking works on computing orders and general discrete logarithms. In particular, we enable tradeoffs when computing general discrete logarithms. Compared to Shor's algorithm, this yields a reduction by up to a factor of two in the number of group operations evaluated quantumly in each run, at the expense of having to perform multiple runs. Unlike Shor's algorithm, our algorithm does not require the group order to be known. It simultaneously computes both the order and the logarithm. We analyze the probability distributions induced by our algorithm, and by Shor's and Seifert's order-finding algorithms, describe how these algorithms may be simulated when the solution is known, and estimate the number of runs required for a given minimum success probability when making different tradeoffs.
Subject
Applied Mathematics,Computational Mathematics,Computer Science Applications
Reference26 articles.
1. L. Babai, On Lovász’ lattice reduction and the nearest lattice point problem, Combinatorica 6 (1986), no. 1, 1–13.
2. E. Barker et al., Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, NIST SP 800–56A (2018), rev. 3.
3. W. Diffie and M.E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory 22 (1976), no. 6, 644–654.
4. G. Einarsson, Probability Analysis of a Quantum Computer, ArXiv quant-ph/0303074 (2003).
5. M. Ekerå, Modifying Shor's algorithm to compute short discrete logarithms, IACR ePrint Archive Report 2016/1128 (2016).
Cited by
14 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献