A deterministic algorithm for the discrete logarithm problem in a semigroup

Abstract

Abstract The discrete logarithm problem (DLP) in a finite group is the basis for many protocols in cryptography. The best general algorithms which solve this problem have a time complexity of O ( N log N ) O\left(\sqrt{N}\log N) and a space complexity of O ( N ) O\left(\sqrt{N}) , where N N is the order of the group. (If N N is unknown, a simple modification would achieve a time complexity of O ( N ( log N ) 2 ) O\left(\sqrt{N}{\left(\log N)}^{2}) .) These algorithms require the inversion of some group elements or rely on finding collisions and the existence of inverses, and thus do not adapt to work in the general semigroup setting. For semigroups, probabilistic algorithms with similar time complexity have been proposed. The main result of this article is a deterministic algorithm for solving the DLP in a semigroup. Specifically, let x x be an element in a semigroup having finite order N x {N}_{x} . The article provides an algorithm, which, given any element y ∈ ⟨ x ⟩ y\in \langle x\rangle , provides all natural numbers m m with x m = y {x}^{m}=y , and has time complexity O ( N x ( log N x ) 2 ) O\left(\sqrt{{N}_{x}}{\left(\log {N}_{x})}^{2}) steps. The article also gives an analysis of the success rates of the existing probabilistic algorithms, which were so far only conjectured or stated loosely.