A Fully-Constructive Discrete-Logarithm Preprocessing Algorithm with an Optimal Time-Space Tradeoff

Lior Rotem, Gil Segev

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Identifying the concrete hardness of the discrete logarithm problem is crucial for instantiating a vast range of cryptographic schemes. Towards this goal, Corrigan-Gibbs and Kogan (EUROCRYPT'18) extended the generic-group model for capturing “preprocessing” algorithms, offering a tradeoff between the space S required for storing their preprocessing information, the time T required for their online phase, and their success probability. Corrigan-Gibbs and Kogan proved an upper bound of Oe(ST2/N) on the success probability of any such algorithm, where N is the prime order of the group, matching the known preprocessing algorithms. However, the known algorithms assume the availability of truly random hash functions, without taking into account the space required for storing them as part of the preprocessing information, and the time required for evaluating them in essentially each and every step of the online phase. This led Corrigan-Gibbs and Kogan to pose the open problem of designing a discrete-logarithm preprocessing algorithm that is fully constructive in the sense that it relies on explicit hash functions whose description lengths and evaluation times are taken into account in the algorithm's space-time tradeoff. We present a fully constructive discrete-logarithm preprocessing algorithm with an asymptotically optimal space-time tradeoff (i.e., with success probability Ω(e ST2/N)). In addition, we obtain an algorithm that settles the corresponding tradeoff for the computational Diffie-Hellman problem. Our approach is based on derandomization techniques that provide rather weak independence guarantees. On the one hand, we show that such guarantees can be realized in our setting with only a minor efficiency overhead. On the other hand, exploiting such weak guarantees requires a more subtle and in-depth analysis of the underlying combinatorial structure compared to that of the known preprocessing algorithms and their analyses.

Original languageAmerican English
Title of host publication3rd Conference on Information-Theoretic Cryptography, ITC 2022
EditorsDana Dachman-Soled
PublisherSchloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
Number of pages16
ISBN (Electronic)9783959772389
StatePublished - 1 Jul 2022
Event3rd Conference on Information-Theoretic Cryptography, ITC 2022 - Cambridge, United States
Duration: 5 Jul 20227 Jul 2022

Publication series

NameLeibniz International Proceedings in Informatics, LIPIcs


Conference3rd Conference on Information-Theoretic Cryptography, ITC 2022
Country/TerritoryUnited States


  • Discrete logarithm
  • Preprocessing

All Science Journal Classification (ASJC) codes

  • Software


Dive into the research topics of 'A Fully-Constructive Discrete-Logarithm Preprocessing Algorithm with an Optimal Time-Space Tradeoff'. Together they form a unique fingerprint.

Cite this