[Cryptography] New attacks on discrete logs?
Viktor Dukhovni
cryptography at dukhovni.org
Sat May 24 19:21:17 EDT 2014
On Sat, May 24, 2014 at 11:47:45AM -0700, Bear wrote:
> Because reversing group operations is provably at least as
> hard as factoring,
This is simply not the case. A lot depends on the actual group.
For example Euclid's algorithm makes it possible to efficiently
reverse iterated addition mod p (in $\mathbb{Z}_p$), but we don't
know how to efficiently reverse iterated multiplication mod p
(multiplication in the associated group of units $\mathbb{Z}^*_p$).
--
Viktor.
More information about the cryptography
mailing list