[Cryptography] MATH: Unlikely correctness of paper will break some discrete logarithm over F_p^*
Georgi Guninski
guninski at guninski.com
Thu Sep 1 01:52:24 EDT 2016
On Wed, Aug 31, 2016 at 08:33:45PM +0000, Kristian Gjøsteen wrote:
> > Is the paper fixable?
>
> Can you find a mistake in the paper? I looked briefly at it, and the equations seemed correct to me.
>
Haven't debugged the paper yet. Appears to me they don't mention
uniqueness of the solution.
> The current paper, however, is a case of funny computations that aren’t really interesting.
It is very interesting to me they claim to reduce DL to _linear
congruences_ with few inequality constraints.
In (18), (19) and Numerical example on p. 4 they have two linear
congruences in two unknowns n,\beta_n where $n$ is the secret exponent
and the implicit constraints 0 < n,\beta_n < p. Solving this is
efficient with integer programming as explained in the OP.
More information about the cryptography
mailing list