Researchers at the Laboratoire Lorrain de Recherches en Informatique et ses Applications (CNRS/Université de Lorraine/Inria) and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC) have solved one aspect of the discrete logarithm problem. This is considered to be one of the 'holy grails' of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm that calls into question the security of one variant of this problem, which has been closely studied since 1976.

This result, published on the site of the International Association of Cryptologic Research and on the HAL open access archive, was presented at the international conference Eurocrypt 2014 held in Copenhagen on 11-15 May 2014 and published in Advances in cryptology. It discredits several cryptographic systems that until now were assumed to provide sufficient security safeguards. Although this work is still theoretical, it is likely to have repercussions especially on the cryptographic applications of smart cards, RFID chips, etc.

To protect confidentiality of information, cryptography seeks to use mathematical problems that are difficult to solve, even for the most powerful machines and the most sophisticated algorithms.

The security of a variant of the discrete logarithm, reputed to be very complex, has been called into question by four researchers from CNRS and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC), namely Pierrick Gaudry, Răzvan Bărbulescu, Emmanuel Thomé and Antoine Joux. The algorithm they devised stands out from the best algorithms known to date for this problem. Not only is it significantly easier to explain, but its complexity is also considerably improved. This means that it is able to solve increasingly large discrete logarithm problems, while its computing time increases at a far slower rate than with previous algorithms. The computation of discrete logarithms associated with problems that are deliberately made difficult for cryptographic applications is thus made considerably easier.

Since solving this variant of the discrete logarithm is now within the capacity of current computers, relying on its difficulty for cryptographic applications is therefore no longer an option. This work is still at a theoretical stage and the algorithm still needs to be refined before it is possible to provide a practical demonstration of the weakness of this variant of the discrete logarithm. Nonetheless, these results reveal a flaw in cryptographic security and open the way to additional research. For instance, the algorithm could be adapted in order to test the robustness of other cryptographic applications.

**Explore further:**
Safer, better, faster: addressing cryptography’s big challenges

**More information:**
"A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic," Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thomé, Advances in Cryptology – EUROCRYPT 2014, *Lecture Notes in Computer Science,* Volume 8441, 2014, pp 1-16. dx.doi.org/10.1007/978-3-642-55220-5_1

## jalmy

## Torbjorn_Larsson_OM

First, the described work was purely theoretical, and they had neither showed that a practical algorithm existed (as I understand it) nor constructed any.

Second, there is a world of difference between everyday theory of a possibly not rigorous and/or testable enough idea of whatever, which seems to be your idea of it, science theory of a rigorous, testable body of work (i.e. comprises a set of facts), and a mathematical theory of an area of mathematics based on a set of techniques.

The latter is very much akin to computer science, and they both have existence proofs of mathematical objects or algorithms, without having any idea whatsoever how to construct those. "An existence theorem may be called pure if the proof given of it doesn't also indicate a construction of whatever kind of object the existence of which is asserted. ... ubiquitous in contemporary mathematics." [ http://en.wikiped..._theorem ]

## Z99

QUOTE:"Researchers ... have solved one aspect of the discrete logarithm problem." unquote.

QUOTE:"They have devised a new algorithm..."unquote.

QUOTE:"The algorithm they devised..."unquote.

The crux of jalmy's confusion is probably:"This work is still at a theoretical stage and the algorithm still needs to be refined before it is possible to provide a practical demonstration..."

Jalmy's point, that either a real algorithm exists or it doesn't is valid. Calling a proof of existence (if that is what they did) an "algorithm" stretches the meaning of the term past the breaking point (imho, in the context presented here).

Let us know if you need any additional help with your English reading comprehension.

BTW, there is an old comic where two professors are staring at a blackboard filled with equations which has as its last line "and then a miracle happens...". If any of the steps in the "theoretical" algorithm are not yet established, it is like the joke.