The Log Table Method
Discrete Log Problem (DLP): Given b ∈ G (where G is a
group), and y ∈ hbi, find n = DLb(y), the discrete log of y to
the base b :
y = bn and 0 ≤ n < ord(b).
Log Table Method for solving (DLP): Construct a log table to
the base b by inverting a power table.
Time Estimate: To construct the power table for b ∈ G takes
n multiplications in G, where n = ord(b).
Space Estimate: We need space for n group elements.
Example: G = F×
p , p = 11, b = 2.
Power Table
Log Table
n bn
0 1
1 2
2 4
3 8
4 5
5 10
6 9
7 7
8 3
9 6
y DLb(y)
1
0
2
1
3
8
4
2
5
4
6
9
7
7
8
3
9
6
10
5
2
Note: If G = F×
p = hbi, where p is a prime, then the above
time/space estimates can be made more precise:
Time: O(p log2(p)) bit operations
Space: O(p log(p)) bits
Indeed, these follow from the above estimates because each
2
multiplication in F×
p takes O(log (p)) bit operations, and each
element requires O(log(p)) bits to store.
Remark: For G = F×
p as above, we can give a fairly precise
estimate for the storage space sp of the log table: we have
nr−1 < sp < nr ,
where r is the number of bits of p and nr = (r − 1)2r + 1 is
the storage space (in bits) of all numbers of bitsize ≤ r.
Indeed, since there are precisely 2k−1 numbers of bit size k,
these require 2k−1k bits to store, and so (by induction)
nr =
r
X
k2k−1 = (r − 1)2r + 1.
k=1
Important Observation: If y has a (much) smaller order than
b, and if k = ord(y) can be determined quickly, then we only
need to consider a log table for of size k rather than of size
n = ord(b). Indeed, we have that y ∈ hbn/k i, and so we
only have to construct a log table for bn/k , which consists of k
elements. Note that we have the relation:
n
DLb(y) = DLbn/k (y).
k