Help the poor Cryptographers - DLP Edition

6

2

Introduction and Motivation

I'm mainly active on Cryptography.SE and as such have already stumbled across the question: "How the hell am I supposed tools like cado-nfs to do stuff!?". They are super-complicated tools for a super-complicated task: Factoring large integers and computing large-scale discrete logarithms.
Now I'm standing here (in a metaphoric sense) and I am asking you:
Please give us poor cryptographers a usable tool. :( This question in particular is about the discrete logarithm problem which was broken by Logjam, is frequently used in the world of online security and you're supposed to solve it (as far as current technology goes)!

Specification

Input

Your input will be three (potentially) large numbers: A generator, a prime and an argument. The integer encoding should be hex or decimal big-endian. Additionally you may require arbitrary generator and prime dependent state (a bunch of pre-calculations and stuff). The generators, primes and arguments for the score evaluation will not be public. But there will be several arguments for one set of generators and primes so caching does make sense here.

Output

The output is supposed to be one (potentially large) integer, the discrete logarithm of the argument to the base of the generator in the field defined by the prime. Additionally you may output intermediate state that will speed-up future calculations.

What to do?

Using any library, tool and language you like (no online-services), hit the lowest time of execution for calculating the (correct) discrete logarithm. The parameters will be:

  • There will be three pairs of random (safe) prime and an appropriate (small) generator
  • Each pair will receive three distinct (random) arguments, for the latter two, intermediate state will speed things up significantly
  • The tests will be run on an AWS EC2 c4.large instance
  • The tests will use 332-bit (100 decimal digit) primes and arguments

Who wins?

This is fastest-code so the fastest code wins!
Submissions are evaluated earliest three days after lack of activity (these evaluations cost money!) and clearly inefficient submissions will not be evaluated at all.

OS: The submittant has the choice between the default Amazon-provided OSes which are Windows Server (2003 R2 - 2012 R2 Base), Red Hat Enterprise Linux 7.2, SUSE Linux Enterprise Server 12 SP1, Ubuntu Server 14.04 LTS, Debian 8 Jessie (community AMI), CentOS (6 or 7; community AMI) additionally the submittant can link to or provide instructions on using / creating a custom Amazon Machine Image (AMI) for testing

Installation instructions or links to those need to be provisioned.

(Potentially) Helpful resources:

SEJPM

Posted 2016-07-22T19:58:01.323

Reputation: 3 203

2This might be an overkill question. – Ave – 2016-07-22T21:33:01.263

I'm not sure if I'm understanding this correctly; the question is supposed to be about writing a script to install and invoke some factoring tools? – feersum – 2016-07-23T05:26:54.453

@feersum, it's not about factoring (but rather a different, similarly used mathematical concept called discrete logarithm) and it doesn't require an installation script. Just some program that computes a discrete logarithm (quickly). Using the pre-built and engineered tools for this task would certainly help reduce code sizes and run-times. – SEJPM – 2016-07-23T12:23:42.900

@ardaozkal, I was fearing the same. But in the end the resulting program should be "rather short", even though the required mathematical / technical skill may actually be overkill :/ – SEJPM – 2016-07-23T12:26:00.790

Answers

1

Cado-nfs is the right tool to use.

It provides abstract enough way of handling any case, but relies on input specific optimizations that cannot be done by the program anyway.

There is no general (applicable to anything with same efficiency) solution (even theoretical one) for NFS that can be implemented in program at the moment.

Judging by the work done in CADO-nfs, simply coming up with a good enough algorithm for just 100 digit number would take several months of research before any programming can be done.

You should ask around on CADO-nfs forums, there were at least couple of tests mentioning 103-104-digit algorithms, that might be more useful.

If nfs is not a strict requirement, you could mention it in question. Sadly, I cannot comment yet; and no, I am far from specialist in any of the areas.

Michael M

Posted 2016-07-22T19:58:01.323

Reputation: 101

In fact, cado-nfs already has kind of a one-shot tool for calculating discrete logarithms. It's just that it requires MAGMA to be installed (boo) and that some pre- and post- processing on the in- and outputs is needed... And the parameters are deliberately chosen such that the (G)NFS is the only viable tool for the job. – SEJPM – 2016-08-04T13:51:03.760

1Well, do you strictly require NFS solution? If so, you would need to map out mathematical algorithm for the procedure as a part of the question so that other may translate it into some programming language. I doubt you can expect anyone to go through whole theory, explanations and this particular implementation (CADO) before a single line of code can be written.

Or you are looking for the fastest simple (intuitive) solution? – Michael M – 2016-08-05T10:13:14.590

Asked: 2016-07-22T19:58:01.323

Viewed: 388 times

Active: 2016-10-03T14:33:36.410