Re: Computing discrete logs mod N when I know phi(N)?

Brandon Enright on Thu, 23 Jan 2020 00:51:22 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Computing discrete logs mod N when I know phi(N)?

To: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
Subject: Re: Computing discrete logs mod N when I know phi(N)?
From: Brandon Enright <bmenrigh@brandonenright.net>
Date: Wed, 22 Jan 2020 23:50:56 +0000
Cc: pari-users@pari.math.u-bordeaux.fr, bmenrigh@brandonenright.net
Delivery-date: Thu, 23 Jan 2020 00:51:22 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=brandonenright.net; s=smtp; t=1579737077; bh=zo0v5GLesV370Vg/nW0Tm05gZZ0k3jEPWenTU62WpdQ=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=fvKcXuDr0MM/M3M2VFKjvSMUVe3mCX/doJovBhenpxWEC1cTx5Pfa9DzAmzj9Hd3d TsFmahsBRoxAA/3gedCkNCm/uxR3rf0NbqZBR57stwcK/idvZyAuEk1ORNNE60ZWcU iYdl6jypSTZRAoVSy7R9t03veZsgAaRCEyJameyU=
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAACXBIWXMAAAsTAAALEwEAmpwYA AAAB3RJTUUH4AEeBw0c89aMuQAAACFQTFRFAAAAVQAAVVVVVYCAgCsrgKqAqgAAqisrqqqq1NTU/// /xjyDiwAAAjdJREFUOI1100Fr2zAUAOBnM9L4ZkNxruKFgOzToPTeQsHsNjwGOzZQ1OsKJVpvxqFg5 xQ0BlKOO0X6lXuSkzZJs0cIWJ/fk/QsgflPwOHDRp+HjXP9Gegdhf0I2FEYo09At8C7DhlyfgwMkRt fqoUjcLhNVCjWsuIA3N/EjultROwY42/gXLOysQuxTdY8rBl0SY9ssx1g06xUqQcY02tj/wv7QKcS2 4dSbEVTuHUyVBpblTjde2hptLTEA/gMqz1odE2p4s0eKNdSCkFTsh6K3aJity6sXrUe2pix2NmuozZ a2DSF6VUUgAHELEaEuLesZKXRUeU3GCBst4ViPYbVlj3+8kDjwIddKKA0yybyxQP1J6T4dW191Us5g O5YrJHSAMP/SErZhzkoY0WrQl/TRyZl6O6auj10KpSiiAZQyJENG7csVEovAmjsEEMPbROlaSTlczJ 8KIIZ+pQmespzqOTNDlre1l+pWQqq+7lIaZJiAM1brGM/vhjNF4usuu13gK/T2WcOF/JG5ELKu8vdY VD1D8QaJlKO5gSL22p/fJa8rmuQ8im/F0Je3r7s4c/18mpGkFIlMX+YvIG5er2+BvnsK4lsXr3D8vu UMn7mmRAiz+T72VU4nbIq9QnzbHJ82qfsbkTjIs1eDmH5jbGbKE8hh/HxxeH+Y2RZCvHJVcMrajhVi vsT+E0JucigOL2cKnzut0IHt7Zjd0I8mI+gm0qI/gwYgi/mHLDq0ZwF9cmcB1McwT9jVwLqjIJUfgA AAABJRU5ErkJggg==
In-reply-to: <20200122071047.01611e37@lambda>
References: <20200121235703.4e7016da@lambda> <20200122011931.3be5xtywvuyx5xlq@math.u-bordeaux.fr> <20200122071047.01611e37@lambda>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alright I figured out more details which I will describe below:

On Wed, 22 Jan 2020 07:10:55 +0000
Brandon Enright <bmenrigh@brandonenright.net> wrote:

> > > p =
> > > 3039332125512668828764567700357785092292459210891950632595702374157691839749003
> > > // prime q =
> > > 49812678250664513445348324781789367118153790741421464113188581126082567313365663
> > > // prime n = p * q // this is my modulus    
> > 
>
> Unfortunately I'm a bit stuck using my example above.  First I init
> the group with znstar():
> 
> g = znstar(n, 1);
> 
> Then when I use znlog instead of getting one number back, I'm getting
> 2 in a column vector.  For example with the log of 5:
> 
> znlog(5, g)
> =
> [-63127347047617664945936273330073227063449799858664932302178759330922764129399588617443353900120252459589049390676980990590388726960654101199547861106561968542,
> -1]~
> 
> The log of other numbers tend to produce two large numbers, it just so
> happens that 5 produces -1 for the second number.
> 
> I don't know how to interpret these results.  What is the generator
> point / base / root of the log?

Okay I figured out that the bid structure I get out of znstar() has an
element '.gen' which is the generator.

As best I can tell, this is the point that is the base of the log.

So taking the discrete log of 127 via znlog:

GP/PARI> l = znlog(127, g)
%47 =
[16315058403787806876247495072223306909217287931523476034034216154860222224253448025436446749004031827935610293025623864473472712324783463821983523799767820455,
- -27666885693580666438437181700991665481474826242004716935879091550742082595641581]~

And when I raise g.gen to the first number in that column vector
163150584[...]7820455 I get -127.

GP/PARI> n - lift(modexp(g.gen[1], l[1], n))
%48 = 127

I'm not sure why I get -127 instead of 127.  That's why I'm doing n -
the result.

When I try the log of 128 instead I get 128 out directly:

GP/PARI> l = znlog(128, g);
GP/PARI> lift(modexp(g.gen[1], l[1], n))
%53 = 128

This is certainly progress!

I still don't understand why znlog() is giving me two results back.  I
also don't understand why sometimes the result is negative.

Thanks again for the help and patience while I work though these
details!

Brandon

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQsPI0+tjl0LJJzd/apoY/MCyX3ggUCXijf4AAKCRCpoY/MCyX3
giHTAKCmEuTUEkZ3WVfkHzTE/gONUwsJ9gCfXdZsnQeSp9no7xVpsyfVSgRHqYM=
=MS1E
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Computing discrete logs mod N when I know phi(N)?
  - From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>

References:
- Computing discrete logs mod N when I know phi(N)?
  - From: Brandon Enright <bmenrigh@brandonenright.net>
- Re: Computing discrete logs mod N when I know phi(N)?
  - From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
- Re: Computing discrete logs mod N when I know phi(N)?
  - From: Brandon Enright <bmenrigh@brandonenright.net>

Prev by Date: Re: Fastest way to determine whether a simple extension is Galois, starting from a polynomial
Next by Date: Re: Computing discrete logs mod N when I know phi(N)?
Previous by thread: Re: Computing discrete logs mod N when I know phi(N)?
Next by thread: Re: Computing discrete logs mod N when I know phi(N)?
Index(es):
- Date
- Thread