Finite field with hard discrete log for both groups

Click For Summary

Discussion Overview

The discussion revolves around the existence of a finite field where both the additive and multiplicative group structures have hard discrete logarithms. Participants explore the implications of this question in the context of cryptography and group theory.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant questions the meaning of a group having a discrete log and seeks clarification on the term "hard" in this context.
  • Another participant clarifies that "hard" refers to the difficulty of computing discrete logs efficiently within a group.
  • A proposal is made to consider an additive group with a hard discrete log, such as an elliptic curve group, and to explore the possibility of defining a multiplicative structure that also has a hard discrete log while maintaining distributive properties.
  • It is suggested that while a field with the desired properties could theoretically exist, efficient computation of multiplication may not be feasible. The cyclic nature of groups and the relationship between discrete logarithms and the computational Diffie-Hellman problem are discussed.
  • A reference is made to the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms under certain assumptions, implying challenges in achieving the proposed structure.

Areas of Agreement / Disagreement

Participants express differing views on the feasibility of constructing such a field with both group structures having hard discrete logs. The discussion remains unresolved regarding the existence of such a field with efficiently computable operations.

Contextual Notes

Participants note that for a discrete log to be well-defined, the group must be cyclic, and that the relationship between discrete logarithms and the Diffie-Hellman problem complicates the construction of the desired field.

Dragonfall
Messages
1,023
Reaction score
5
If there a finite field where both group structures have hard discrete logs? Discrete log in the additive group means multiplicative inverse.
 
Physics news on Phys.org
A discrete log is a property of two elements of a group, say a and b, that holds when there is a natural number k such that ak=b. I don't think it means anything to say that a whole group has a discrete log. What were you trying to say? And what is the role of the word 'hard' in the question?
 
"Hard" in the cryptographic "We tried and we failed therefore" sense. I don't mean a whole group has a discrete log. I mean that there is no known way of computing discrete logs for that group efficiently.

Take an additive group that has a hard discrete log, for example a suitable elliptic curve group over a finite field. Is it possible to define a multiplicative structure on those elements such that

1) the multiplicative group has a hard discrete log
2) a distributive law holds

So that it's a field with two hard discrete logs?
 
If you just want the field to exist, certainly. If you want the multiplication on the field to be efficiently computable, probably not. Suppose that G is a group with a hard discrete logarithm. Note that for a discrete log to be well-defined over G, G must be cyclic. The only cyclic groups which can be the additive group of a finite field are those of prime order. Now, if G has prime order p, there are exactly p-1 multiplicative structures on G which will turn it into a field. Each is defined by picking a nonzero element g in G to be the multiplicative identity, and then defining (ag)*(bg) = (ab)g. Notice that computing the multiplication on G is precisely to solve the computational Diffie-Hellman problem for G. Thus, the only to have what you ask for while still keeping the multiplication on G efficiently computable would be to find a group for which discrete logarithms are hard, but Diffie-Hellman is easy. It can be shown that under certain relatively mild number-theoretic assumptions that these two problems are actually equivalent (see Maurer, Ueli M. (1994), Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms). So you probably can't get what you want here.
 
  • Like
Likes   Reactions: Dragonfall
Damn
 

Similar threads

Undergrad The adjective "finite" applied to algebraic structures
  • · Replies 4 ·
Replies
4
Views
1K
Graduate Near-Rings with Noncommutative Addition and Two-Sided Distributivity
  • · Replies 4 ·
Replies
4
Views
3K
Undergrad Dfns group action & group, written in terms of the other
  • · Replies 26 ·
Replies
26
Views
1K
Graduate Finite Field Structure: Prime Order Cyclic Group
  • · Replies 6 ·
Replies
6
Views
2K
Graduate Question about ##FG## modules
  • · Replies 14 ·
Replies
14
Views
4K
Undergrad Decomposition per the Fundamental Theorem of Finite Abelian Groups
  • · Replies 13 ·
Replies
13
Views
4K
Undergrad Differences between left vs right actions in some group theory questions
  • · Replies 1 ·
Replies
1
Views
1K
Graduate Representations of finite groups: Irreducible and reducible
  • · Replies 1 ·
Replies
1
Views
2K
Insights Why Vector Spaces Explain The World: A Historical Perspective
  • · Replies 0 ·
Replies
0
Views
9K
Graduate Classification of reductive groups via root datum
  • · Replies 3 ·
Replies
3
Views
3K