## Abstract

Identifying the concrete hardness of the discrete logarithm problem is crucial for instantiating a vast range of cryptographic schemes. Towards this goal, Corrigan-Gibbs and Kogan (EUROCRYPT'18) extended the generic-group model for capturing “preprocessing” algorithms, offering a tradeoff between the space S required for storing their preprocessing information, the time T required for their online phase, and their success probability. Corrigan-Gibbs and Kogan proved an upper bound of O^{e}(ST^{2}/N) on the success probability of any such algorithm, where N is the prime order of the group, matching the known preprocessing algorithms. However, the known algorithms assume the availability of truly random hash functions, without taking into account the space required for storing them as part of the preprocessing information, and the time required for evaluating them in essentially each and every step of the online phase. This led Corrigan-Gibbs and Kogan to pose the open problem of designing a discrete-logarithm preprocessing algorithm that is fully constructive in the sense that it relies on explicit hash functions whose description lengths and evaluation times are taken into account in the algorithm's space-time tradeoff. We present a fully constructive discrete-logarithm preprocessing algorithm with an asymptotically optimal space-time tradeoff (i.e., with success probability Ω(^{e} ST^{2}/N)). In addition, we obtain an algorithm that settles the corresponding tradeoff for the computational Diffie-Hellman problem. Our approach is based on derandomization techniques that provide rather weak independence guarantees. On the one hand, we show that such guarantees can be realized in our setting with only a minor efficiency overhead. On the other hand, exploiting such weak guarantees requires a more subtle and in-depth analysis of the underlying combinatorial structure compared to that of the known preprocessing algorithms and their analyses.

Original language | English |
---|---|

Title of host publication | 3rd Conference on Information-Theoretic Cryptography, ITC 2022 |

Editors | Dana Dachman-Soled |

Publisher | Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing |

Pages | 12:1-12:16 |

Number of pages | 16 |

ISBN (Electronic) | 9783959772389 |

DOIs | |

State | Published - 1 Jul 2022 |

Event | 3rd Conference on Information-Theoretic Cryptography, ITC 2022 - Cambridge, United States Duration: 5 Jul 2022 → 7 Jul 2022 |

### Publication series

Name | Leibniz International Proceedings in Informatics, LIPIcs |
---|---|

Volume | 230 |

ISSN (Print) | 1868-8969 |

### Conference

Conference | 3rd Conference on Information-Theoretic Cryptography, ITC 2022 |
---|---|

Country/Territory | United States |

City | Cambridge |

Period | 5/07/22 → 7/07/22 |

### Bibliographical note

Publisher Copyright:© Lior Rotem and Gil Segev; licensed under Creative Commons License CC-BY 4.0

## Keywords

- Discrete logarithm
- Preprocessing