This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique representative for each divisor class and the algorithms for addition and reduction of divisors run in polynomial time. An algorithm is also given for solving the discrete logarithm problem when the curve is defined over a finite field.

Abstract. The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the difficulty of a discrete logarithm problem in these fields. In this paper, we present a probabilistic algorithm with subexponential running time that computes such discrete logarithms in real quadratic congruence function fields of sufficiently large genus. This algorithm is a generalization of similar algorithms for real quadratic number fields. 1.

. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least non-negative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...

Abstract not found

Abstract. Recently, several algorithms have been suggested for solving the discrete logarithm problem in the Jacobians of high-genus hyperelliptic curves over finite fields. Some of them have a provable subexponential running time and are using the fact that smooth reduced ideals are sufficiently dense. We explicitly show how these density results can be derived. All proofs are purely combinatorial and do not exploit analytic properties of generating functions. 1.

Abstract. The discrete logarithm problem in Jacobians of curves of high genus g over finite fields Fq is known to be computable with subexponential complexity Lqg(1/2, O(1)). We present an algorithm for a family of plane curves whose degrees in X and Y are low with respect to the curve genus, and suitably unbalanced. The finite base fields are arbitrary, but their sizes should not grow too fast compared to the genus. For this family, the group structure can be computed in subexponential time of Lqg(1/3, O(1)), and a discrete logarithm computation takes subexponential time of Lqg(1/3 + ε,o(1)) for any positive ε. These runtime bounds rely on heuristics similar to the ones used in the number field sieve or the function field sieve algorithms. 1

Abstract. We study a generalized version of the index calculus method for the discrete logarithm problem in Fq, whenq = p n, p is a small prime and n →∞. The database consists of the logarithms of all irreducible polynomials of degree between given bounds; the original version of the algorithm uses lower bound equal to one. We show theoretically that the algorithm has the same asymptotic running time as the original version. The analysis shows that the best upper limit for the interval coincides with the one for the original version. The lower limit for the interval remains a free variable of the process. We provide experimental results that indicate practical values for that bound. We also give heuristic arguments for the running time of the Waterloo variant and of the Coppersmith method with our generalized database. 1.

Abstract. We consider the largest degrees that occur in the decomposi-tion of polynomials over finite fields into irreducible factors. We expand the range of applicability of the Dickman function as an approximation for the number of smooth polynomials, which provides precise estimates for the discrete logarithm problem. In addition, we characterize the dis-tribution of the two largest degrees of irreducible factors, a problem relevant to polynomial factorization. As opposed to most earlier treat-ments, our methods are based on a combination of exact descriptions by generating functions and a specific complex asymptotic method. 1

We survey under a unified approach on the number of irreducible polynomials of given forms: x + g(x) where the coefficient vector of g comes from an affine algebraic variety over Fq . For instance, all but 2 log n coefficients of g(x) are prefixed. The known results are mostly for large q and little is know when q is small or fixed. We present computer experiments on several classes of polynomials over F 2 and compare our data with the results that hold for large q. We also mention some related applications and problems of (irreducible) polynomials with special forms.

We obtain new lower bounds on the linear complexity of several consecutive values of the discrete logarithm modulo a prime p. These bounds generalize and improve several previous results. Keywords: Discrete logarithm, Linear recurrence sequences, Linear complexity 1 1