*At the same time, the inverse problem of discrete exponentiation is not difficult (it can be computed efficiently using exponentiation by squaring, for example).*

A similar example holds for any non-zero real number b.

The powers form a multiplicative subgroup G = of the non-zero real numbers. This is the group of multiplication modulo the prime p.

By precomputing these three steps for a specific group, one need only carry out the last step, which is much less computationally expensive than the first three, to obtain a specific logarithm in that group.

It turns out that much Internet traffic uses one of a handful of groups that are of order 1024 bits or less, e.g.

However none of them run in polynomial time (in the number of digits in the size of the group).

becomes a product bk, and equality means congruence modulo p in the integers. While computing discrete logarithms and factoring integers are distinct problems, they share some properties: ) there is not only no efficient algorithm known for the worst case, but the average-case complexity can be shown to be about as hard as the worst case using random self-reducibility.A general algorithm for computing log a in finite groups G is to raise b to larger and larger powers k until the desired a is found.This algorithm is sometimes called trial multiplication.It requires running time linear in the size of the group G and thus exponential in the number of digits in the size of the group.Therefore, it is an exponential-time algorithm, practical only for small groups G.When the numbers involved are large, it is more efficient to reduce modulo p multiple times during the computation.Regardless of the specific algorithm used, this operation is called modular exponentiation.The authors of the Logjam attack estimate that the much more difficult precomputation needed to solve the discrete log problem for a 1024-bit prime would be within the budget of a large national intelligence agency such as the U. Kevin Beck holds a bachelor's degree in physics with minors in math and chemistry from the University of Vermont.El Gamal encryption, Diffie–Hellman key exchange, and the Digital Signature Algorithm) and cyclic subgroups of elliptic curves over finite fields (see Elliptic curve cryptography).While there is no publicly known algorithm for solving the discrete logarithm problem in general, the first three steps of the number field sieve algorithm only depend on the group G, not on the specific elements of G whose finite log is desired.

## Comments Logarithm Problem Solving