Content deleted Content added
Jitse Niesen (talk | contribs) copyedit |
No edit summary |
||
Line 1:
In mathematics, the '''Pohlig-Hellman algorithm''' is an [[algorithm]] for the computation of [[discrete logarithm]]s in a [[multiplicative group]] whose order is a [[smooth integer]]. The algorithm is based on the [[Chinese remainder theorem]] and runs in [[polynomial time]].
We will explain the algorithm in terms of a the group formed by taking all the elements of Z<sub>p</sub> which are coprime to p, and leave it to the advanced reader to extend the algorithm to other groups.
'''Input''' Integers ''p'', ''g'', ''e''.
'''Output''' Integer ''x'', such that ''e = g<sup>x</sup> (mod p)''.
'''Algorithm''' Use [[Euler's phi function]] to determine the prime factorization of the order of the group :
<math>\phi(p)=p_0\cdot p_1 \cdot \ldots \cdot p_n</math>
From the remainder theorem we know that ''x = a<sub>1</sub> p<sub>1</sub> + b<sub>1</sub>''. We now find the value of b<sub>1</sub> for which the following equation holds :
<math>\begin{matrix}e^{\phi(p)/p_1} & = & (g^x)^{\phi(p)/p_1} \pmod{p} \\
& = & g^{\phi(p)}g^{b_1\phi(p)/p_1} \pmod{p} \\
& = & g^{b_1\phi(p)/p_1} \pmod{p}
\end{matrix}
</math> (using [[Euler's theorem]])
The same operation is now performed for ''p<sub>2</sub>'' up to ''p<sub>n</sub>''.
A minor modification is needed where a prime number is repeated. Suppose we are seeing ''p<sub>i</sub>'' for the ''k+1''-th time. Then already know ''c<sub>i</sub>'' in the equation ''x = a<sub>i</sub> p<sub>i</sub><sup>k+1</sup> + b<sub>i</sub>p<sub>i</sub><sup>k</sup>+c<sub>i</sub>'', and we find ''b<sub>i</sub>'' the same way as before.
We end up with enough simulatious congruencies so that ''x'' can be solved using the [[Chinese remainder theorem]].
{{math-stub}}
| |||