A variant of the Galbraith–Ruprai algorithm for discrete logarithms with improved complexity

The discrete logarithm problem (DLP) in a group is a fundamental assumption that underpins the security of many systems. Hence evaluating its hardness is important. For efficient implementation of cryptographic algorithms, sometimes groups with additional structures are preferred. However, these structures may be used to obtain faster attacks. By using equivalence classes, Galbraith and Ruprai proposed a faster algorithm to solve the DLP in an interval of size N, with expected running time of \(1.361\sqrt{N}\) group operations. Liu generalized their algorithm to the 2-dimensional case, which required \(1.450\sqrt{N}\) group operations. Further, for an elliptic curve with an efficiently computable endomorphism, Liu reduced the complexity to \(1.026\sqrt{N}\). In this paper, we propose a variant of the Galbraith–Ruprai algorithm. This variant has average-case asymptotic complexity close to \(1.253\sqrt{N}\) for sufficiently large N. For certain practical parameters, the complexity is \(1.275\sqrt{N}\) in the 1-dimensional case and \(1.393\sqrt{N}\) in the 2-dimensional case. Then we extend the algorithm for the case of larger equivalence classes. In particular, for the 2-dimensional DLP in a rectangle on an elliptic curve with an efficiently computable endomorphism, we reduce the complexity to \(0.985\sqrt{N}\) for certain fixed parameters. We also discuss some possible further improvements.