On the relation generation method of Joux for computing discrete logarithms

TL;DR

This paper analyzes Joux's relation generation method for discrete logarithms, identifies heuristic-based obstructions, and proposes techniques to overcome these challenges, advancing the understanding of algorithms in small characteristic finite fields.

Contribution

It uncovers obstructions to heuristic assumptions in Joux's relation generation and offers methods to address these issues, improving the algorithm's robustness.

Findings

Identified specific obstructions to heuristic assumptions.

Proposed methods to overcome these obstructions.

Enhanced understanding of relation generation in discrete log algorithms.

Abstract

In \cite{joux}, Joux devised an algorithm to compute discrete logarithms between elements in a certain subset of the multiplicative group of an extension of the finite field $\mathbb{F}_{p^n}$ in time polynomial in $p$ and $n$. Shortly after, Barbulescu, Gaudry, Joux and Thome \cite{bgjt} proposed a descent algorithm that in $(p n)^{\mathcal{O}(\log n)}$ time projects an arbitrary element in $\mathbb{F}_{p^n}^\times$ as a product of powers of elements in the aforementioned subset. Together, these two algorithms yield a quasi-polynomial time algorithm for computing discrete logarithms in finite fields of small characteristic. The success of both the algorithms are reliant on heuristic assumptions. We identify obstructions that prevent certain heuristic assumptions they make from being true in general. Further, we describe methods to overcome these obstructions.