All published worksheets from http://sagenb.org
Image: ubuntu2004
This worksheet was produced by Ken Ribet in connection with the spring, 2010 crytography course at UC Berkeley. The course uses using the textbook ``An introduction to mathematical cryptography'' by Hopffstein, Pipher and Silverman. In section 4.5 of the book, the authors talk about the Pollard method for finding discrete logs. In this worksheet, Ken implements the method to find a discrete log for the prime . Amazingly, the method worked!
The code above is supposed to make the recursive Pollard sequence as in the book. Since I'm no programmer, you can surely do better. For each , starting with , I create a 4-tuple , where .
This initializes the matrix of 4-tuples---I supply the first line:
I take to be the smallest primitive root mod , which you know to be one of my favorite primes. For , I take 2010; why not?!
By running the ``experiment'' program 50 times, I build up the matrix of 4-tuples.
The matrix command turns the list into a matrix with integral coefficients.
The number occurs for and . That's our collision! We get the equation , which we can simplify to . (Note that the exponents run mod .) It so happens that , so that we can solve for the discrete log directly by inverting 143971 mod . In other situations, the gcd might be some number . In that case, we find the discrete log only mod , which leaves different possibilities for the discrete log. We then find the true discrete log by checking in turn each of the possibilities.
When I started computing discrete logs by this method a day or two ago, the first example I ran had , , . (Don't ask why I took to be a perfect square; that was a bit silly, I admit.) My collision produced the equation . Since the gcd in this case is , I had the discrete log only mod : it was 24 mod 56. The discrete log in this case turned out to be .
This is the discrete log that has been found by the Pollard method. In the next cell, I call sage's discrete log command to check the work.