# Discrete-logarithm-problem

Given a large prime number *p*, a large intgeger *a*, and a number *g* such that every number *b* coprime to *p* is congruent to a power of *g mod p* (i.e. g is a primite root mod p), then *g<sup>a</sup> mod p* = *s* is very easy to compute using the repeated squaring algorithm.  However, determining the value of *a* if we are given *g*, *p* and *s* is extremely diffucult, and thus discrete log is considered a one way function.  Several important public-key cryptographic systems base their security on the assumption that the discrete logarithm problem over carefully chosen groups has no efficient solution. These include Diffie-Hellman Key Exchange, ElGamal encryption, and the Digital Signature Algorithm. 

While the discrete log problem is considered cryptographically sound, this repository provides three algorithms that provide significant improvement over a brute-force tactic.  They include the Pohlig-Hellman Algorithm (practically the fastest), the Pollard Rho Algorithm and the floyd cycle detection algorithm.

## Syntax is specifice sagemath/python 


Fp = GF(p)

## Group order
n = p-1

## Factprisation of group order. Multiply the list element to get the value n

ftr_n = [2 , 1125899907906331 , 1125899907913247 , 1125899907914539 ,1125899907971257 , 1125899907981367 , 1125899907985417 , 1125899908035107 , 1125899908108333 , 1125899908156603 , 1125899908170071 , 1125899908189519 , 1125899908193707 , 1125899908226623 , 1125899908245053 , 1125899908252771 , 1125899908254119 , 1125899908293109 , 1125899908300403 , 1125899908340533 , 1125899908346471 , 1125899908373231 , 1125899908381643 , 1125899908403467 , 1125899908425989 , 1125899908436179 , 1125899908486477 , 1125899908494437 , 1125899908507817 , 1125899908578527 , 1125899908591721 , 1125899908663727 , 1125899908685441 , 1125899908726763 , 1125899908734893 , 1125899908781537 , 1125899908797227 , 1125899908872191 , 1125899908903723 , 1125899908906081 ,1125899908907581]

## Generator of Fp*
g = Fp(2)


## h is 
h = Fp(p-YourRollNumber)

### My roll no = 17025


## Find out log_g(h) = ? 


## Setup
This script requires that [SageMath](https://www.sagemath.org/) be installed.


## Environments
windows 10 <br>
Python 3.7 <br>
SageMath 9.2  <br>


In [None]:
ftr_n=[2 , 1125899907906331 , 1125899907913247 , 1125899907914539 ,1125899907971257 , 1125899907981367 , 1125899907985417
      , 1125899908035107 , 1125899908108333 , 1125899908156603 , 1125899908170071 , 1125899908189519 , 1125899908193707 ,
      1125899908226623 , 1125899908245053 , 1125899908252771 , 1125899908254119 , 1125899908293109 , 1125899908300403 ,
      1125899908340533 , 1125899908346471 , 1125899908373231 , 1125899908381643 , 1125899908403467 , 1125899908425989 ,
      1125899908436179 , 1125899908486477 , 1125899908494437 , 1125899908507817 , 1125899908578527 , 1125899908591721 ,
      1125899908663727 , 1125899908685441 , 1125899908726763 , 1125899908734893 , 1125899908781537 , 1125899908797227 ,
      1125899908872191 , 1125899908903723 , 1125899908906081 ,1125899908907581]
n = prod(ftr_n)
p=n+1
y=p-1
Fp=GF(p)
#generator
g=Fp(2)
#input
h=Fp(p-17025)
print(p)

In [None]:
gi = [0 for i in range(0,41)]
#calculate g^(n/pi)
for i in range(0,41):                        
    gi[i] = pow(2, ftr_n[i], p)

hi = [0 for i in range(0,41)]
#calculate h^(n/pi)
for i in range(0,41):                          
    hi[i] = pow(h, ftr_n[i], p)    


In [None]:
print(gi)
#print(hi)

In [None]:
#Pollard rho algorithm
#Flyod's cycle  dection algorthm 

def rho(x, y, small_prime):
    # interger mod small prime ring 
    I=IntegerModRing(small_prime)
    # storing random number intmodring  in A and B 
    A=[I.random_element() for i in range(5)]
    B=[I.random_element() for i in range(5)]
    T=[x^Integer(A[i]) * y^Integer(B[i]) for i in range(5)]
    # intialise both hare and tortoise with same postion
    tortoise_1 = Fp(1)
    hare_1 = Fp(1)
    # intialise all with 0
    tortoise_2 = I(0)
    tortoise_3 = I(0) 
    hare_2 = I(0)
    hare_3 = I(0) 
    while True:
        #tortoise
        u1= hash(tortoise_1) % 5  
        tortoise_1,tortoise_2,tortoise_3 = (tortoise_1*T[u1], tortoise_2+A[u1], tortoise_2+B[u1])
        #hare
        u2=hash(hare_1) % 5
        hare_1,hare_2,hare_3 = (hare_1*T[u2], hare_2+A[u2], hare_3+B[u2])
        u2=hash(hare_1) % 5
        hare_1,hare_2,hare_3 = (hare_1*T[u2], hare_2+A[u2], hare_3+B[u2])
        # collision criteria 
        if tortoise_1 == hare_1:
            if tortoise_3 != hare_3:
                # inverse criteria
                t=(tortoise_2-hare_2)*(hare_3-tortoise_3)^-1
                l=ZZ(t)
                if x^l == y:
                    return l
                    break

In [None]:
# Pohlig hellman attack 
b=[]
for i in range(0,41):
    a=rho(gi[i],hi[i],ftr_n[i])
    b.append(a)
print(b)

In [None]:
print(b)

In [None]:
# Solve CRT to get DLp
e=CRT(b,ftr_n)
print(e)

In [None]:
#checking reverse of dicrete logithmn
p-g^e

In [None]:
# simpler way to calculate discrete log
p=229626151646308923208893571434184912262527127005589389913423773029616146870270981312233491244937586913278192632890820687271771863577545792054112926066459589967354582901176287565811772801486485394056789364088708144314472899994335732710361120555238838085890219340675655338221069639977391699796720545362369833651290346341044207937143725720416109629312040984230306136265893863048506847534929639288121249772633565541096437053882503179057481530773722265537626861929987358860161135562777550683921601942022364694160613747480864570241737010815368992657418997843438431917252335086683764689042045743262370238816323
a=mod(p-17025,p); a.log(2)