Cubic Sieve Congruence of the Discrete Logarithm Problem, and fractional part sequences

Abstract

The Cubic Sieve Method for solving the Discrete Logarithm Problem in prime fields requires a nontrivial solution to the Cubic Sieve Congruence (CSC) $x^3\equiv y^{2}z(\mathrm{mod}p)$, where p is a given prime number. A nontrivial solution must also satisfy $x^3\ne y^{2}z$ and $1⩽x,y$, $z<p^{\alpha }$, where α is a given real number such that $\frac{1}{3}<\alpha ⩽\frac{1}{2}$. The CSC problem is to find an efficient algorithm to obtain a nontrivial solution to CSC. CSC can be parametrized as $x\equiv v^{2}z(\mathrm{mod}p)$ and $y\equiv v^{3}z(\mathrm{mod}p)$. In this paper, we give a deterministic polynomial-time ($O({\ln }^{3}p)$ bit-operations) algorithm to determine, for a given v, a nontrivial solution to CSC, if one exists. Previously it took $\tilde{O}(p^{\alpha })$ time in the worst case to determine this. We relate the CSC problem to the gap problem of fractional part sequences, where we need to determine the non-negative integers N satisfying the fractional part inequality $\{\theta N\}<\varphi$ (θ and ϕ are given real numbers). The correspondence between the CSC problem and the gap problem is that determining the parameter z in the former problem corresponds to determining N in the latter problem. We also show in the $\alpha =\frac{1}{2}$ case of CSC that for a certain class of primes the CSC problem can be solved deterministically in $\tilde{O}(p^{\frac{1}{3}})$ time compared to the previous best of $\tilde{O}(p^{\frac{1}{2}})$. It is empirically observed that about one out of three primes is covered by the above class.