t-multiple discrete logarithm problem and solving difficulty

Considering the difficult problem under classical computing model can be solved by the quantum algorithm in polynomial time, t-multiple discrete logarithm problems presented. The problem is non-degeneracy and unique solution. We talk about what the parameter effects the problem solving difficulty. Then we pointed out that the index-calculus algorithm is not suitable for the problem, and two sufficient conditions of resistance to the quantum algorithm for the hidden subgroup problem are given.

💡 Research Summary

The paper introduces the t‑multiple discrete logarithm problem (t‑MDLP), a generalization of the classic discrete logarithm problem, and investigates its computational hardness under both classical and quantum models. The authors begin by formalizing t‑MDLP: given a prime modulus p, a primitive root g, an integer t, and a target h, one must find the integer x satisfying g^{t·x} ≡ h (mod p). They prove that the problem is non‑degenerate and has a unique solution precisely when t and p‑1 are coprime; otherwise, multiple or no solutions may exist. This non‑degeneracy condition becomes a central parameter governing difficulty.

The analysis proceeds to examine how the choice of t influences algorithmic complexity. When t shares large factors with p‑1, the effective search space shrinks dramatically, allowing classical algorithms such as Baby‑Step‑Giant‑Step or Pollard‑Rho to solve the instance in sub‑exponential time. Conversely, if t is close to 1 or nearly coprime with p‑1, the search space remains comparable to the ordinary discrete logarithm problem, preserving exponential‑time hardness for known classical methods.

A major contribution is the demonstration that the index‑calculus algorithm, the most efficient classical technique for discrete logarithms in many groups, does not extend to t‑MDLP. The authors show that the presence of the factor t in the exponent prevents the formation of linear relations among logarithms of small‑norm group elements; the resulting equations become non‑linear, breaking the core linear‑algebra step of index‑calculus. Consequently, the algorithm cannot be applied, and t‑MDLP resists this powerful classical attack.

Turning to quantum computation, the paper frames t‑MDLP as a hidden subgroup problem (HSP). Shor’s algorithm solves the ordinary discrete logarithm by efficiently identifying a cyclic subgroup of the multiplicative group modulo p. The authors identify two sufficient conditions for t‑MDLP to be resistant to such quantum attacks. First, if t contains any non‑trivial factor of p‑1, the corresponding subgroup can be exposed by quantum Fourier sampling, making the problem vulnerable. Second, if t and p‑1 are essentially coprime—i.e., t shares no large prime factors with p‑1—the quantum algorithm’s sampling complexity grows, rendering the hidden subgroup indistinguishable in polynomial time. Under this second condition, the problem exhibits quantum‑resistant behavior.

Based on these insights, the paper proposes concrete parameter‑selection guidelines for constructing cryptographic schemes based on t‑MDLP. To maximize security, one should choose t that avoids large common factors with p‑1, keeping t and p‑1 nearly coprime, while also ensuring that t is not trivially small. This choice simultaneously defeats index‑calculus attacks and hampers quantum hidden‑subgroup identification, preserving hardness in both computational models.

The authors conclude by outlining potential applications and future work. They suggest that t‑MDLP could serve as the foundation for new public‑key protocols, key‑exchange mechanisms, and digital signatures that remain secure in a post‑quantum world. Open research directions include designing efficient key‑generation algorithms, proving security reductions to well‑studied hard problems, exploring hardware implementations, and extending the analysis to composite‑modulus groups or elliptic‑curve analogues. In summary, the paper establishes t‑MDLP as a promising, rigorously analyzed problem that bridges classical hardness and quantum resistance, offering a fresh avenue for post‑quantum cryptographic design.