Considering the difficult problem under classical computing model can be solved by the quantum algorithm in polynomial time, t-multiple discrete logarithm problems presented. The problem is non-degeneracy and unique solution. We talk about what the parameter effects the problem solving difficulty. Then we pointed out that the index-calculus algorithm is not suitable for the problem, and two sufficient conditions of resistance to the quantum algorithm for the hidden subgroup problem are given.
Quantum computation is an entirely new mode. Deutsch algorithm is the first quantum algorithm [1] , which shows the power of parallelism computation. And the research on the quantum computation has been attracted widespread attention. Shor's quantum algorithm [2] and Grover's quantum search algorithm [3] have been presented, especially Shor's algorithm which can solve integer factorization and discrete logarithm problem in polynomial time. Then the public-key crypto is under serious threat. Shor's algorithm can be reduced to the quantum algorithm for the hidden subgroup problem [4] , which is a pervasive quantum algorithm with polynomial time. Thus the problem can be solved in polynomial time, which can be reduced to hidden subgroup problem. Subsequently, more and more quantum algorithms have been presented [5]~ [8] . However, whether is there an effective quantum algorithm for the difficult problem under classical computing mode? NPC problem (Non-deterministic Polynomial-complete problem) can't be efficiently solved on quantum computer. Thus NPC problem is the preferred security basis of the cryptographic algorithm, which can resist the quantum computing attack.
At present, public-key crypto based on NPC problem mainly has four categories: public-key crypto based on error correction of coding, braid group, multiple variant equation and lattice. The public-key crypto based on error correction of coding has more secret keys, which is not practical. The security of the public-key crypto based on braid group and multiple variant equation are be called into question. And if the public-key crypto based on lattice with special properties, it is vulnerable, such as AD public-key crypto [9] . Thus finding a new difficult problem is worth further studying.
In this paper, t -multiple discrete logarithm problem ( t -MDLP) is presented. The solving difficulty of t-MDLP is analyzed. If the parameters don’t satisfy two sufficient conditions, the problem can’t resist the quantum algorithm for the hidden subgroup problem.
Discrete logarithm problem is difficult under classical computing model. Definition 1(Discrete logarithm problem) [10] Let G be a cyclic group of order n . And is a generator
At present, index-calculus algorithm [10] is the optimal algorithm for the discrete logarithm problem, which is as follows.
A factor base
And mc relations of the form (1) can be obtained ( c is a small positive integer, e. The index-calculus algorithm is suitable for the discrete logarithm problem over finite field, whose computation complexity is sub-exponential [10] .
Shor’s quantum algorithm can solve the discrete logarithm problem in polynomial time [2] .
.
Thus we can obtain this property.
. Thus t-MDLP is equivalent to discrete logarithm problem. And Shor’s quantum algorithm can solve t-MDLP. How to avoid this case will be analyzed as below.
Lemma 1 [11] The sufficient and necessary condition for the solvability of In definition 2, the order of 12 , , , t g g g is unknown to attackers. Thus, the computation complexity of t-MDLP will not be reduced by their order.
The index-calculus algorithm [10] is the most powerful method known for computing discrete logarithm. The technique employed does not apply to all groups, such as cyclic group G of order n , but when it does, it often gives a subexponential-time algorithm. First, the algorithm constructs the linear equations of
Thus (3) is equivalent to (4), i.e. 12 , , , t k k k can’t be solved by constructing the system of linear equations.
In conclusion, the index-calculus algorithm is not suit for solving t-MDLP.
At present, most of the quantum algorithm with polynomial time can be reduced to the quantum algorithm for the hidden subgroup problem, which is a general algorithm.
If the parameter of t-MDLP doesn’t satisfy the case in theorem 1, i.e. there is k satisfying
, k can be obtained by Shor’s algorithm. Proof: According to theorem 1 and 2, we can obtain theorem 3. ■ As we know, there is a polynomial-time quantum algorithm for the hidden subgroup problem [4] . If the problem can be reduced to the hidden problem, it can be solved, such as factorization and logarithm problem. And Shor’s quantum algorithm is a particular circumstance of the quantum algorithm for the hidden
)In fact, t-MDLP is the composition of discrete logarithm problem. Thus t-MDLP is harder than or equivalent to discrete logarithm problem under classical computation mode.The property of t-MDLP is analyzed as below. Property 1 t-MDLP can’t degenerate into (t-1)-MDLP. Proof: In definition 2, if t-MDLP degenerate into (t-1)-MDLP, there are 1 1 1 , , , , ,
)In fact, t-MDLP is the composition of discrete logarithm problem. Thus t-MDLP is harder than or equivalent to discrete logarithm problem under classical computation mode.
)
■ Property 1 shows that t-MDLP has non-degeneracy. Property 2 The solution of t-MDLP is unique. Proof: In definition 2, the solution of t-MDLP isn’t unique, there
This content is AI-processed based on open access ArXiv data.
