Computing discrete logarithms in subfields of residue class rings

Recent breakthrough methods [GGMZ, Jou, BGJT] on computing discrete logarithms in small characteristic finite fields share an interesting feature in common with the earlier medium prime function field sieve method [JL]. To solve discrete logarithms in a finite extension of a finite field F, a polynomial h(x) ∈ F[x] of a special form is constructed with an irreducible factor g(x) ∈ F[x] of the desired degree. The special form of h(x) is then exploited in generating multiplicative relations that hold in the residue class ring F[x]/h(x)F[x] hence also in the target residue class field F[x]/g(x)F[x]. An interesting question in this context and addressed in this paper is: when and how does a set of relations on the residue class ring determine the discrete logarithms in the finite fields contained in it? We give necessary and sufficient conditions for a set of relations on the residue class ring to determine discrete logarithms in the finite fields contained in it. We also present efficient algorithms to derive discrete logarithms from the relations when the conditions are met. The derived necessary conditions allow us to clearly identify structural obstructions intrinsic to the special polynomial h(x) in each of the aforementioned methods, and propose modifications to the selection of h(x) so as to avoid obstructions. Joux's relation generation algorithm with our modified polynomial selection, the Barbulescu-Gaudry-Joux-Thome descent, the Pohlig-Hellman algorithm and our method for determining discrete logarithms in subfields of residue class rings together imply a heuristic quasi polynomial time algorithm for computing discrete logarithms in small characteristic finite fields. In addition, a generator (primitive element) for the multiplicative group of the finite field can be efficiently constructed by our method. This is especially interesting when the factorization of the order of the unit group (F[x]/g(x)F[x]) × is not known.