Chapter 6. Discrete Logarithms

Table of Contents

Cyclic Groups and Generators
Discrete Logarithm Problem

Cyclic Groups and Generators

Some groups have an interesting property: all the elements in the group can be obtained by repeatedly applying the group operation to a particular group element. If a group has such a property, it is called a cyclic group and the particular group element is called a generator. A trivial example is the group Zn, the additive group of integers modulo n. In Zn, 1 is always a generator:

1 ≡ 1 mod n

1+1 ≡ 2 mod n

1+1+1 ≡ 3 mod n

...

1+1+1+...+1 ≡ n ≡ 0 mod n

If a group is cyclic, then there may exist multiple generators. For example, we know Z5 is a cyclic group. The element 1 is a generator for sure. And if we take a look at 2, we can find:

2 ≡ 2 mod 5

2+2 ≡ 4 mod 5

2+2+2 ≡ 6 ≡ 1 mod 5

2+2+2+2 ≡ 8 ≡ 3 mod 5

2+2+2+2+2 ≡ 10 ≡ 0 mod 5

So all the group elements {0,1,2,3,4} in Z5 can also be generated by 2. That is to say, 2 is also a generator for the group Z5.

Not every element in a group is a generator. For example, the identity element in a group will never be a generator. No matter how many times you apply the group operator to the identity element, the only element you can yield is the identity element itself. For example, in Zn, 0 is the identity element and 0+0+...+0 ≡ 0 mod n in all cases.

Not every group is cyclic. For example, Zn*, the multiplicative group modulo n, is cyclic if and only if n is 1 or 2 or 4 or pk or 2*pk for an odd prime number p and k ≥ 1. So Z5* must be a cyclic group because 5 is a prime number. Actually all the elements in Z5*, {1,2,3,4} can be generated by 2:

21 ≡ 2 mod 5

22 ≡ 4 mod 5

23 ≡ 8 ≡ 3 mod 5

24 ≡ 16 ≡ 1 mod 5

And Z12* is not a cyclic group. The elements in Z12* are: {1,5,7,11}. Obviously the identity element 1 cannot be a generator. Let's check the other three elements:

51 ≡ 5 mod 1271 ≡ 7 mod 12111 ≡ 11 mod 12
52 ≡25 ≡ 1 mod 1272 ≡ 49 ≡ 1 mod 12112 ≡ 121 ≡ 1 mod 12

None of the elements can generate the whole group. Therefore, none of them is a generator. So Z12* is indeed not cyclic.

If Zn* is cyclic and g is a generator of Zn*, then g is also called a primitive root modulo n.