Discrete Logarithm Calculator

gˣ ≡ h (mod p)

CalculatorsFreeNo Signup
4.4(137 reviews)
All Tools

Loading tool...

About Discrete Logarithm Calculator

A discrete logarithm calculator solving gˣ ≡ h (mod p) using the baby-step giant-step algorithm. Shows computation steps, verifies the solution, and displays the order of g. Fundamental to cryptography. All calculations are client-side.

Discrete Logarithm Calculator Features

  • BSGS solver
  • Step-by-step
  • Verification
  • Order of g
  • Table
Discrete logarithm: find x such that gˣ ≡ h (mod p). Easy to compute gˣ (fast exponentiation) but hard to invert (no efficient classical algorithm). Baby-step giant-step: O(√p) time and space. Security of Diffie-Hellman, ElGamal, DSA depends on DLP hardness.

How to Use

Enter g, h, p:

  • g: Base (generator)
  • h: Target
  • p: Prime modulus

Baby-Step Giant-Step

Set m=⌈√n⌉ where n=ord(g). Baby steps: compute gʲ for j=0..m−1. Giant steps: compute h·(g⁻ᵐ)ⁱ for i=0..m−1. Match gives x=im+j. O(√n) time and space.

Cryptographic Importance

  • Diffie-Hellman key exchange
  • ElGamal encryption
  • Digital Signature Algorithm (DSA)
  • Elliptic curve cryptography (ECDLP variant)

Step-by-Step Instructions

  1. 1Enter base g.
  2. 2Enter target h.
  3. 3Enter prime p.
  4. 4Solve for x.
  5. 5Verify gˣ ≡ h.

Discrete Logarithm Calculator — Frequently Asked Questions

Why is discrete log hard?+

No classical algorithm runs in polynomial time for general groups. Best: number field sieve O(exp(c·(ln p)^(1/3)·(ln ln p)^(2/3))). For 2048-bit primes, this is computationally infeasible. Quantum computers would solve it via Shor's algorithm.

How does baby-step giant-step work?+

Write x=im+j (0≤j<m). Then gˣ=g^(im+j)=gʲ·(gᵐ)ⁱ, so h·(g⁻ᵐ)ⁱ=gʲ. Precompute all gʲ (baby steps), then check h·(g⁻ᵐ)ⁱ against the table (giant steps). A match gives x. Runs in O(√p) time and space.

What if g is not a primitive root?+

The solution exists iff h is in the subgroup generated by g (i.e., h^(n/ord(g)) ≡ 1). If it exists, the solution is unique modulo ord(g), and there are gcd(n,ord(g))/ord(g)·n solutions modulo n total.

More Calculators Tools

Explore all 639 other calculators tools available on Generatr

1-Sample Z-Test Calculator2-Sample Z-Test Calculator3D Surface Area CalculatorA/B Testing Significance CalculatorAbsolute Value CalculatorAbundant Number CheckerAccelerated Aging CalculatorAchromatic Number CalculatorAcyclic Chromatic Number CalculatorAdditive Persistence CalculatorAge CalculatorAging Test CalculatorAlbertson Index CalculatorAlgebraic Connectivity CalculatorAliquot Sequence CalculatorAliquot Sum CalculatorAlternating Series Test CalculatorAmicable Number FinderAnnuity CalculatorAPY CalculatorAquarium CO2 Drop CheckerArea CalculatorArea Under Curve CalculatorArithmetic Sequence CalculatorArmstrong Number CalculatorASCVD Risk CalculatorAspect Ratio CalculatorAtom Bond Connectivity CalculatorAugmented Eccentric Connectivity CalculatorAugmented Zagreb Index Calculator
View all 639 calculators tools
Share this tool: