Discrete logarithms: The past and the future

The first practical public key cryptosystem to be published, the Diffie-Hel lman key exchange algorithm, was based on the assumption that discrete loga rithms are hard to compute. This intractability hypothesis is also the foun dation for the presumed security of a variety of other public key schemes. While there have been substantial advances in discrete log algorithms in th e last two decades, in general the discrete log still appears to be hard, e specially for some groups, such as those from elliptic curves. Unfortunatel y no proofs of hardness are available in this area, so it is necessary to r ely on experience and intuition in judging what parameters to use for crypt osystems. This paper presents a brief survey of the current state of the ar t in discrete logs.