On the Use of the Negation Map in the Pollard Rho Method
نویسندگان
چکیده
The negation map can be used to speed up the Pollard rho method to compute discrete logarithms in groups of elliptic curves over finite fields. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. As a result, fruitless cycles can be resolved, but the best speedup we managed to achieve is by a factor of only 1.29. Although this is less than the speedup factor of √ 2 generally reported in the literature, it is supported by practical evidence.
منابع مشابه
Computing elliptic curve discrete logarithms with the negation map
It is clear that the negation map can be used to speed up the computation of elliptic curve discrete logarithms with the Pollard rho method. However, the random walks defined on elliptic curve points equivalence class {±P} used by Pollard rho will always get trapped in fruitless cycles. We propose an efficient alternative approach to resolve fruitless cycles. Besides the theoretical analysis, w...
متن کاملOn the Correct Use of the Negation Map in the Pollard rho Method
Bos, Kaihara, Kleinjung, Lenstra, and Montgomery recently showed that ECDLPs on the 112-bit secp112r1 curve can be solved in an expected time of 65 years on a PlayStation 3. This paper shows how to solve the same ECDLPs at almost twice the speed on the same hardware. The improvement comes primarily from a new variant of Pollard’s rho method that fully exploits the negation map without branching...
متن کاملOn the Use of the Negation Map in Pollard-Rho Method
In order to attack a cryptographic system that does not appear to have any exploitable flaw, one is reduced to solve a discrete logarithm problem, that is, in the context of elliptic curves, given P,Q two points on an elliptic curve, finding a ∈ [1, r− 1] (r being the order of P ) such that Q = aP . One method to do so is to construct a pseudo-random walk Wi = aiP + biQ ∈ 〈P 〉 so that finding a...
متن کاملOn the Analysis of Public-Key Cryptologic Algorithms
The RSA cryptosystem introduced in 1977 by Ron Rivest, Adi Shamir and Len Adleman is the most commonly deployed public-key cryptosystem. Elliptic curve cryptography (ECC) introduced in the mid 80’s by Neal Koblitz and Victor Miller is becoming an increasingly popular alternative to RSA offering competitive performance due the use of smaller key sizes. Most recently hyperelliptic curve cryptogra...
متن کاملComputing elliptic curve discrete logarithms with improved baby-step giant-step algorithm
The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step giant-step algorithm (BSGS) or Pollard rho. Montgomery’s simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points X and Y , we can effici...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010