Intersection Coupling for birthday attacks and collision of independent walks on Z

We develop a version of coupling which can be used to study many birthday attacks, simplifying a key step in past analysis and making it possible to extend the analysis to additional problems. This leads us to confirm a conjecture of Pollard’s that the Kangaroo method starting in an interval of size N with steps sizes {x}k=1 for fixed x has the same collision time of (2 + o(1)) √ N as does x = 2. Furthermore we partially answer a question he poses regarding the case when the number of generators d is fixed and the base x is variable, by showing that when d = 3 the collision time is order O( √ N ln N) and giving strong evidence that it is Θ( √ N ln N), while for d ≥ 4 the collision time is shown to be order Θ(√N).