Collision bounds for the additive Pollard rho algorithm for solving discrete logarithms
نویسندگان
چکیده
We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. Unlike the setting studied by Kim et al., we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound O. p jGj/ by a factor of p log jGj and are based on mixing time estimates for random walks on finite abelian groups due to Dou and Hildebrand.
منابع مشابه
Non-degeneracy of Pollard Rho Collisions
The Pollard ρ algorithm is a widely used algorithm for solving discrete logarithms on general cyclic groups, including elliptic curves. Recently the first nontrivial runtime estimates were provided for it, culminating in a sharp O( √ n) bound for the collision time on a cyclic group of order n [4]. In this paper we show that for n satisfying a mild arithmetic condition, the collisions guarantee...
متن کاملSpectral Analysis of Pollard Rho Collisions
We show that the classical Pollard ρ algorithm for discrete logarithms produces a collision in expected time O( √ n(log n)). This is the first nontrivial rigorous estimate for the collision probability for the unaltered Pollard ρ graph, and is close to the conjectured optimal bound of O( √ n). The result is derived by showing that the mixing time for the random walk on this graph is O((log n));...
متن کاملComputing elliptic curve discrete logarithms with improved baby-step giant-step algorithm
The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step giant-step algorithm (BSGS) or Pollard rho. Montgomery’s simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points X and Y , we can effici...
متن کاملSpeeding up elliptic curve discrete logarithm computations with point halving
Pollard rho method and its parallelized variants are at present known as the best generic algorithms for computing elliptic curve discrete logarithms. We propose new iteration function for the rho method by exploiting the fact that point halving is more efficient than point addition for elliptic curves over binary fields. We present a careful analysis of the alternative rho method with new iter...
متن کاملComputing elliptic curve discrete logarithms with the negation map
It is clear that the negation map can be used to speed up the computation of elliptic curve discrete logarithms with the Pollard rho method. However, the random walks defined on elliptic curve points equivalence class {±P} used by Pollard rho will always get trapped in fruitless cycles. We propose an efficient alternative approach to resolve fruitless cycles. Besides the theoretical analysis, w...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. Mathematical Cryptology
دوره 8 شماره
صفحات -
تاریخ انتشار 2012