Non-degeneracy of Pollard Rho Collisions
نویسندگان
چکیده
The Pollard ρ algorithm is a widely used algorithm for solving discrete logarithms on general cyclic groups, including elliptic curves. Recently the first nontrivial runtime estimates were provided for it, culminating in a sharp O( √ n) bound for the collision time on a cyclic group of order n [4]. In this paper we show that for n satisfying a mild arithmetic condition, the collisions guaranteed by these results are nondegenerate with high probability: that is, the Pollard ρ algorithm successfully finds the discrete logarithm.
منابع مشابه
Spectral Analysis of Pollard Rho Collisions
We show that the classical Pollard ρ algorithm for discrete logarithms produces a collision in expected time O( √ n(log n)). This is the first nontrivial rigorous estimate for the collision probability for the unaltered Pollard ρ graph, and is close to the conjectured optimal bound of O( √ n). The result is derived by showing that the mixing time for the random walk on this graph is O((log n));...
متن کاملTwo grumpy giants and a baby
Pollard’s rho algorithm, along with parallelized, vectorized, and negating variants, is the standard method to compute discrete logarithms in generic prime-order groups. This paper presents two reasons that Pollard’s rho algorithm is farther from optimality than generally believed. First, “higherdegree local anti-collisions” make the rho walk less random than the predictions made by the convent...
متن کاملA canonical path approach to bounding collision time for Pollard’s Rho algorithm
We show how to apply the canonical path method to a non-reversible Markov chain with no holding probability: a random walk used in Pollard’s Rho algorithm for discrete logarithm. This is used to show that the Pollard Rho method for finding the discrete logarithm on a cyclic group G requires O( √ |G| (log |G|)3/2) steps until a collision occurs and discrete logarithm is possibly found, not far f...
متن کاملOn the Use of the Negation Map in the Pollard Rho Method
The negation map can be used to speed up the Pollard rho method to compute discrete logarithms in groups of elliptic curves over finite fields. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effect...
متن کاملSubset-Restricted Random Walks for Pollard rho Method on Fpm
In this paper, we propose a variant of the Pollard rho method. We use an iterating function whose image size is much smaller than its domain and hence reaches a collision faster than the original iterating function. We also explicitly show how this general method can be applied to multiplicative subgroups of finite fields with large extension degree. The construction for finite fields uses a di...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/0808.0469 شماره
صفحات -
تاریخ انتشار 2008