Collision Bounds for the Additive Pollard Rho Algorithm for Solving Discrete Logarithms.

We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. ... Unlike the setting studied by Kim et al. we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. ... Acknowledgements We are grateful to Arjen Lenstra for the careful reading of the draft and for the numerous helpful comments and discussions. ...

doi:10.1515/jmc-2012-0032 fatcat:nb3bcshajzct7b24zx3z2bow6a

DOAJ

This paper extends the analysis of Pollard's rho algorithm for solving a single instance of the discrete logarithm problem in a finite cyclic group G to the case of solving more than one instance of the ... discrete logarithm problem in the same group G. ... As already explained, the time for finding a discrete logarithm with parallel Pollard-rho can be divided in two phases, the time until a collision occurs and the time needed for its detection. ...

doi:10.1007/3-540-45537-x_17 fatcat:adzsg6kjpbhs7na4b4ujokqq2a

We show that the classical Pollard rho algorithm for discrete logarithms produces a collision in expected time O(sqrt(n)(log n)^3). ... This is the first nontrivial rigorous estimate for the collision probability for the unaltered Pollard rho graph, and is close to the conjectured optimal bound of O(sqrt(n)). ... Acknowledgements: the authors wish to thank R. Balasubramanian, Michael Ben-Or, Noam Elkies, David Jao, László Lovász, and Prasad Tetali for helpful discussions and comments. ...

arXiv:math/0603727v2 fatcat:dhjeetqv35a3zkh7sfikclikji

Multiple Versions

We analyze a fairly standard idealization of Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group G. ... It is found that, with high probability, a collision occurs in O(√(|G| |G| |G|)) steps, not far from the widely conjectured value of Θ(√(|G|)). ... Pollard suggested algorithms to help solve both factoring large integers [11] and the discrete logarithm problem [12] . ...

doi:10.1109/focs.2007.38 dblp:conf/focs/BarakM07 fatcat:xkobb74ryzb6zpq3yvlsejiyjq

Multiple Versions

The Pollard Rho algorithm is a widely used algorithm for solving discrete logarithms on general cyclic groups, including elliptic curves. ... In this paper we show that for n satisfying a mild arithmetic condition, the collisions guaranteed by these results are nondegenerate with high probability: that is, the Pollard Rho algorithm successfully ... Introduction The Pollard ρ algorithm is, to date, the leading algorithm for solving discrete logarithm problems on general groups, including elliptic curves. The algorithm can be stated as follows. ...

arXiv:0808.0469v2 fatcat:pc46mdblbne6xcxfotqyn2gmuy

Multiple Versions

We analyze a fairly standard idealization of Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group G. ... It is found that, with high probability, a collision occurs in O( |G| log |G| log log |G|) steps, not far from the widely conjectured value of Θ( |G|). ... Pollard suggested algorithms to help solve both factoring large integers [11] and the discrete logarithm problem [12] . ...

doi:10.1109/focs.2007.4389494 fatcat:435sta3mj5e4fkvkumr3mes6q4

As an application, we analyze Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group G and find that if the partition in the algorithm is given by a random oracle, then with high ... These are the first proofs of the correct order bounds which do not assume that every step of the algorithm produces an i.i.d. sample from G. ... Acknowledgments The authors thank S. Kijima, S. Miller, I. Mironov, R. Venkatesan and D. Wilson for several helpful discussions. ...

doi:10.1214/09-aap625 fatcat:7zifzornsjc2rpfoiuqf4dd6pm

Szczepanski Multiple Versions

Hence our algorithm suggests that the order of subgroups, on which the pairing-based cryptosystems rely, needs to be increased by a factor of approximately m. keywords: discrete logarithm problem, pairing ... In this paper, we propose a variant of the Pollard rho method. ... We remark that, while we have achieved complexity lower than the straightforward application of Pollard rho, this does not conflict with the complexity lower bound known [18] for generic algorithms solving ...

doi:10.1007/978-3-642-00468-1_4 fatcat:ae33yhds3jfphijs3ogzq3zhpa

As an application, we analyze Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group G and find that if the partition in the algorithm is given by a random oracle, then with high ... These are the first proofs of the correct order bounds which do not assume that every step of the algorithm produces an i.i.d. sample from G. ... Our intent in generalizing the Birthday Paradox was to bound the collision time of the Pollard Rho algorithm for discrete logarithm. As such, we briefly introduce the algorithm here. ...

doi:10.1007/978-3-540-79456-1_27 fatcat:nzgu6att2rathkm7g4i6n7mtky

Keywords Elliptic curve discrete logarithm problem (ECDLP) · Summation polynomials · Pollard rho · Index calculus Introduction Let E be an elliptic curve over a finite field Fq, where q = p n and p is ... We survey recent work on the elliptic curve discrete logarithm problem. In particular we review index calculus algorithms using summation polynomials, and claims about their complexity. ... The second author also thanks Maike Massierer, Pierre-Jean Spaenlehauer and Vanessa Vitse for various discussions on the topic. ...

doi:10.1007/s10623-015-0146-7 fatcat:sh5w53c3hnbhzilz7jrht6fzmy

) and the Pollard rho method (for probabilistic algorithms). ... The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step-giant-step algorithm (BSGS) or Pollard rho. ... Acknowledgements The authors thank Siouxsie Wiles for assistance with the graphs. ...

doi:10.3934/amc.2017038 fatcat:xnlmk7eavzgnxayycn4zlt2tp4

The r-adding walk is an iterating function used with the Pollard rho algorithm and is known to require less iterations than Pollard's original iterating function in reaching a collision. ... In practice, our rudimentary implementation of the proposed method increased the speed of Pollard rho with r-adding walks by a factor of more than 10 for 1024-bit random primes p. ... This work was supported by the Korea Science and Engineering Foundation (KOSEF) grant (No. R01-2008-000-11287-0). ...

doi:10.1007/978-3-540-89255-7_29 fatcat:45segiuulnclrhu575no7kuxti

We show how to substitute hashing by performing multiplications on Elliptic Curves in order to find distinguished points that can then be used to solve the discrete logarithm problem on a chosen curve. ... In principle all cryptanalytic algorithms that use Rabin's idea of distinguished points can be used in blockchain based attacks. Similar ideas can be used for the number field sieve. ... This choice of a small T does not influence the performance of the parallel Pollard-Rho algorithm. ...

dblp:journals/iacr/Lochter18 fatcat:n4m3hhgqjbgb3jq5jrms5fiwre

The first practical public key cryptosystem ever published, the Diffie-Hellman key exchange algorithm, relies for its security on the assumption that discrete logarithms are hard to compute. ... Since the introduction of the Diffie-Hellman key exchange more than three decades ago, there have been substantial algorithmic advances in the computation of discrete logarithms. ... Recall that as in Pollard Rho, we wish to find a collision of f in order to compute the desired discrete logarithm. ...

doi:10.1007/978-3-319-10683-0_2 fatcat:ykp3rhh2lnhn5ml4otrrfszoii

The Pollard kangaroo method computes discrete logarithms in arbitrary cyclic groups. ... This makes the kangaroo method the most powerful method to solve the discrete logarithm problem in this situation. ... The author is grateful to the Mathematical Sciences Research Institute (MSRI) in Berkeley, CA for its hospitality for a month in the Fall 2000 during its program on Algorithmic Number Theory. ...

doi:10.1016/s0166-218x(02)00590-5 fatcat:jktt4mumnfbvnnu6dtbatof6qy

Szczepanski

Collision bounds for the additive Pollard rho algorithm for solving discrete logarithms

Preserved Fulltext

Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing Multiple Discrete Logarithms [chapter]

Preserved Fulltext

Spectral Analysis of Pollard Rho Collisions [article]

Preserved Fulltext

Other Versions

Near Optimal Bounds for Collision in Pollard Rho for Discrete Log

Preserved Fulltext

Other Versions

Non-degeneracy of Pollard Rho Collisions [article]

Preserved Fulltext

Other Versions

Near Optimal Bounds for Collision in Pollard Rho for Discrete Log

Preserved Fulltext

A Birthday Paradox for Markov chains with an optimal bound for collision in the Pollard Rho algorithm for discrete logarithm

Preserved Fulltext

Other Versions

Subset-Restricted Random Walks for Pollard rho Method on ${\mathbf{F}_{p^m}}$ [chapter]

Preserved Fulltext

A Birthday Paradox for Markov Chains, with an Optimal Bound for Collision in the Pollard Rho Algorithm for Discrete Logarithm [chapter]

Preserved Fulltext

Recent progress on the elliptic curve discrete logarithm problem

Preserved Fulltext

Computing elliptic curve discrete logarithms with improved baby-step giant-step algorithm

Preserved Fulltext

Speeding Up the Pollard Rho Method on Prime Fields [chapter]

Preserved Fulltext

Blockchain as cryptanalytic tool [article]

Preserved Fulltext

The Past, Evolving Present, and Future of the Discrete Logarithm [chapter]

Preserved Fulltext

Computing discrete logarithms with the parallelized kangaroo method

Preserved Fulltext