Abstract:In Pollard's rho method, an iterating function f is used to define a sequence (yi) by yi+l = f(yi) for i = 0, 1, 2,..., with some starting value yo. In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their performances in experiments with elliptic curve groups. Our experiments show that one of our newly defined functions is expected to reduce the number of steps by a factor of approximately 0.8, in comparison with Pollard's originally … Show more
“…This implies these collisions not only have always occurred but the probability of a collision has also significantly increased if it compared with original method. It can be concluded that the proposed improved method will be better than the original pollard's Rho method and these alternative collisions can also be applied to previo us proposed improvements such that dividing the group into about 20 sets (Teske, 1998;2001). …”
Section: Comparison Between Methodsmentioning
confidence: 97%
“…Despite the fact that there are several attacking methods to resolve ECDLP, Pollard's Rho method (Pollard, 1980) not only is at present known as the fastest algorithm to resolve the discrete logarithm problem on elliptic curves, but its parallelized variant as well because its mathematical operations is less than other methods like Baby-Step Giant-Step (Shanks, 1971). This encourages researchers to utilise from automorphism of the group (Duursma et al, 1990), random walk on certain equivalence classes (Wiener and Zuccherato, 1999;Gallant et al, 2000), parallelization (Oorschot and Wiener, 1999), iteration function (Teske, 1998;2001), negation map (Wang and Zhang, 2012) or cycle detection (Brent, 1980;Cheon et al, 2012;Ezzouak et al, 2014) to improve this attacking method. This paper will provide a new approach by using the theorem that proposed by (Sadkhan and Neamah, 2011) to improve Pollard's Rho method which use alternative collisions to resolve the ECDLP.…”
It is true that different approaches have been utilised to accelerate the computation of discrete logarithm problem on elliptic curves with Pollard's Rho method. However, trapping in cycles fruitless will be obtained by using the random walks with Pollard's Rho. An efficient alternative approach that is based on new collisions which are reliant on the values a i , b i to solve this problem is proposed. This may requires less iterations than Pollard's Rho original in reaching collision. Thus, the performance of Pollard's Rho method is more efficiently because the improved method not only reduces the number of mathematical operations but these collisions can also applied on previous improvements which reported in the literature.
“…This implies these collisions not only have always occurred but the probability of a collision has also significantly increased if it compared with original method. It can be concluded that the proposed improved method will be better than the original pollard's Rho method and these alternative collisions can also be applied to previo us proposed improvements such that dividing the group into about 20 sets (Teske, 1998;2001). …”
Section: Comparison Between Methodsmentioning
confidence: 97%
“…Despite the fact that there are several attacking methods to resolve ECDLP, Pollard's Rho method (Pollard, 1980) not only is at present known as the fastest algorithm to resolve the discrete logarithm problem on elliptic curves, but its parallelized variant as well because its mathematical operations is less than other methods like Baby-Step Giant-Step (Shanks, 1971). This encourages researchers to utilise from automorphism of the group (Duursma et al, 1990), random walk on certain equivalence classes (Wiener and Zuccherato, 1999;Gallant et al, 2000), parallelization (Oorschot and Wiener, 1999), iteration function (Teske, 1998;2001), negation map (Wang and Zhang, 2012) or cycle detection (Brent, 1980;Cheon et al, 2012;Ezzouak et al, 2014) to improve this attacking method. This paper will provide a new approach by using the theorem that proposed by (Sadkhan and Neamah, 2011) to improve Pollard's Rho method which use alternative collisions to resolve the ECDLP.…”
It is true that different approaches have been utilised to accelerate the computation of discrete logarithm problem on elliptic curves with Pollard's Rho method. However, trapping in cycles fruitless will be obtained by using the random walks with Pollard's Rho. An efficient alternative approach that is based on new collisions which are reliant on the values a i , b i to solve this problem is proposed. This may requires less iterations than Pollard's Rho original in reaching collision. Thus, the performance of Pollard's Rho method is more efficiently because the improved method not only reduces the number of mathematical operations but these collisions can also applied on previous improvements which reported in the literature.
“…Montenegro, Kim, and Tetali [9] showed that for Pollard's Rho walk τ = O(log 3 N ), while Hildebrand [8,18] showed that for Teske's additive walk τ = O * (N 2/(r−1) ). A slightly weaker notion of mixing should be used for Teske's process when r < 6, but we do not consider it here.…”
Abstract. Some of the most efficient algorithms for finding the discrete logarithm involve pseudo-random implementations of Markov chains, with one or more "walks" proceeding until a collision occurs, i.e. some state is visited a second time. In this paper we develop a method for determining the expected time until the first collision. We use our technique to examine three methods for solving discrete-logarithm problems: Pollard's Kangaroo, Pollard's Rho, and a few versions of Gaudry-Schost. For the Kangaroo method we prove new and fairly precise matching upper and lower bounds. For the Rho method we prove the first rigorous non-trivial lower bound, and under a mild assumption show matching upper and lower bounds. Our Gaudry-Schost results are heuristic, but improve on the prior limited understanding of this method. We also give results for parallel versions of these algorithms.
“…However, each processor could be working to find a different discrete logarithm as long as the iterating function used by all processors does not depend on the group element whose logarithm is sought. This requirement is satisfied by an iterating function f : G → G suggested by Teske [18], where G is partitioned into about 20 disjoint sets T i , each set is assigned a fixed randomly chosen group element g xi with known logarithm x i , and f (y) = yg xi if y ∈ T i .…”
Abstract. An open question about the asymptotic cost of connecting many processors to a large memory using three dimensions for wiring is answered, and this result is used to find the full cost of several cryptanalytic attacks. In many cases this full cost is higher than the accepted complexity of a given algorithm based on the number of processor steps. The full costs of several cryptanalytic attacks are determined, including Shanks' method for computing discrete logarithms in cyclic groups of prime order n, which requires n 1/2+o(1) processor steps, but when all factors are taken into account, has full cost n 2/3+o(1) . Other attacks analyzed are factoring with the number field sieve, generic attacks on block ciphers, attacks on double and triple encryption, and finding hash collisions. In many cases parallel collision search gives a significant asymptotic advantage over well-known generic attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.