Abstract
In Pollard's rho method, an iterating function f is used to define a sequence (y i) by y i+1=f(y i) for i=0,1, 2,..., with some starting value y0. In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their performances in experiments with elliptic curve groups. Our experiments show that one of our newly defined functions is expected to reduce the number of steps by a factor of approximately 0.8, in comparison with Pollard's originally used function, and we show that this holds independently of the size of the group order. For group orders large enough such that the run time for precomputation can be neglected, this means a real-time speed-up of more than 1.2.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
O. Atkin. The number of points on an elliptic curve modulo a prime. Manuscript.
R.P. Brent. An improved Monte Carlo factorization algorithm. BIT, 20:176–184, 1980.
A. Greenhalgh. Random walks on groups with subgroup invariance properties. PhD thesis, Department of Mathematics, Stanford University, 1989.
M. V. Hildebrand. Random walks supported on the random points of ℤ/nℤ. Probability Theory and Related Fields, 100:191–203, 1994.
D. E. Knuth. The art of computer programming. Volume 3: Sorting and searching. Addison-Wesley, Reading, Massachusetts, 1973.
N. Koblitz. A Course in Number Theory and Cryptography. Springer-Verlag, New York, 1987.
N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48:203–209, 1987.
F. Lehmann, M. Maurer, V. Müller, and V. Shoup. eco — a tool for elliptic curve group order computations, 1997. TI, Technische UniversitÄt Darmstadt.
LiDIA Group, Technische UniversitÄt Darmstadt. LiDIA — A library for computational number theory. Available from http://www.informatik.tudarmstadt.de/TI/LiDIA.
V. Miller. Uses of elliptic curves in cryptography. In Advances in Cryptology — CRYPTO '85, volume 218 of Lecture Notes in Computer Science, pages 417–426, 1986.
S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE-Transactions on Information Theory, 24:106–110, 1978.
J. M. Pollard. Monte Carlo methods for index computation (mod p). Mathematics of Computation, 32(143):918–924, 1978.
C. P. Schnorr and H. W. Lenstra, Jr. A Monte Carlo factoring algorithm with linear storage. Mathematics of Computation, 43(167):289–311, 1984.
D. Shanks. Class number, a theory of factorization and genera. In Proc. Symp. Pure Math. 20, pages 415–440. AMS, Providence, R.I., 1971.
J. Silverman. The arithmetic of elliptic curves. Springer-Verlag, 1986.
E. Teske. New algorithms for finite abelian groups. PhD thesis, Technische UniversitÄt Darmstadt, 1998.
E. Teske. A space efficient algorithm for group structure computation. To appear in Mathematics of Computation, 1998.
P. C. van Oorschot and M. J. Wiener. Parallel collision search with cryptanalytic applications. To appear in Journal of Cryptology.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Teske, E. (1998). Speeding up Pollard's rho method for computing discrete logarithms. In: Buhler, J.P. (eds) Algorithmic Number Theory. ANTS 1998. Lecture Notes in Computer Science, vol 1423. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0054891
Download citation
DOI: https://doi.org/10.1007/BFb0054891
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64657-0
Online ISBN: 978-3-540-69113-6
eBook Packages: Springer Book Archive