A canonical path approach to bounding collision time for Pollard’s Rho algorithm
نویسنده
چکیده
We show how to apply the canonical path method to a non-reversible Markov chain with no holding probability: a random walk used in Pollard’s Rho algorithm for discrete logarithm. This is used to show that the Pollard Rho method for finding the discrete logarithm on a cyclic group G requires O( √ |G| (log |G|)3/2) steps until a collision occurs and discrete logarithm is possibly found, not far from the widely conjectured value of Θ( √ |G|). Conversely, we find that arguments based on spectral gap, spectral profile or log-Sobolev cannot be used to show the correct mixing bound of the Pollard Rho walk, while coupling can give at best a small improvement on our current bound for collision time.
منابع مشابه
An Efficient Collision Detection Method for Computing Discrete Logarithms with Pollard's Rho
Pollard’s rho method and its parallelized variant are at present known as the best generic algorithms for computing discrete logarithms. However, when we compute discrete logarithms in cyclic groups of large orders using Pollard’s rho method, collision detection is always a high time and space consumer. In this paper, we present a new efficient collision detection algorithm for Pollard’s rho me...
متن کاملNew Collisions to Improve Pollardâs Rho Method of Solving the Discrete Logarithm Problem on Elliptic Curves
It is true that different approaches have been utilised to accelerate the computation of discrete logarithm problem on elliptic curves with Pollard’s Rho method. However, trapping in cycles fruitless will be obtained by using the random walks with Pollard’s Rho. An efficient alternative approach that is based on new collisions which are reliant on the values ai , bi to solve this problem is pro...
متن کاملOn random walks of Pollard’s rho method for the ECDLP on Koblitz curves
Pollard’s rho method is the asymptotically fastest known attack for the elliptic curve discrete logarithm problem (ECDLP) except special cases. It works by giving a pseudo-random sequence defined by an iteration function and then detecting a collision in the sequence. We note that the number of iterations before obtaining a collision is significant for the running time of the rho method and dep...
متن کاملOn a Probabilistic Algorithm Solving Discrete Logarithm Problem
Recently, Gadiyar et al. presented a probabilistic algorithm solving discrete logarithm problem over finite fields. In this paper, we compare the running time of this algorithm with Pollard’s rho algorithm and we improve the required memory of the algorithm as a negligable memory by using some collision detection algorithms. 2000 Mathematics Subject Classification: 11Y16.
متن کاملA Near Optimal Bound for Pollard’s Rho to Solve Discrete Log
We analyze the classical Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. We prove that, with high probability, a collision occurs and the discrete logarithm is potentially found in O( √ |G| log |G| log log |G|) steps, not far from the widely conjectured value of Θ( √ |G|). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O( √...
متن کامل