Lazy Random Walk Efficient for Pollard’s Rho Method Attacking on G3 over Barreto–Naehrig Curve (Corrected)

Solving 94-bit ECDLP with 70 Computers in Parallel

Elliptic curve discrete logarithm problem(ECDLP) is one of problems on which the security of pairing-based cryptography is based. This paper considers Pollard’s rho method to evaluate the security of ECDLP on Barreto-Naehrig(BN) curve that is an efficient pairing-friendly curve. Some techniques are proposed to make the rho method efficient. Especially, the group structure on BN curve, distingui...

An investigation into Pollard’s Rho method for attacking Elliptic Curve Cryptosystems

A Pollard-like pseudorandom number generator over EC

In this short paper we propose a pseudorandom number generator over EC based on Pollardlike method. In contrast to the well known Elliptic Curve Random Number Generator (see e.g. ANSI and NIST draft standards) the generator is based on a random walk over the group of EC-points like in the original Pollard’s rho algorithm and only resembles a little bit the linear congruential generator over ell...

On random walks for Pollard's rho method

We consider Pollard’s rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its performance is worse than in the random case. We study alternative walks that can be efficiently applied to co...

A Near Optimal Bound for Pollard’s Rho to Solve Discrete Log

We analyze the classical Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. We prove that, with high probability, a collision occurs and the discrete logarithm is potentially found in O( √ |G| log |G| log log |G|) steps, not far from the widely conjectured value of Θ( √ |G|). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O( √...