Speeding Up the Pollard Rho Method on Prime Fields

We propose a method to speed up the r -adding walk on multiplicative subgroups of the prime field. The r -adding walk is an iterating function used with the Pollard rho algorithm and is known to require less iterations than Pollard's original iterating function in reaching a collision. Our main idea is to follow through the r -adding walk with only partial information about the nodes reached. The trail traveled by the proposed method is a normal r -adding walk, but with significantly reduced execution time for each iteration. While a single iteration of most r -adding walks on F p require a multiplication of two integers of logp size, the proposed method requires an operation of complexity only linear in logp , using a pre-computed table of size O ((logp ) r + 1·loglogp ). In practice, our rudimentary implementation of the proposed method increased the speed of Pollard rho with r -adding walks by a factor of more than 10 for 1024-bit random primes p .

[1]  Edlyn Teske,et al.  Speeding Up Pollard's Rho Method for Computing Discrete Logarithms , 1998, ANTS.

[2]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[3]  Donald E. Knuth,et al.  The Art of Computer Programming: Volume 3: Sorting and Searching , 1998 .

[4]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[5]  Gabriel Nivasch,et al.  Cycle detection using a stack , 2004, Inf. Process. Lett..

[6]  R. Gallant,et al.  Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves , 1998 .

[7]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[8]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[9]  Andrew Chi-Chih Yao,et al.  The Complexity of Finding Cycles in Periodic Functions , 1982, SIAM J. Comput..

[10]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[11]  C. Schnorr,et al.  A Monte Carlo factoring algorithm with linear storage , 1984 .

[12]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[13]  Leonard M. Adleman,et al.  A subexponential algorithm for the discrete logarithm problem with applications to cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[14]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[15]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[16]  Arnold Schönhage,et al.  Schnelle Multiplikation großer Zahlen , 1971, Computing.

[17]  Donald Ervin Knuth,et al.  The Art of Computer Programming, Volume II: Seminumerical Algorithms , 1970 .

[18]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[19]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[20]  Richard P. Brent,et al.  An improved Monte Carlo factorization algorithm , 1980 .

[21]  Donald E. Knuth,et al.  The art of computer programming: sorting and searching (volume 3) , 1973 .

[22]  Edlyn Teske On random walks for Pollard's rho method , 2001, Math. Comput..

[23]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[24]  Iwan M. Duursma,et al.  Speeding up the Discrete Log Computation on Curves with Automorphisms , 1999, ASIACRYPT.

[25]  Jean-Jacques Quisquater,et al.  How Easy is Collision Search? Application to DES (Extended Summary) , 1990, EUROCRYPT.

[26]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’89 , 1991, Lecture Notes in Computer Science.

[27]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[28]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[29]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.