A Preliminary Study on Methods to Eliminate Short Fruitless Cycles for Pollard's Rho Method for ECDLP over BN Curves

This paper discusses the conditions of fruitless cycles for Pollard's rho method with skew Frobenius mapping for elliptic curve discrete logarithm problem (ECDLP) over a Barreto-Naehrig (BN) curve. When a random walk pass achieves a fruitless cycle, the random walk pass must restart with a different starting point. There can be several methods to eliminate fruitless cycles of short lengths for BN curves based on the construction of a random walk table. Therefore, in this research, the authors give an analysis of the previous methods for a BN curve of order 349 with the mapping with experiments. The results show that several fruitless cycles of length two and three cannot be eliminated by the previous methods. The authors investigated the reason for degradation. As a result of the analysis, a new condition where a part of the fruitless cycles of any lengths occur is derived, and a new method to eliminate the fruitless cycles is proposed.