On random walks for Pollard's rho method

We consider Pollard's rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its performance is worse than in the random case. We study alternative walks that can be efficiently applied to compute discrete logarithms. We introduce a class of walks that lead to the same performance as expected in the random case. We show that this holds for arbitrarily large prime group orders, thus making Pollard's rho method for prime group orders about 20% faster than before.

[1]  R. Brent,et al.  Factorization of the eighth Fermat number , 1981 .

[2]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[3]  M. V. Wilkes,et al.  The Art of Computer Programming, Volume 3, Sorting and Searching , 1974 .

[4]  Howard M. Heys,et al.  Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography , 1999 .

[5]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[6]  R. Gallant,et al.  Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves , 1998 .

[7]  Edlyn Teske,et al.  A space efficient algorithm for group structure computation , 1998, Math. Comput..

[8]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[9]  E. Bender,et al.  Random mappings with constraints on coalescence and number of origins , 1982 .

[10]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[11]  Andrew Chi-Chih Yao,et al.  The Complexity of Finding Cycles in Periodic Functions , 1982, SIAM J. Comput..

[12]  B. Harris PROBABILITY DISTRIBUTIONS RELATED TO RANDOM MAPPINGS , 1960 .

[13]  Jack Jie Dai,et al.  Random random walks on the integers mod n , 1997 .

[14]  Johannes Buchmann,et al.  LiDIA : a library for computational number theory , 1995 .

[15]  N. S. Barnett,et al.  Private communication , 1969 .

[16]  J. Pollard A monte carlo method for factorization , 1975 .

[17]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[18]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[19]  Edlyn Teske,et al.  Speeding Up Pollard's Rho Method for Computing Discrete Logarithms , 1998, ANTS.

[20]  C. Schnorr,et al.  A Monte Carlo factoring algorithm with linear storage , 1984 .

[21]  Edlyn Teske,et al.  New algorithms for finite Abelian groups , 1998 .

[22]  Private Communications , 2001 .

[23]  Martin Hildebrand,et al.  Random walks supported on random points ofZ/nZ , 1994 .