Improving the Parallelized Pollard Rho Method for Computing Elliptic Curve Discrete Logarithms

Pollard rho method and its parallelized variant are at present known as the best generic algorithms for computing elliptic curve discrete logarithms. We design new iteration functions for the parallel rho method by exploiting the fact that for any two points P and Q, we can efficiently get P-Q when we compute P+Q. We present a careful analysis of the alternative rho method with new iteration functions. Compare to the previous parallel r-adding walk, generally the new method can reduce the size of the space that is being searched by a factor of 4 with the additional costs of 2 field multiplications and 1 squaring at each iteration step for computing elliptic curve discrete logarithms.

[1]  Iwan M. Duursma,et al.  Speeding up the Discrete Log Computation on Curves with Automorphisms , 1999, ASIACRYPT.

[2]  Jean-Jacques Quisquater,et al.  How Easy is Collision Search. New Results and Applications to DES , 1989, CRYPTO.

[3]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[4]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[5]  B. Harris PROBABILITY DISTRIBUTIONS RELATED TO RANDOM MAPPINGS , 1960 .

[6]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[7]  Arjen K. Lenstra,et al.  On the Use of the Negation Map in the Pollard Rho Method , 2010, ANTS.

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[10]  R. Gallant,et al.  Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves , 1998 .

[11]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[12]  Edlyn Teske,et al.  Speeding Up Pollard's Rho Method for Computing Discrete Logarithms , 1998, ANTS.

[13]  Ping Wang,et al.  Computing elliptic curve discrete logarithms with the negation map , 2012, Inf. Sci..

[14]  Rizos Sakellariou,et al.  PARALLEL ALGORITHMS FOR INTEGER FACTORISATION , 1993 .

[15]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[16]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[17]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[18]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[19]  Jean-Jacques Quisquater,et al.  How Easy is Collision Search? Application to DES (Extended Summary) , 1990, EUROCRYPT.

[20]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[21]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[22]  Tanja Lange,et al.  Breaking ECC2K-130 , 2009, IACR Cryptol. ePrint Arch..

[23]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[24]  Arjen K. Lenstra,et al.  Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction , 2012, Int. J. Appl. Cryptogr..

[25]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[26]  Dan Boneh,et al.  Digital Signature Standard , 2005, Encyclopedia of Cryptography and Security.