On the Correct Use of the Negation Map in the Pollard rho Method

  • Daniel J. Bernstein
  • Tanja Lange
  • Peter Schwabe
Conference paper

DOI: 10.1007/978-3-642-19379-8_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6571)
Cite this paper as:
Bernstein D.J., Lange T., Schwabe P. (2011) On the Correct Use of the Negation Map in the Pollard rho Method. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds) Public Key Cryptography – PKC 2011. PKC 2011. Lecture Notes in Computer Science, vol 6571. Springer, Berlin, Heidelberg

Abstract

Bos, Kaihara, Kleinjung, Lenstra, and Montgomery recently showed that ECDLPs on the 112-bit secp112r1 curve can be solved in an expected time of 65 years on a PlayStation 3. This paper shows how to solve the same ECDLPs at almost twice the speed on the same hardware. The improvement comes primarily from a new variant of Pollard’s rho method that fully exploits the negation map without branching, and secondarily from improved techniques for modular arithmetic.

Keywords

Elliptic curves discrete-logarithm problem negation map branchless algorithms SIMD 
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
  • Tanja Lange
    • 2
  • Peter Schwabe
    • 2
  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands

Personalised recommendations