Advertisement

On the Use of the Negation Map in the Pollard Rho Method

  • Joppe W. Bos
  • Thorsten Kleinjung
  • Arjen K. Lenstra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6197)

Abstract

The negation map can be used to speed up the Pollard rho method to compute discrete logarithms in groups of elliptic curves over finite fields. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. As a result, fruitless cycles can be resolved, but the best speedup we managed to achieve is by a factor of only 1.29. Although this is less than the speedup factor of \(\sqrt 2\) generally reported in the literature, it is supported by practical evidence.

Keywords

Pollard’s rho method fruitless cycles negation map 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Avanzi, R.M., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman & Hall/CRC (2006)Google Scholar
  2. 2.
    Bailey, D.V., et al.: Breaking ECC2K-130. In: Cryptology ePrint Archive, Report 2009/541 (2009), http://eprint.iacr.org/
  3. 3.
    Bos, J.W., Kaihara, M.E., Montgomery, P.L.: Pollard rho on the PlayStation 3. In: Workshop record of SHARCS 2009, pp. 35–50 (2009), http://www.hyperelliptic.org/tanja/SHARCS/record2.pdf
  4. 4.
    Brent, R.P., Pollard, J.M.: Factorization of the eighth Fermat number. Math. Comp. 36(154), 627–630 (1981)zbMATHMathSciNetGoogle Scholar
  5. 5.
    Certicom. Certicom ECC Challenge (1997), http://www.certicom.com/images/pdfs/cert_ecc_challenge.pdf
  6. 6.
  7. 7.
    Duursma, I.M., Gaudry, P., Morain, F.: Speeding up the discrete log computation on curves with automorphisms. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 103–121. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Escott, A.E., Sager, J.C., Selkirk, A.P.L., Tsapakidis, D.: Attacking elliptic curve cryptosystems using the parallel Pollard rho method. CryptoBytes Technical Newsletter 4(2), 15–19 (1999), ftp.rsasecurity.com/pub/cryptobytes/crypto4n2.pdf Google Scholar
  9. 9.
    Gallant, R.P., Lambert, R.J., Vanstone, S.A.: Improving the parallelized Pollard lambda search on anomalous binary curves. Math. Comp. 69(232), 1699–1705 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Harley, R.: Elliptic curve discrete logarithms project, http://pauillac.inria.fr/~harley/
  11. 11.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 48, 203–209 (1987)zbMATHMathSciNetGoogle Scholar
  12. 12.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  13. 13.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  14. 14.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comp. 48, 243–264 (1987)zbMATHMathSciNetGoogle Scholar
  15. 15.
    Pollard, J.M.: Monte Carlo methods for index computation (mod p). Math. Comp. 32, 918–924 (1978)zbMATHMathSciNetGoogle Scholar
  16. 16.
    Teske, E.: On random walks for Pollard’s rho method. Math. Comp. 70(234), 809–825 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Wiener, M.J., Zuccherato, R.J.: Faster attacks on elliptic curve cryptosystems. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 190–200. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joppe W. Bos
    • 1
  • Thorsten Kleinjung
    • 1
  • Arjen K. Lenstra
    • 1
  1. 1.Laboratory for Cryptologic AlgorithmsEPFLLausanneSwitzerland

Personalised recommendations