Abstract
Some of the most efficient algorithms for finding the discrete logarithm involve pseudo-random implementations of Markov chains, with one or more “walks” proceeding until a collision occurs, i.e. some state is visited a second time. In this paper we develop a method for determining the expected time until the first collision. We use our technique to examine three methods for solving discrete-logarithm problems: Pollard’s Kangaroo, Pollard’s Rho, and a few versions of Gaudry-Schost. For the Kangaroo method we prove new and fairly precise matching upper and lower bounds. For the Rho method we prove the first rigorous non-trivial lower bound, and under a mild assumption show matching upper and lower bounds. Our Gaudry-Schost results are heuristic, but improve on the prior limited understanding of this method. We also give results for parallel versions of these algorithms.
R. Montenegro—Supported by a Japan Society for Promotion of Science (JSPS) Fellowship while a guest at Kyushu University.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bailey, D., Batina, L., Bernstein, D., Birkner, P., Bos, J., Chen, H.-C., Cheng, C.-M., Van Damme, G., de Meulenaer, G., Perez, L.J.D., Fan, J., Güneysu, T., Gürkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsade, L., Van Herrewege, A., Yang, B-Y.: “Breaking ECC2K-130,” Cryptology ePrint Archive, Report 2009/541 (2009). https://eprint.iacr.org/2009/541
Bernstein, D.J., Lange, T.: Two grumpy giants and a baby. In: ANTS X: Proceedings of the 10th International Symposium on Algorithmic Number Theory. Mathematical Sciences Publishers (2013)
Blackburn, S., Scott, S.: The discrete logarithm problem for exponents of bounded height. In: ANTS XI: Proceedings of the 11th International Symposium on Algorithmic Number Theory. LMS J. Comput. Math 17, 148–156 (2014)
Blackburn, S., Murphy, S.: The number of partitions in Pollard Rho, Unpublished note : Later made available as Technical report RHUL-MA-2011-11 (Department of Mathematics, p. 2011. University of London, Royal Holloway (1998)
Galbraith, S.D., Pollard, J.M., Ruprai, R.S.: Computing discrete logarithms in an interval. Math. Comp. 82, 1181–1195 (2013)
Galbraith, S., Ruprai, R.S.: An improvement to the Gaudry-Schost algorithm for multidimensional discrete logarithm problems. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 368–382. Springer, Heidelberg (2009)
Gaudry, P., Schost, É.: A low-memory parallel version of Matsuo, Chao, and Tsujii’s algorithm. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 208–222. Springer, Heidelberg (2004)
Hildebrand, M.: On the Chung-Diaconis-Graham random process. Electron. Comm. Probab. 11, 347–356 (2006)
Kim, J-H., Montenegro, R., Tetali, P.: Near Optimal Bounds for Collision in Pollard Rho for Discrete Log. In: IEEE Proc. of the Symposium on Foundations of Computer Science (FOCS 2007), pp. 215–223 (2007)
Kim, J.-H., Montenegro, R., Peres, Y., Tetali, P.: A Birthday Paradox for Markov chains, with an optimal bound for collision in the Pollard Rho Algorithm for Discrete Logarithm. The Annals of Applied Probability 20(2), 495–521 (2010)
Matsumoto, M., Nishimura, T.: Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator. ACM Transactions on Modeling and Computer Simulation 8(1), 3–30 (1998)
Miller, S.D., Venkatesan, R.: Spectral analysis of Pollard rho collisions. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 573–581. Springer, Heidelberg (2006)
Montenegro, R., Tetali, P.: How long does it take to catch a wild kangaroo?. In: Proc. of 41st ACM Symposium on Theory of Computing (STOC 2009), pp. 553–559 (2009). Citations refer to an improved version at http://arxiv.org/pdf/0812.0789v2.pdf
Nishimura, K., Shibuya, M.: Probability to meet in the middle. Journal of Cryptology 2(1), 13–22 (1990)
Pollard, J.: Monte Carlo methods for index computation mod p. Mathematics of Computation 32(143), 918–924 (1978)
Pollard, J.: Kangaroos, Monopoly and Discrete Logarithms. Journal of Cryptology 13(4), 437–447 (2000)
Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)
Teske, E.: Speeding up Pollard’s rho method for computing discrete logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 541–554. Springer, Heidelberg (1998)
Rosini, M.D.: Applications. In: Rosini, M.D. (ed.) Macroscopic Models for Vehicular Flows and Crowd Dynamics: Theory and Applications. UCS, vol. 12, pp. 217–226. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 International Association for Cryptologic Research
About this paper
Cite this paper
Kijima, S., Montenegro, R. (2015). Collision of Random Walks and a Refined Analysis of Attacks on the Discrete Logarithm Problem. In: Katz, J. (eds) Public-Key Cryptography -- PKC 2015. PKC 2015. Lecture Notes in Computer Science(), vol 9020. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46447-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-662-46447-2_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46446-5
Online ISBN: 978-3-662-46447-2
eBook Packages: Computer ScienceComputer Science (R0)