Abstract
Pollard rho method and its parallelized variants are at present known as the best generic algorithms for computing elliptic curve discrete logarithms. We propose new iteration function for the rho method by exploiting the fact that point halving is more efficient than point addition for elliptic curves over binary fields. We present a careful analysis of the alternative rho method with new iteration function. Compared to the previous r-adding walk, generally the new method can achieve a significant speedup for computing elliptic curve discrete logarithms over binary fields. For instance, for certain NIST-recommended curves over binary fields, the new method is about 12–17% faster than the previous best methods.
Similar content being viewed by others
References
ANSI X9.62-199x: Public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ECDSA), January 13, (1998).
ANSI X9.63-199x: Public key cryptography for the financial services industry: elliptic curve key agreement and transport protocols, October 5, (1997).
Avanzi R., Cohen H., Doche C., Frey G., Lange T., Nguyen K., Vercauteren F.: Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005)
Bai S., Brent R.P.: On the efficiency of Pollard’s rho method for discrete logarithms. In: Harland J., Manyem P. (eds.) CATS 2008, pp. 125–131. Australian Computer Society, Wollongong (2008).
Bailey D.V., Baldwin B., Batina L., Bernstein D.J., Birkner P., Bos J.W., Damme G.V., Meulenaer G., Fan J., Güneysu T., Gurkaynak F., Kleinjung T., Lange T., Mentens N., Paar C., Regazzoni F., Schwabe P., Uhsadel L.: The certicom challenges ECC2-X. Cryptology ePrint Archive, Report 2009/466, (2009).
Bailey D.V., Batina L., Bernstein D.J., Birkner P., Bos J.W., Chen H., Cheng C., Damme G.V., Meulenaer G., Perez L.J.D., Fan J., Guneysu T., Gurkaynak F., Kleinjung T., Lange T., Mentens N., Niederhagen R., Paar C., Regazzoni F., Schwabe P., Uhsadel L., Herrewege A.V., Yang B.: “Breaking ECC2K-130”, Cryptology ePrint Archive, Report 2009/541, (2009).
Bernstein D.J.: “Batch binary Edwards”, In Crypto 2009, LNCS, vol. 5677, pp. 317–336. Springer, Berlin (2009).
Bernstein D.J., Lange T., Schwabe P.: On the correct use of the negation map in the Pollard rho method. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds.) PKC 2011, LNCS, vol. 6571. Springer, Heidelberg (2011).
Bessalov A.V.: A method of solution of the problem of taking the discrete logarithm on an elliptic curve by division of points by two. Cybern. Syst. Anal. 37(6), 820–823 (2001)
Bos J.W., Kleinjung T., Lenstra A.K.: On the use of the negation map in the Pollard Rho method. In: Hanrot G., Morain F., Thomé E. (eds.) ANTS IX, LNCS, vol. 6197, pp. 66–82. Springer, Heidelberg (2010).
Brent R.P., Pollard J.M.: Factorization of the eighth Fermat number. Math. Comput. 36, 627–630 (1981)
Cohen H.: A course in computational algebraic number theory. Graduate texts in mathematics, vol. 138. Springer-Verlag, Berlin (1993)
Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inform. Theory. 22, 644–654 (1976)
FIPS 186-2: Digital signature standard. Federal information processing standards publication 186-2, February (2000).
Fong K., Hankerson D., Lopez J., Menezes A.: Field inversion and point halving revisited. IEEE Trans. Comput. 53(8), 1047–1059 (2004)
Gallant R., Lambert R., Vanstone S.: Improving the parallelized Pollard lambda search on binary anomalous curves. Math. Comput. 69, 1699–1705 (1999)
Harley R.: Elliptic curve discrete logarithms project, Avaliable from http://pauillac.inria.fr/~harley/ecdl/.
Harris B.: Probability distribution related to random mappings. Ann. Math. Stat. 31, 1045–1062 (1960)
Knudsen E.: Elliptic scalar multiplication using point halving. Advances in Cryptology-ASIACRYPT’99, Lecture Notes in Computer Science 1716, 135–149 (1999).
Koblitz N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)
Miller V.: Use of elliptic curves in cryptography. Advances in cryptology: proceedings of Crypto’85, LNCS 218, pp. 417–426. Springer-Verlag, New York (1986).
Montgomery P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)
National Institute for Standards and Technology: Digital signature standard. Federal information processing standard, U.S. Department of Commerce, FIPS PUB 186, Washington, DC (1994).
Pollard J.M.: A Monte Carlo method for factorization. BIT 15(3), 331–335 (1975)
Pollard J.M.: Monte Carlo methods for index computation mod p. Math. Comp. 32, 918–924 (1978)
Sattler J., Schnorr C.P.: Generating random walks in groups. Ann. Univ. Sci. Budapest. Sect. Comput. 6, 65–79 (1985)
Schnorr C.P., Lenstra H.W.: A Monte Carlo factoring algorithm with linear storage. Math. Comp. 43(167), 289–311 (1984)
Schroeppel R.: Elliptic curve point halving wins big. 2nd midwest arithmetical geometry in cryptography workshop, Urbana (2000).
Schroeppel R.: Elliptic curve point ambiguity resolution apparatus and method. International Application Number PCT/US00/31014, filed 9 November 2000, publication number WO 01/35573 A1, 17 May (2001).
Teske E.: Speeding up Pollard’s rho method for computing discrete logarithms. In: Algorithmic Number Theory Symposium (ANTS IV), LNCS 1423, pp. 541–553. Springer-Verlag, Berlin (1998).
Teske E.: On random walks for Pollard’s rho method. Math. Comput. 70(234), 809–825 (2001)
van Oorschot P., Wiener M.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12, 1–28 (1999)
Wiener M., Zuccherato R.: Faster attacks on elliptic curve cryptosystems. Selected areas in cryptography’98, LNCS 1556, pp. 190–200, Springer-Verlag, Berlin (1998).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S. D. Galbraith.
Rights and permissions
About this article
Cite this article
Zhang, F., Wang, P. Speeding up elliptic curve discrete logarithm computations with point halving. Des. Codes Cryptogr. 67, 197–208 (2013). https://doi.org/10.1007/s10623-011-9599-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-011-9599-5