Skip to main content
SpringerLink
Log in

Speeding up elliptic curve discrete logarithm computations with point halving

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Pollard rho method and its parallelized variants are at present known as the best generic algorithms for computing elliptic curve discrete logarithms. We propose new iteration function for the rho method by exploiting the fact that point halving is more efficient than point addition for elliptic curves over binary fields. We present a careful analysis of the alternative rho method with new iteration function. Compared to the previous r-adding walk, generally the new method can achieve a significant speedup for computing elliptic curve discrete logarithms over binary fields. For instance, for certain NIST-recommended curves over binary fields, the new method is about 12–17% faster than the previous best methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • ANSI X9.62-199x: Public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ECDSA), January 13, (1998).

  • ANSI X9.63-199x: Public key cryptography for the financial services industry: elliptic curve key agreement and transport protocols, October 5, (1997).

  • Avanzi R., Cohen H., Doche C., Frey G., Lange T., Nguyen K., Vercauteren F.: Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton (2005)

    Google Scholar 

  • Bai S., Brent R.P.: On the efficiency of Pollard’s rho method for discrete logarithms. In: Harland J., Manyem P. (eds.) CATS 2008, pp. 125–131. Australian Computer Society, Wollongong (2008).

  • Bailey D.V., Baldwin B., Batina L., Bernstein D.J., Birkner P., Bos J.W., Damme G.V., Meulenaer G., Fan J., Güneysu T., Gurkaynak F., Kleinjung T., Lange T., Mentens N., Paar C., Regazzoni F., Schwabe P., Uhsadel L.: The certicom challenges ECC2-X. Cryptology ePrint Archive, Report 2009/466, (2009).

  • Bailey D.V., Batina L., Bernstein D.J., Birkner P., Bos J.W., Chen H., Cheng C., Damme G.V., Meulenaer G., Perez L.J.D., Fan J., Guneysu T., Gurkaynak F., Kleinjung T., Lange T., Mentens N., Niederhagen R., Paar C., Regazzoni F., Schwabe P., Uhsadel L., Herrewege A.V., Yang B.: “Breaking ECC2K-130”, Cryptology ePrint Archive, Report 2009/541, (2009).

  • Bernstein D.J.: “Batch binary Edwards”, In Crypto 2009, LNCS, vol. 5677, pp. 317–336. Springer, Berlin (2009).

  • Bernstein D.J., Lange T., Schwabe P.: On the correct use of the negation map in the Pollard rho method. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds.) PKC 2011, LNCS, vol. 6571. Springer, Heidelberg (2011).

  • Bessalov A.V.: A method of solution of the problem of taking the discrete logarithm on an elliptic curve by division of points by two. Cybern. Syst. Anal. 37(6), 820–823 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  • Bos J.W., Kleinjung T., Lenstra A.K.: On the use of the negation map in the Pollard Rho method. In: Hanrot G., Morain F., Thomé E. (eds.) ANTS IX, LNCS, vol. 6197, pp. 66–82. Springer, Heidelberg (2010).

  • Brent R.P., Pollard J.M.: Factorization of the eighth Fermat number. Math. Comput. 36, 627–630 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  • Cohen H.: A course in computational algebraic number theory. Graduate texts in mathematics, vol. 138. Springer-Verlag, Berlin (1993)

    Google Scholar 

  • Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inform. Theory. 22, 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  • FIPS 186-2: Digital signature standard. Federal information processing standards publication 186-2, February (2000).

  • Fong K., Hankerson D., Lopez J., Menezes A.: Field inversion and point halving revisited. IEEE Trans. Comput. 53(8), 1047–1059 (2004)

    Article  Google Scholar 

  • Gallant R., Lambert R., Vanstone S.: Improving the parallelized Pollard lambda search on binary anomalous curves. Math. Comput. 69, 1699–1705 (1999)

    Article  MathSciNet  Google Scholar 

  • Harley R.: Elliptic curve discrete logarithms project, Avaliable from http://pauillac.inria.fr/~harley/ecdl/.

  • Harris B.: Probability distribution related to random mappings. Ann. Math. Stat. 31, 1045–1062 (1960)

    Article  MATH  Google Scholar 

  • Knudsen E.: Elliptic scalar multiplication using point halving. Advances in Cryptology-ASIACRYPT’99, Lecture Notes in Computer Science 1716, 135–149 (1999).

  • Koblitz N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  • Miller V.: Use of elliptic curves in cryptography. Advances in cryptology: proceedings of Crypto’85, LNCS 218, pp. 417–426. Springer-Verlag, New York (1986).

  • Montgomery P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)

    Article  MATH  Google Scholar 

  • National Institute for Standards and Technology: Digital signature standard. Federal information processing standard, U.S. Department of Commerce, FIPS PUB 186, Washington, DC (1994).

  • Pollard J.M.: A Monte Carlo method for factorization. BIT 15(3), 331–335 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  • Pollard J.M.: Monte Carlo methods for index computation mod p. Math. Comp. 32, 918–924 (1978)

    MathSciNet  MATH  Google Scholar 

  • Sattler J., Schnorr C.P.: Generating random walks in groups. Ann. Univ. Sci. Budapest. Sect. Comput. 6, 65–79 (1985)

    MathSciNet  MATH  Google Scholar 

  • Schnorr C.P., Lenstra H.W.: A Monte Carlo factoring algorithm with linear storage. Math. Comp. 43(167), 289–311 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  • Schroeppel R.: Elliptic curve point halving wins big. 2nd midwest arithmetical geometry in cryptography workshop, Urbana (2000).

  • Schroeppel R.: Elliptic curve point ambiguity resolution apparatus and method. International Application Number PCT/US00/31014, filed 9 November 2000, publication number WO 01/35573 A1, 17 May (2001).

  • Teske E.: Speeding up Pollard’s rho method for computing discrete logarithms. In: Algorithmic Number Theory Symposium (ANTS IV), LNCS 1423, pp. 541–553. Springer-Verlag, Berlin (1998).

  • Teske E.: On random walks for Pollard’s rho method. Math. Comput. 70(234), 809–825 (2001)

    MathSciNet  MATH  Google Scholar 

  • van Oorschot P., Wiener M.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12, 1–28 (1999)

    Article  MATH  Google Scholar 

  • Wiener M., Zuccherato R.: Faster attacks on elliptic curve cryptosystems. Selected areas in cryptography’98, LNCS 1556, pp. 190–200, Springer-Verlag, Berlin (1998).

Download references

Author information

Authors and Affiliations

  1. School of Information Science and Technology, Sun Yat-sen University, Guangzhou, 510006, China

    Fangguo Zhang & Ping Wang

Authors
  1. Fangguo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ping Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fangguo Zhang.

Additional information

Communicated by S. D. Galbraith.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhang, F., Wang, P. Speeding up elliptic curve discrete logarithm computations with point halving. Des. Codes Cryptogr. 67, 197–208 (2013). https://doi.org/10.1007/s10623-011-9599-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-011-9599-5

Keywords

Mathematics Subject Classification (2000)

Search

Navigation