Cryptology ePrint Archive: Report 2010/615

Using Equivalence Classes to Accelerate Solving the Discrete Logarithm Problem in a Short Interval

Steven D. Galbraith and Raminder S. Ruprai

Abstract: The Pollard kangaroo method solves the discrete logarithm problem (DLP) in an interval of size $N$ with heuristic average case expected running time approximately $2 \sqrt{N}$ group operations. A recent variant of the kangaroo method, requiring one or two inversions in the group, solves the problem in approximately $1.71 \sqrt{N}$ group operations. It is well-known that the Pollard rho method can be sped-up by using equivalence classes (such as orbits of points under an efficiently computed group homomorphism), but such ideas have not been used for the DLP in an interval. Indeed, it seems impossible to implement the standard kangaroo method with equivalence classes.

The main result of the paper is to give an algorithm, building on work of Gaudry and Schost, to solve the DLP in an interval of size $N$ with heuristic average case expected running time of close to $1.36\sqrt{N}$ group operations for groups with fast inversion. In practice the algorithm is not quite this fast, due to problems with pseudorandom walks going outside the boundaries of the search space, and due to the overhead of handling fruitless cycles. We present some experimental results.

This is the full version (with some minor corrections and updates) of the paper which was published in P. Q. Nguyen and D. Pointcheval (eds.), PKC 2010, Springer LNCS 6056 (2010) 368-383.

Category / Keywords: public-key cryptography / discrete logarithm problem (DLP), elliptic curves

Publication Info: Full version of paper from PKC 2010

Date: received 1 Dec 2010

Contact author: s galbraith at math auckland ac nz

Available formats: PDF | BibTeX Citation

Version: 20101208:172847 (All versions of this report)

Discussion forum: Show discussion | Start new discussion