Cryptology ePrint Archive: Report 2012/087

Collision Bounds for the Additive Pollard Rho Algorithm for Solving Discrete Logarithms

Joppe W. Bos and Alina Dudeanu and Dimitar Jetchev

Abstract: We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group $G$. Unlike the setting studied by Kim et al. we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound $O(\sqrt{|G|})$ by a factor of $\sqrt{\log{|G|}}$ and are based on mixing time estimates for random walks on finite abelian groups due to Hildebrand.

Category / Keywords: Pollard rho, additive walk, collision bound, random walk, mixing times

Date: received 23 Feb 2012

Contact author: joppe bos at epfl ch

Available formats: PDF | BibTeX Citation

Version: 20120223:215243 (All versions of this report)

Discussion forum: Show discussion | Start new discussion