Cryptology ePrint Archive: Report 2015/605

Computing Elliptic Curve Discrete Logarithms with Improved Baby-step Giant-step Algorithm

Steven D. Galbraith and Ping Wang and Fangguo Zhang

Abstract: The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step-giant-step algorithm (BSGS) or Pollard rho. Montgomery's simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points $X$ and $Y$, we can efficiently get $X-Y$ when we compute $X+Y$. We apply these ideas to speed up the baby-step-giant-step algorithm. Compared to the previous methods, the new methods can achieve a significant speedup for computing elliptic curve discrete logarithms.

Another contribution of our paper is to give an analysis of the average-case running time of Bernstein and Lange's ``grumpy giants and a baby'' algorithm, and also to consider this algorithm in the case of groups with efficient inversion.

Our conclusion is that, in the fully-optimised context, both the interleaved BSGS and grumpy-giants algorithms have superior average-case running time compared with Pollard rho.

Category / Keywords: public-key cryptography / baby-step giant-step, elliptic curve discrete logarithm, negation map

Date: received 18 Jun 2015

Contact author: s galbraith at math auckland ac nz

Available format(s): PDF | BibTeX Citation

Version: 20150628:192221 (All versions of this report)

Short URL: ia.cr/2015/605

Discussion forum: Show discussion | Start new discussion