Joppe W. Bos, Thorsten Kleinjung, and Arjen K. Lenstra
The negation map can be used to speed up the Pollard rho method to compute discrete logarithms in groups of elliptic curves over finite fields. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. As a result, fruitless cycles can be resolved, but the best speedup we managed to achieve is by a factor of only 1.29. Although this is less than the speedup factor of sqrt(2) generally reported in the literature, it is supported by practical evidence.
|Published in||Algorithmic Number Theory – ANTS-IX|
|Series||Lecture Notes in Computer Science|