On the efficiency of Pollard's rho method for discrete logarithms
CATS '08 Proceedings of the fourteenth symposium on Computing: the Australasian theory - Volume 77
ANTS-VIII'08 Proceedings of the 8th international conference on Algorithmic number theory
| Hi-index | 0.00 |
We analyze a fairly standard idealization of Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in {\rm O}(\sqrt {\left| G \right|\log \left| G \right|\log \log \left| G \right|} ) steps, not far from the widely conjectured value of \Theta (\sqrt {\left| G \right|} ). This improves upon a recent result of Miller-Venkatesan which showed an upper bound of {\rm O}(\sqrt {\left| G \right|} \log ^3 \left| G \right|). Our proof is based on analyzing an appropriate nonreversible, non-lazy random walk on a discrete cycle of (odd) length \left| G \right|, and showing that the mixing time of the corresponding walk is {\rm O}(\log \left| G \right|\log \log \left| G \right|).