Toward a theory of Pollard's rho method
Information and Computation
On random walks for Pollard's Rho method
Mathematics of Computation
Random Cayley Digraphs and the Discrete Logarithm
ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
The Cauchy-Schwarz Master Class: An Introduction to the Art of Mathematical Inequalities
The Cauchy-Schwarz Master Class: An Introduction to the Art of Mathematical Inequalities
Applications of cayley graphs, bilinearity, and higher-order residues to cryptology
Applications of cayley graphs, bilinearity, and higher-order residues to cryptology
Mathematical aspects of mixing times in Markov chains
Foundations and Trends® in Theoretical Computer Science
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Mathematical aspects of mixing times in Markov chains
Foundations and Trends® in Theoretical Computer Science
On the efficiency of Pollard's rho method for discrete logarithms
CATS '08 Proceedings of the fourteenth symposium on Computing: the Australasian theory - Volume 77
How long does it take to catch a wild kangaroo?
Proceedings of the forty-first annual ACM symposium on Theory of computing
ANTS-VIII'08 Proceedings of the 8th international conference on Algorithmic number theory
| Hi-index | 0.00 |
We show that the classical Pollard ρ algorithm for discrete logarithms produces a collision in expected time $O(\sqrt{n}(\log n)^3)$. This is the first nontrivial rigorous estimate for the collision probability for the unaltered Pollard ρ graph, and is close to the conjectured optimal bound of $O(\sqrt{n})$. The result is derived by showing that the mixing time for the random walk on this graph is O((logn)3); without the squaring step in the Pollard ρ algorithm, the mixing time would be exponential in logn. The technique involves a spectral analysis of directed graphs, which captures the effect of the squaring step.