Probability to meet in the middle
Journal of Cryptology
Improving the parallelized Pollard lambda search on anomalous binary curves
Mathematics of Computation
Faster Attacks on Elliptic Curve Cryptosystems
SAC '98 Proceedings of the Selected Areas in Cryptography
An Improved Pseudo-random Generator Based on Discrete Log
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
An Efficient Discrete Log Pseudo Random Generator
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Speeding up the Discrete Log Computation on Curves with Automorphisms
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Counting Points on Hyperelliptic Curves over Finite Fields
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
The Maximum of a Random Walk and Its Application to Rectangle Packing
The Maximum of a Random Walk and Its Application to Rectangle Packing
Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
How long does it take to catch a wild kangaroo?
Proceedings of the forty-first annual ACM symposium on Theory of computing
Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem
Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
An Improvement to the Gaudry-Schost Algorithm for Multidimensional Discrete Logarithm Problems
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Solving discrete logarithms from partial knowledge of the key
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Evaluating 2-DNF formulas on ciphertexts
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Security analysis of the strong diffie-hellman problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Reducing the key size of rainbow using non-commutative rings
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
A non-uniform birthday problem with applications to discrete logarithms
Discrete Applied Mathematics
Solving a discrete logarithm problem with auxiliary input on a 160-bit elliptic curve
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
On the strength comparison of the ECDLP and the IFP
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Hi-index | 0.00 |
The Pollard kangaroo method solves the discrete logarithm problem (DLP) in an interval of size N with heuristic average case expected running time approximately $2 \sqrt{N}$ group operations. It is well-known that the Pollard rho method can be sped-up by using equivalence classes (such as orbits of points under an efficiently computed group homomorphism), but such ideas have not been used for the DLP in an interval. Indeed, it seems impossible to implement the standard kangaroo method with equivalence classes. The main result of the paper is to give an algorithm, building on work of Gaudry and Schost, to solve the DLP in an interval of size N with heuristic average case expected running time of close to $1.36\sqrt{N}$ group operations for groups with fast inversion. In practice the algorithm is not quite this fast, due to the usual problems with pseudorandom walks such as fruitless cycles. In addition, we present experimental results.