Non-degeneracy of Pollard Rho Collisions
Stephen D. Miller, Ramarathnam Venkatesan
TL;DR
This paper proves that under certain conditions, Pollard Rho collisions reliably lead to solving discrete logarithms, confirming the algorithm's effectiveness with high probability.
Contribution
It establishes that for groups meeting a mild arithmetic condition, Pollard Rho collisions are nondegenerate and successfully compute discrete logs.
Findings
Pollard Rho has a sharp O(√n) collision time bound.
Under certain conditions, collisions are nondegenerate with high probability.
The results confirm the practical effectiveness of Pollard Rho for discrete log problems.
Abstract
The Pollard Rho algorithm is a widely used algorithm for solving discrete logarithms on general cyclic groups, including elliptic curves. Recently the first nontrivial runtime estimates were provided for it, culminating in a sharp O(sqrt(n)) bound for the collision time on a cyclic group of order n. In this paper we show that for n satisfying a mild arithmetic condition, the collisions guaranteed by these results are nondegenerate with high probability: that is, the Pollard Rho algorithm successfully finds the discrete logarithm.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsComplexity and Algorithms in Graphs · Cryptography and Data Security · Distributed systems and fault tolerance