8 research outputs found
Collision Times in Multicolor Urn Models and Sequential Graph Coloring With Applications to Discrete Logarithms
Consider an urn model where at each step one of colors is sampled
according to some probability distribution and a ball of that color is placed
in an urn. The distribution of assigning balls to urns may depend on the color
of the ball. Collisions occur when a ball is placed in an urn which already
contains a ball of different color. Equivalently, this can be viewed as
sequentially coloring a complete -partite graph wherein a collision
corresponds to the appearance of a monochromatic edge. Using a Poisson
embedding technique, the limiting distribution of the first collision time is
determined and the possible limits are explicitly described. Joint distribution
of successive collision times and multi-fold collision times are also derived.
The results can be used to obtain the limiting distributions of running times
in various birthday problem based algorithms for solving the discrete logarithm
problem, generalizing previous results which only consider expected running
times. Asymptotic distributions of the time of appearance of a monochromatic
edge are also obtained for other graphs.Comment: Minor revision. 35 pages, 2 figures. To appear in Annals of Applied
Probabilit
Computing Discrete Logarithms in an Interval
The discrete logarithm problem in an interval of size in a group is: Given and an integer to find an integer , if it exists, such that . Previously the best low-storage algorithm to solve this problem was the van Oorschot and Wiener version of the Pollard kangaroo method. The heuristic average case running time of this method is group operations.
We present two new low-storage algorithms for the discrete logarithm problem in an interval of size . The first algorithm is based on the Pollard kangaroo method, but uses 4 kangaroos instead of the usual two. We explain why this algorithm has heuristic average case expected running time of group operations. The second algorithm is based on the Gaudry-Schost algorithm and the ideas of our first algorithm. We explain why this algorithm has heuristic average case expected running time of group operations. We give experimental results that show that the methods do work close to that predicted by the theoretical analysis.
This is a revised version since the published paper that contains a corrected proof of Theorem 6 (the statement of Theorem 6 is unchanged). We thank Ravi Montenegro for pointing out the errors
Generation of independent points on elliptic curves by means of Mordell--Weil lattices
This article develops a novel method of generating \u27\u27independent\u27\u27 points on an ordinary elliptic curve over a finite field of large characteristic. Such points are actively used, e.g., in the Pedersen vector commitment scheme and its modifications. The conventional generation consists in sampling points successively via a hash function to the elliptic curve. The new generation method equally satisfies the NUMS (Nothing Up My Sleeve) principle, but it works faster on average. In other words, instead of finding each point separately, it is suggested to sample several points at once with a non-small probability. Moreover, explicit formulas are represented for up to four \u27\u27independent\u27\u27 points on any curve of -invariant . Such curves are known to be very popular in elliptic cryptography
Recovering cryptographic keys from partial information, by example
Side-channel attacks targeting cryptography may leak only partial or indirect information about the secret keys. There are a variety of techniques in the literature for recovering secret keys from partial information. In this tutorial, we survey several of the main families of partial key recovery algorithms for RSA, (EC)DSA, and (elliptic curve) Diffie-Hellman, the public-key cryptosystems in common use today. We categorize the known techniques by the structure of the information that is learned by the attacker, and give simplified examples for each technique to illustrate the underlying ideas
An Improvement to the Gaudry-Schost Algorithm for Multidimensional Discrete Logarithm Problems
Abstract. Gaudry and Schost gave a low-memory algorithm for solving the 2-dimensional discrete logarithm problem. We present an improvement to their algorithm and extend this improvement to the general multidimensional DLP. An important component of the algorithm is a multidimensional pseudorandom walk which we analyse thoroughly in the 1 and 2 dimensional cases as well as giving some discussion for higher dimensions