Near Optimal Bounds for Collision in Pollard Rho for Discrete Log

We analyze a fairly standard idealization of Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in $O(\sqrt{|G|\log |G| \log \log |G|})$ steps, not far from the widely conjectured value of $\Theta(\sqrt{|G|})$. This improves upon a recent result of Miller--Venkatesan which showed an upper bound of $O(\sqrt{|G|}\log^3 |G|)$. Our proof is based on analyzing an appropriate nonreversible, non-lazy random walk on a discrete cycle of (odd) length |G|, and showing that the mixing time of the corresponding walk is $O(\log |G| \log \log |G|)$

Collision Finding with Many Classical or Quantum Processors

In this thesis, we investigate the cost of finding collisions in a black-box function, a problem that is of fundamental importance in cryptanalysis. Inspired by the excellent performance of the heuristic rho method of collision finding, we define several new models of complexity that take into account the cost of moving information across a large space, and lay the groundwork for studying the performance of classical and quantum algorithms in these models

Random Cayley Digraphs and the Discrete Logarithm

Abstract. We formally show that there is an algorithm for dlog over all abelian groups that runs in expected optimal time (up to logarithmic factors) and uses only a small amount of space. To our knowledge, this is the first such analysis. Our algorithm is a modification of the classic Pollard rho, introducing explicit randomization of the parameters for the updating steps of the algorithm, and is analyzed using random walks with limited independence over abelian groups (a study which is of its own interest). Our analysis shows that finding cycles in such large graphs over groups that can be efficiently locally navigated is as hard as dlog.

Random Cayley Digraphs and the Discrete Logarithm (Extended Abstract)

Jeremy Horwitz and Ramarathnam Venkatesan Stanford University, Stanford, CA 94305, USA [email protected] Microsoft Research, Redmond, WA 98052, USA [email protected] Abstract. We formally show that there is an algorithm for dlog over all abelian groups that runs in expected optimal time (up to logarithmic factors) and uses only a small amount of space. To our knowledge, this is the rst such analysis. Our algorithm is a modi cation of the classic Pollard rho, introducing explicit randomization of the parameters for the updating steps of the algorithm, and is analyzed using random walks with limited independence over abelian groups (a study which is of its own interest). Our analysis shows that nding cycles in such large graphs over groups that can be eciently locally navigated is as hard as dlog