The parallelized Pollard kangaroo method in real quadratic function

Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution of the divisor class number, and by using the relatively inexpensive baby steps in the real quadratic model of a hyperelliptic function field. Furthermore, we provide examples for regulators and class numbers of hyperelliptic function fields of genus 3 that are larger than those ever reported before. 1

The Pohlig-Hellman Method Generalized for Group Structure Computation

this paper, we give an algorithm which uses the Pohlig-Hellman method to find such a solution (y; x). Our algorithm has the advantage that apart from an O(log jGj) term, its run time is the 0747--7171/90/000000 + 00 $03.00/0 c fl 1999 Academic Press Limited 2 EDLYN TESK

Speeding Up Pollard's Rho Method For Computing Discrete Logarithms

. In Pollard's rho method, an iterating function f is used to define a sequence (y i ) by y i+1 = f(y i ) for i = 0; 1; 2; : : : , with some starting value y 0 . In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their performances in experiments with elliptic curve groups. Our experiments show that one of our newly defined functions is expected to reduce the number of steps by a factor of approximately 0:8, in comparison with Pollard's originally used function, and we show that this holds independently of the size of the group order. For group orders large enough such that the run time for precomputation can be neglected, this means a real-time speed-up of more than 1:2. 1. Introduction Let G be a finite cyclic group, written multiplicatively, and generated by the group element g. Given an element h in G, we wish to find the least non-negative number x such that g x = h. This problem is the discre..

A space efficient algorithm for group structure computation

Abstract. We present a new algorithm for computing the structure of a finite abelian group, which has to store only a fixed, small number of group elements, independent of the group order. We estimate the computational complexity by counting the group operations such as multiplications and equality checks. Under some plausible assumptions, we prove that the expected run time is O ( √ n)(withndenoting the group order), and we explicitly determine the Oconstants. We implemented our algorithm for ideal class groups of imaginary quadratic orders and present experimental results. 1

An Elliptic Curve Trapdoor System

We propose an elliptic curve trapdoor system which is of interest in key escrow applications. In this system, a pair ($E_{\rm s}, E_{\rm pb}$) of elliptic curves over \F_{2^{161}} is constructed with the following properties: (i) the Gaudry-Hess-Smart Weil descent attack reduces the elliptic curve discrete logarithm problem (ECDLP) in E_{\rm s}(\F_{2^{161}}) to a hyperelliptic curve DLP in the Jacobian of a curve of genus 7 or 8, which is computationally feasible, but by far not trivial; (ii) $E_{\rm pb}$ is isogenous to $E_{\rm s}$; (iii) the best attack on the ECDLP in E_{\rm pb}(\F_{2^{161}}) is the parallelized Pollard rho method.\\ The curve $E_{\rm pb}$ is used just as usual in elliptic curve cryptosystems. The curve $E_{\rm s} is submitted to a trusted authorityfor the purpose of key escrow. The crucial difference from other key escrow scenarios is that the trusted authority has to invest a considerable amount of computation to compromise a user\u27s private key, which makes applications such as widespread wire-tapping impossible