. In Pollard's rho method, an iterating function f is used to define a sequence (y i ) by y i+1 = f(y i ) for i = 0; 1; 2; : : : , with some starting value y 0 . In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their performances in experiments with elliptic curve groups. Our experiments show that one of our newly defined functions is expected to reduce the number of steps by a factor of approximately 0:8, in comparison with Pollard's originally used function, and we show that this holds independently of the size of the group order. For group orders large enough such that the run time for precomputation can be neglected, this means a real-time speed-up of more than 1:2. 1. Introduction Let G be a finite cyclic group, written multiplicatively, and generated by the group element g. Given an element h in G, we wish to find the least non-negative number x such that g x = h. This problem is the discre...

Summary. Markov chains on finite sets are used in a great variety of situations to approximate, understand and sample from their limit distribution. A familiar example is provided by card shuffling methods. From this viewpoint, one is interested in the “mixing time ” of the chain, that is, the time at which the chain gives a good approximation of the limit distribution. A remarkable phenomenon known as the cut-off phenomenon asserts that this often happens abruptly so that it really makes sense to talk about “the mixing time”. Random walks on finite groups generalize card shuffling models by replacing the symmetric group by other finite groups. One then would like to understand how the structure of a particular class of groups relates to the mixing time of natural random walks on those groups. It turns out that this is an extremely rich problem which is very far to be understood. Techniques from a great

This paper considers "lazy" random walks supported on a random subset of k elements of a finite group G with order n. If k = da log 2 ne where a ? 1 is constant, then most such walks take no more than a multiple of log 2 n steps to get close to uniformly distributed on G. If k = log 2 n + f(n) where f(n) ! 1 and f(n)= log 2 n ! 0 as n ! 1, then most such walks take no more than a multiple of (log 2 n) ln(log 2 n) steps to get close to uniformly distributed. To get these results, this paper extends techniques of Erdos and R'enyi and of Pak. Key words: Random walks, finite groups, uniform distribution. 1

E l e c t r o n

We bound the rate of convergence to stationarity for a signed generalization of the Bernoulli–Laplace diffusion model; this signed generalization is a Markov chain on the homogeneous space (Z2 ≀ Sn)/(Sr × Sn−r). Specifically, for r not too far from n/2, we determine that, to first order in n, 1 4n logn steps are both necessary and sufficient for total variation distance to become small. Moreover, for r not too far from n/2, we show that our signed generalization also exhibits the “cutoff phenomenon.” 1. Introduction. Consider the classical Bernoulli–Laplace model for the diffusion of gases through a membrane, in which at each step two randomly chosen balls from different urns are switched. How many steps does it take for this process to achieve near-randomness? This question was answered by Diaconis and Shahshahani (1987). Suppose that the balls also have charges and that, at each step, the two balls are not only switched, but their

This paper considers some random processes of the form Xn+1 = TXn + Bn (mod p) where Bn and Xn are random variables over (Z/pZ) d and T is a fixed dxd integer matrix which is invertible over the complex numbers. For a particular distribution for Bn, this paper improves results of Asci to show that if T has no complex eigenvalues of length 1, then for integers p relatively prime to det(T), order (log p) 2 steps suffice to make Xn close to uniformly distributed where X0 is the zero vector. This paper also shows that if T has a complex eigenvalue which is a root of unity, then order p b steps are needed for Xn to get close to uniform where b is a value which may depend on T and X0 is the zero vector. 1 1