Results 11  20
of
56
A birthday paradox for Markov chains, with an optimal bound for collision in the Pollard rho algorithm for discrete logarithm. The Annals of Applied Probability
"... We show a Birthday Paradox for selfintersections of Markov chains with uniform stationary distribution. As an application, we analyze Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G and find that if the partition in the algorithm is given by a random oracle, then with ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
We show a Birthday Paradox for selfintersections of Markov chains with uniform stationary distribution. As an application, we analyze Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G and find that if the partition in the algorithm is given by a random oracle, then with high probability a collision occurs in ( √G) steps. Moreover, for the parallelized distinguished points algorithm on J processors we find that ( √G/J) steps suffices. These are the first proofs of the correct order bounds which do not assume that every step of the algorithm produces an i.i.d. sample from G. 1. Introduction. The Birthday Paradox
A Comparison of CEILIDH and XTR
 IN ALGORITHMIC NUMBER THEORY SYMPOSIUM (ANTS), SPRINGERVERLAG LNCS 3076
, 2004
"... We give a comparison of the performance of the recently proposed torusbased public key cryptosystem CEILIDH, and XTR. Underpinning both systems is the mathematics of the two dimensional algebraic torus T6(Fp). However, while they both attain the same discrete logarithm security and each achieve ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
We give a comparison of the performance of the recently proposed torusbased public key cryptosystem CEILIDH, and XTR. Underpinning both systems is the mathematics of the two dimensional algebraic torus T6(Fp). However, while they both attain the same discrete logarithm security and each achieve a compression factor of three for all data transmissions, the arithmetic performed in each is fundamentally different. In its inception, the designers of CEILIDH were reluctant to claim it offers any particular advantages over XTR other than its exact compression and decompression technique. From both an algorithmic and arithmetic perspective, we develop an e#cientversion of CEILIDH and show that while it seems bound to be inherently slower than XTR, the difference in performance is much smaller than what one might infer from the original description. Also, thanks to CEILIDH's simple group law, it provides a greater flexibility for applications, and maythus be considered a worthwhile alternative to XTR.
Weak Fields for ECC
, 2003
"... We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho meth ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We discuss the implications of our observations to elliptic curve cryptography, and list some open problems.
Near Optimal Bounds for Collision in Pollard Rho for Discrete Log
 Proc. of the 48th Annual Symposium on Foundations of Computer Science (FOCS
, 2007
"... We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O ( � G  log 3 G). Our proof is based on analyzing an appropriate nonreversible, nonlazy random walk on a discrete cycle of (odd) length G, and showing that the mixing time of the corresponding walk is O(log G  log log G). 1
The parallelized Pollard kangaroo method in real quadratic function
 Mathematics of Computation
"... Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution of the divisor class number, and by using the relatively inexpensive baby steps in the real quadratic model of a hyperelliptic function field. Furthermore, we provide examples for regulators and class numbers of hyperelliptic function fields of genus 3 that are larger than those ever reported before. 1.
Distributed Asymmetric Verification in Computational Grids
, 2008
"... Lucrative incentives in grid computing do not only attract honest participants, but also cheaters. To prevent selfish behavior, verification mechanisms are required. Today’s solutions mostly base on redundancy and inherently exhibit a considerable overhead. Often, however, the verification of a resu ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Lucrative incentives in grid computing do not only attract honest participants, but also cheaters. To prevent selfish behavior, verification mechanisms are required. Today’s solutions mostly base on redundancy and inherently exhibit a considerable overhead. Often, however, the verification of a result takes much less time than its computation. In this paper we propose a distributed checking scheme that exploits this asymmetry. Our mechanism detects wrong results and excludes cheaters in a distributed manner and hence disburdens the central grid server. We show how the verification scheme is used in an application which aims at breaking the discrete logarithm problem by a parallel implementation of the Pollardρ algorithm. Our implementation extends the BOINC server software and is robust to various rational attacks even in the presence of colluders.
Catching Kangaroos in Function Fields
, 1999
"... this paper we generalize the parallelized lambda method for computing invariants in real quadratic function fields. ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
this paper we generalize the parallelized lambda method for computing invariants in real quadratic function fields.
Random Cayley Digraphs and the Discrete Logarithm
 ANTSV), Lecture Notes in Computer Science
, 2002
"... Abstract. We formally show that there is an algorithm for dlog over all abelian groups that runs in expected optimal time (up to logarithmic factors) and uses only a small amount of space. To our knowledge, this is the first such analysis. Our algorithm is a modification of the classic Pollard rho, ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We formally show that there is an algorithm for dlog over all abelian groups that runs in expected optimal time (up to logarithmic factors) and uses only a small amount of space. To our knowledge, this is the first such analysis. Our algorithm is a modification of the classic Pollard rho, introducing explicit randomization of the parameters for the updating steps of the algorithm, and is analyzed using random walks with limited independence over abelian groups (a study which is of its own interest). Our analysis shows that finding cycles in such large graphs over groups that can be efficiently locally navigated is as hard as dlog. 1
Image Feature Extraction in Encrypted Domain with PrivacyPreserving SIFT
 IEEE Transactions on Image Processing
, 2012
"... Abstract — Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resourceabundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy p ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract — Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resourceabundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy preservation will be treated seriously. In view of the fact that scaleinvariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to target the importance of privacypreserving SIFT (PPSIFT) and to address the problem of secure SIFT feature extraction and representation in the encrypted domain. As all of the operations in SIFT must be moved to the encrypted domain, we propose a privacypreserving realization of the SIFT method based on homomorphic encryption. We show through the security analysis based on the discrete logarithm problem and RSA that PPSIFT is secure against ciphertext only attack and known plaintext attack. Experimental results obtained from different case studies demonstrate that the proposed homomorphic encryptionbased privacypreserving SIFT performs comparably to the original SIFT and that our method is useful in SIFTbased privacypreserving applications. Index Terms — Feature extraction, homomorphic encryption, privacy preserving, security, scaleinvariant feature transform
The Number of Partitions in Pollard Rho
, 2011
"... This technical report was originally a note dated 1 May 1998, not intended for publication. This version is identical to the original, though we’ve taken the opportunity to update references and correct a minor typo. 1 ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
This technical report was originally a note dated 1 May 1998, not intended for publication. This version is identical to the original, though we’ve taken the opportunity to update references and correct a minor typo. 1