Results 1 
7 of
7
Mathematical aspects of mixing times in markov chains
 FOUND. TRENDS THEOR. COMPUT. SCI
, 2006
"... ..."
Near Optimal Bounds for Collision in Pollard Rho for Discrete Log
 Proc. of the 48th Annual Symposium on Foundations of Computer Science (FOCS
, 2007
"... We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O ( � G  log 3 G). Our proof is based on analyzing an appropriate nonreversible, nonlazy random walk on a discrete cycle of (odd) length G, and showing that the mixing time of the corresponding walk is O(log G  log log G). 1
How Long Does it Take to Catch a Wild Kangaroo?
"... The discrete logarithm problem asks to solve for the exponent x, given the generator g of a cyclic group G and an element h ∈ G such that g x = h. We give the first rigorous proof that Pollard’s Kangaroo method finds the discrete logarithm in expected time (3+o(1)) √ b − a for the worst value of x ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The discrete logarithm problem asks to solve for the exponent x, given the generator g of a cyclic group G and an element h ∈ G such that g x = h. We give the first rigorous proof that Pollard’s Kangaroo method finds the discrete logarithm in expected time (3+o(1)) √ b − a for the worst value of x ∈ [a, b], and (2 + o(1)) √ b − a when x ∈uar [a, b]. This matches the conjectured time complexity and, rare among the analysis of algorithms based on Markov chains, even the lead constants 2 and 3 are correct.
for collision in the Pollard Rho Algorithm for Discrete Logarithm
, 712
"... chains, with an optimal bound ..."
A Near Optimal Bound for Pollard’s Rho to Solve Discrete Log
, 2007
"... We analyze the classical Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. We prove that, with high probability, a collision occurs and the discrete logarithm is potentially found in O ( √ G  log G  log log G) steps, not far from the widely conjectured value of Θ ..."
Abstract
 Add to MetaCart
We analyze the classical Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. We prove that, with high probability, a collision occurs and the discrete logarithm is potentially found in O ( √ G  log G  log log G) steps, not far from the widely conjectured value of Θ ( √ G). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O ( √ G  log 3 G). Our proof is based on analyzing an appropriate nonreversible, nonlazy random walk on a discrete cycle of (odd) length G, and showing that the mixing time of the corresponding walk is O(log G  log log G). We also observe that the standard methods using functionalanalytic constants (spectral gap, logarithmic Sobolev etc.), combinatorial comparison or standard coupling arguments fall short here and will at best offer a bound of O(log 2 G).
COLLISION BOUNDS FOR THE ADDITIVE POLLARD RHO ALGORITHM FOR SOLVING DISCRETE LOGARITHMS
"... Abstract. We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. Unlike the setting studied by Kim et al. we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds ..."
Abstract
 Add to MetaCart
Abstract. We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. Unlike the setting studied by Kim et al. we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound O ( √ G) by a factor of √ log G  and are based on mixing time estimates for random walks on finite abelian groups due to Hildebrand. 1.