Author(s)： Masaya Yasuda, Tetsuya Izu, Takeshi Shimoyama and Jun Kogure

J. Math-for-Ind. 3B (2011) 107-112.

• File： JMI2011B-3.pdf (138KB)

Abstract
Pollard's rho method is the asymptotically fastest known attack for the elliptic curve discrete logarithm problem (ECDLP) except special cases. It works by giving a pseudo-random sequence defined by an iteration function and then detecting a collision in the sequence. We note that the number of iterations before obtaining a collision is significant for the running time of the rho method and depends on the choice of an iteration function. For many iteration functions suitable for the ECDLP on elliptic curves except Koblitz curves, the number of iterations before obtaining a collision had been investigated. In this paper, we propose a new iteration function on Koblitz curves which is an extension of the iteration function proposed by Gallant et al. and analyze the performance on our iteration function experimentally.

Keyword(s).　 Pollard's rho method, ECDLP, Koblitz curves, Frobenius map