## Journals

- Advances in Mathematics of Communications
- Big Data & Information Analytics
- Communications on Pure & Applied Analysis
- Discrete & Continuous Dynamical Systems - A
- Discrete & Continuous Dynamical Systems - B
- Discrete & Continuous Dynamical Systems - S
- Evolution Equations & Control Theory
- Inverse Problems & Imaging
- Journal of Computational Dynamics
- Journal of Dynamics & Games
- Journal of Geometric Mechanics
- Journal of Industrial & Management Optimization
- Journal of Modern Dynamics
- Kinetic & Related Models
- Mathematical Biosciences & Engineering
- Mathematical Control & Related Fields
- Mathematical Foundations of Computing
- Networks & Heterogeneous Media
- Numerical Algebra, Control & Optimization
- Electronic Research Announcements
- Conference Publications
- AIMS Mathematics

_{2}; the group $E(\mathbb F$

_{2n}$)$ has convenient features for efficient implementation of elliptic curve cryptography.

Wiener and Zuccherato and Gallant, Lambert and Vanstone showed that one can accelerate the Pollard rho algorithm for the discrete logarithm problem on Koblitz curves. This implies that when using Koblitz curves, one has a lower security per bit than when using general elliptic curves defined over the same field. Hence for a fixed security level, systems using Koblitz curves require slightly more bandwidth.

We present a method to reduce this bandwidth when a normal basis representation for $\mathbb F$

_{2n}is used. Our method is appropriate for applications such as Diffie-Hellman key exchange or Elgamal encryption. We show that, with a low probability of failure, our method gives the expected bandwidth for a given security level.

The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step giant-step algorithm (BSGS) or Pollard rho. Montgomery's simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points *X* and *Y*, we can efficiently get *X*-*Y* when we compute *X*+*Y*. We apply these ideas to speed up the baby-step giant-step algorithm. Compared to the previous methods, the new methods can achieve a significant speedup for computing elliptic curve discrete logarithms in small groups or small intervals.

Another contribution of our paper is to give an analysis of the average-case running time of Bernstein and Lange's "grumpy giants and a baby" algorithm, and also to consider this algorithm in the case of groups with efficient inversion.

Our conclusion is that, in the fully-optimised context, both the interleaved BSGS and grumpy-giants algorithms have superior average-case running time compared with Pollard rho. Furthermore, for the discrete logarithm problem in an interval, the interleaved BSGS algorithm is considerably faster than the Pollard kangaroo or Gaudry-Schost methods.

## Year of publication

## Related Authors

## Related Keywords

[Back to Top]