New Collisions to Improve Pollard's Rho Method of Solving the Discrete Logarithm Problem on Elliptic Curves

It is true that different approaches have been utilised to accelerate the computation of discrete logarithm problem on elliptic curves with Pollard's Rho method. However, trapping in cycles fruitless will be obtained by using the random walks with Pollard's Rho. An efficient alternative approach that is based on new collisions which are reliant on the values ai , bi to solve this problem is proposed. This may requires less iterations than Pollard's Rho original in reaching collision. Thus, the performance of Pollard's Rho method is more efficiently because the improved method not only reduces the number of mathematical operations but these collisions can also applied on previous improvements which reported in the literature.


Introduction
The technology of public key cryptography has been proposed by Diffie andHellman in 1976 (Diffie andHellman, 1976) whereas the elliptic curve cryptosystems (ECC s ) that is dependent on this technology were first proposed separately by Koblitz andMiller in 1985 (Miller, 1986;Koblitz, 1987).The security of these cryptographic systems is reliant on the hardness of solving the discrete logarithm problem on elliptic curves (ECDLP).These schemes will be broken easily if this problem can be resolved efficiently.Despite the fact that there are several attacking methods to resolve ECDLP, Pollard's Rho method (Pollard, 1980) not only is at present known as the fastest algorithm to resolve the discrete logarithm problem on elliptic curves, but its parallelized variant as well because its mathematical operations is less than other methods like Baby- Step Giant-Step (Shanks, 1971).This encourages researchers to utilise from automorphism of the group (Duursma et al., 1990), random walk on certain equivalence classes (Wiener and Zuccherato, 1999;Gallant et al., 2000), parallelization (Oorschot and Wiener, 1999), iteration function (Teske, 1998;2001), negation map (Wang and Zhang, 2012) or cycle detection (Brent, 1980;Cheon et al., 2012;Ezzouak et al., 2014) to improve this attacking method.This paper will provide a new approach by using the theorem that proposed by Sadkhan andNeamah in 2010 (Sadkhan andNeamah, 2011) to improve Pollard's Rho method which use alternative collisions to resolve the ECDLP.After that, the developed method will be analysed by giving examples.

Background
In this section, the mathematical background of elliptic curve cryptography and the Pollard Rho (Pollard, 1980) method that uses an iteration function to make a succession of elements will be presented.This technique utilises cycle detection to find collision or a match.This matching will contribute to the solution of ECDLP.

Elliptic Curve Cryptography (ECC)
Elliptic Curves over the prime field p F can be defined by the equation y 2 = x 3 + ax + b, where 4a 3 + 27b 2  0. Different curves can be generated by changing the values a and b which belongs to p F .The set of points (x, y) that satisfy this equation equipped with the addition operation forms a group, denoted by E ( p F ).This operation can be defined over elliptic curves with a particular point O  which is called the identity or the point at infinity.If P = (x 1 , y 1 ) and Q = (x 2 , y 2 ) belongs to E ( p F ), P ⊕ Q = R = (x 3 , y 3 ) can be added as follows: (1) (2) If Q = ⊖ P = (x 1 , -y 1 ) and P ⊕ ( ⊖ P) = O  .
(3) Otherwise P ⊕ Q = (x 3 , y 3 ) where And ECDLP is easy, so the difficulty of the ECDLP plays a crucial role in the security of these cryptographic systems (Hankerson et al., 2004 ;Chee and Park, 2005).

Theorem
Let Q a point belongs to group points that generated by P where ord (P) = n, and R can be calculated as follows: then the following equations can be obtained (Sadkhan and Neamah, 2011) : mod n.

Pollard's Rho Method
The Pollard idea is to find k which is satisfying Q = [k]P by dividing the group of points on an elliptic curve into three disjoint sets S 1 , S 2 and S 3 which have an almost equal size.Define the original iteration function on a point R as follows: Since the number of points that lies in the curve that form cyclic group is a finite, this sequence will not only become periodic after applying this function but will start to repeat.Upon detection of a matching, this is

Improving Pollard's Rho Method by Using New Equations
The main idea of alternative collision of pollard's Rho on elliptic curve group method is that looks for a new collision in the group.Using the equations has been proposed by Sadkhan and Neamah (Sadkhan and Neamah, 2011) in Theorem above can not only significantly contribute to improving this method by reducing the mathematical operations but collision-detection algorithms can also be applied.Elliptic curve points over field p F divide into three disjoint sets S 1 , S 2 and S 3 with iterative function defined as follows: The sequence R i can be expressed as [a i ]P  [b i ]Q, where the numbers a i , b i ∈ [1, n − 1] are calculated as following: The collision-detection will occur with the following equations after applying the iteration function: If such collisions cannot be obtained, the original collision R i = R j , or the reverse collision R i = ⊖ R j respectively can be applied as follows: i) Q log P can be obtained as follows: k = ( ii) Q log P can be obtained as follows: k = (

Comparison between Methods
Analysing the methods play a crucial role in computer programming, so knowing the best methods is depended on this analysis because there are many methods available to a specific application.The performance of these methods such as Pollard's Rho can be evaluated by computing mathematical operations.If such methods have fewer steps than others, running time will be the best.Therefore, the developed Pollard's Rho method that implemented in these examples have shown the mathematical operations can be reduced from 18 to 1 or 12 operations with respect to the first example, and from 48 to 2 operations or 38 in the worst case by using the reverse collision R i = ⊖ R j with respect to the second example.These examples have utilised prime numbers with size between three and four digits.The tables 1 & 2 of these examples show that the intermediate steps of Pollard's Rho method.The experimental results for this method with its new equations have been certainly improved because the point Q belong to a cyclic group which generated by P will always contain the points P, Q, ⊖ P, ⊖ Q and O  in this group.This implies these collisions not only have always occur but the probability of a collision has also increased five times compared with original method.It can be concluded that the proposed improved method is not only better than the original pollard's Rho method but these alternative collisions can also be applied to previous proposed improvements such that dividing the iteration function into about 20 sets (Teske, 1998;2001).

Conclusion
The improved Pollard's Rho method has been outlined by using new collisions.
These collisions are reliant on values a 0 and b 0 that have been playing a significant role in reducing the total number of mathematical operations if these values are chosen carefully.This means selecting these numbers will significantly contribute to solve the ECDLP quickly.This modified method can be considered as an important addition to methods of improving the Pollard's Rho.Although these results are related to small prime finite fields, this can represent a good reduction of complexity when it is applied by using large prime numbers.The parallel collision search can also be applied by selecting different start points which have different values a 0 and b 0 for each processor in order to produce their own sequences of points, so the chance of collision will be considerably increased.This means the collision may not only occur with the points P, Q, ⊖ P , ⊖ Q and O  more than once but also with the points R j and ⊖ R j in the worst case.