A Birthday Paradox for Markov chains with an optimal bound for collision in the Pollard Rho algorithm for discrete logarithm
Abstract
We show a Birthday Paradox for selfintersections of Markov chains with uniform stationary distribution. As an application, we analyze Pollard's Rho algorithm for finding the discrete logarithm in a cyclic group $G$ and find that if the partition in the algorithm is given by a random oracle, then with high probability a collision occurs in $\Theta(\sqrt{G})$ steps. Moreover, for the parallelized distinguished points algorithm on $J$ processors we find that $\Theta(\sqrt{G}/J)$ steps suffices. These are the first proofs of the correct order bounds which do not assume that every step of the algorithm produces an i.i.d. sample from $G$.
 Publication:

arXiv eprints
 Pub Date:
 December 2007
 arXiv:
 arXiv:0712.0220
 Bibcode:
 2007arXiv0712.0220K
 Keywords:

 Mathematics  Probability;
 Mathematics  Combinatorics
 EPrint:
 Published in at http://dx.doi.org/10.1214/09AAP625 the Annals of Applied Probability (http://www.imstat.org/aap/) by the Institute of Mathematical Statistics (http://www.imstat.org)