My student and I already tried something similar and concluded it did
not work. But Semaev is smarter than me, so I will need to read his
paper more carefully to tell. It pays not to underestimate Igor Semaev.
Regarding the asymptotics: the memory requirement will probably render
the method impossible (I mean, like "not enough elementary particles in
the universe" impossible) even if the time estimate is technically
faster than pollard rho (remember that rho is parallelisable and
requires small storage).
Steven
On 07/04/15 12:44, Trevor Perrin wrote:
An eprint paper claims an improvement over Pollard Rho vs the FIPS
K-409 and K-571 curves:
https://eprint.iacr.org/2015/310.pdf
Seems like this might be building on the direction described below,
from the "ellipticnews" blog:
https://ellipticnews.wordpress.com/2012/05/16/two-new-papers-on-the-ecdlp-in-characteristic-2/
Anyone able to place the work in context? (is this a real
improvement? by how much? what are prospects for further advances,
application to other curves, etc.)
Trevor
_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves
_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves
