︠d9166469-c181-4fc7-a6a1-b66e4f901252i︠
%html
<h1><center>Pollard Rho Method For Solving DLP</center></h1>
︡04faf7af-13ac-4696-a5dd-2bd3042944b7︡{"done":true,"html":"<h1><center>Pollard Rho Method For Solving DLP</center></h1>"}
︠ed93f543-282d-465b-9dcd-62559e893a02i︠
%md
<b>Description.</b> This attack takes advantage of the Floyd's Cycle Finding algorithm. The SAGE function for this attack ``PRhoOnDLP" takes four inputs: prime p, primitive root g, the publuc value $b=g^x$ mod p and the number of iterations.
︡35fd1ecf-58b4-4218-bbf2-e002becb760a︡{"done":true,"md":"<b>Description.</b> This attack takes advantage of the Floyd's Cycle Finding algorithm. The SAGE function for this attack ``PRhoOnDLP\" takes four inputs: prime p, primitive root g, the publuc value $b=g^x$ mod p and the number of iterations."}
︠1cb35a7e-fd93-4b0d-8ed2-1f7dfc035493s︠
def updatex(x,alpha,beta,p,g,b):
    if(x < (p/3)):
        return (b*x) % (p)
    if(x < (2*p/3)):
        return (x^2 ) % (p)
    return (g*x ) % (p)

def updatea(x,alpha,beta, p):
    if(x < (p/3)):
        return alpha
    if(x < (2*p/3)):
        return (2*alpha ) % (p-1)
    return (alpha+1) % (p-1)

def updateb(x,alpha,beta,p):
    if(x < (p/3)):
        return (beta+1 ) % (p-1)
    if(x < (2*p/3)):
        return (2*beta ) % (p-1)
    return beta

def updateTuple(tupleIn, g,b):
    newX = updatex(tupleIn[0],tupleIn[1],tupleIn[2],tupleIn[3],g,b)
    newA = updatea(tupleIn[0],tupleIn[1],tupleIn[2],tupleIn[3])
    newB = updateb(tupleIn[0],tupleIn[1],tupleIn[2],tupleIn[3])
    return [newX,newA,newB,tupleIn[3]]

def PRhoOnDLP(g,b,p,rounds):
    x = 1
    alpha = 0
    beta = 0
    highTuple = [x,alpha,beta,p]
    lowTuple = [x,alpha,beta,p]
    found = False
    counter = 0
    while( (not found) and (counter < rounds)):
        lowTuple = updateTuple(lowTuple,g,b)
        highTuple = updateTuple(highTuple,g,b)
        highTuple = updateTuple(highTuple,g,b)
        if(highTuple[0] == lowTuple[0]):
            found = True
            print("Number of Iterations Before Reaching a Collision" , counter)
            u = (highTuple[1] - lowTuple[1]) % (p-1)
            v = (-1)*(highTuple[2] - lowTuple[2]) % (p-1)
            #temp1 = power_mod(g,highTuple[1],p) * power_mod(b,highTuple[2],p) % p
            #print(temp1)
            #temp2 = power_mod(g,lowTuple[1],p) * power_mod(b,lowTuple[2],p) % p
            #print(temp2)
            gcdOut = xgcd(v,p-1)
            #print(gcdOut)
            k = 0
            found2 = False
            while (not found2):
                k += 1
                x = ZZ( (u*gcdOut[1]+k*(p-1))/gcdOut[0]) % (p-1)
                tempVal = power_mod(g,x,p)
                if(tempVal == b):
                    return x
        counter += 1
    print("The attack was unsuccessful")
    return -1





︡003310e4-c7ee-44ec-bd6c-a2cf94ae0cb0︡{"done":true}
︠24066595-3b8e-4d26-8abd-a32ad0959b30i︠
%html
<h3>Example 1. Let p= 12345679007, g=5, b=12014768744. Solve the DLP $b=g^x$ using PRhoOnDLP.</h3>

︡88c358e4-35b0-4617-8907-1f06e6107750︡{"done":true,"html":"<h3>Example 1. Let p= 12345679007, g=5, b=12014768744. Solve the DLP $b=g^x$ using PRhoOnDLP.</h3>"}
︠cac33efb-b06a-4d31-8d8e-42630fc7878fs︠

p = 12345679007
g= 5
b = 12014768744
proposedVal = PRhoOnDLP(g,b,p,1000000)
print("The value the PRhoOnDLP returned was" , proposedVal)
if(b == power_mod(g,proposedVal,p)):
    print ("The Discrete Log Problem is solvable")
︡9301ef53-f625-4bd3-b93e-c572049db597︡{"stdout":"Number of Iterations Before Reaching a Collision"}︡{"stdout":" 98664\n"}︡{"stdout":"The value the PRhoOnDLP returned was 777\n"}︡{"stdout":"The Discrete Log Problem is solvable\n"}︡{"done":true}
︠c479edb3-cab9-43c4-9954-bef59b50ba2ei︠
%html
<h3>Example 2. Let p= 1561561567, g=5, b=26268860. Solve the DLP $b=g^x$ using PRhoOnDLP.</h3>

︡31f0ca4c-a7c4-44b8-8f71-778b6855c330︡{"done":true,"html":"<h3>Example 2. Let p= 1561561567, g=5, b=26268860. Solve the DLP $b=g^x$ using PRhoOnDLP.</h3>"}
︠39da7eb6-6b4b-4877-8e59-a2bdaeacc155s︠
p = 1561561567
g = 117
b = 26268860
proposedVal = PRhoOnDLP(g,b,p,1000000)
print("The value the PRhoOnDLP returned was" , proposedVal)
if(b == power_mod(g,proposedVal,p)):
    print ("The Discrete Log Problem is solvable")
︡5e04d94f-cb2d-4e95-9a1d-44459aabcb6d︡{"stdout":"Number of Iterations Before Reaching a Collision"}︡{"stdout":" 48293\n"}︡{"stdout":"The value the PRhoOnDLP returned was 987654321\n"}︡{"stdout":"The Discrete Log Problem is solvable\n"}︡{"done":true}
︠19b4ddc4-8b15-43af-9f85-3874b89c3ad4s︠
︡7749e1de-f829-4bc2-b3d6-fa12bac9ae39︡{"done":true}
︠042a6e05-7f67-43c4-89c8-27cdfa531fc2s︠

︡8725733a-e8a4-4dcd-aa3d-037ac2e50751︡{"done":true}











Collaborative Calculation and Data Science

colby

sagemath

cornellcollege

facebook

Pollard Rho Method For Solving DLP

Example 1. Let p= 12345679007, g=5, b=12014768744. Solve the DLP b=gxb=g^xb=gx using PRhoOnDLP.

Example 2. Let p= 1561561567, g=5, b=26268860. Solve the DLP b=gxb=g^xb=gx using PRhoOnDLP.

Example 1. Let p= 12345679007, g=5, b=12014768744. Solve the DLP $b=g^x$ using PRhoOnDLP.

Example 2. Let p= 1561561567, g=5, b=26268860. Solve the DLP $b=g^x$ using PRhoOnDLP.