On improvements of the $r$-adding walk in a finite field of characteristic 2
This work addresses an incremental improvement in generic algorithms for cryptography, specifically for researchers in computational number theory and security.
The paper critically analyzes a modified $r$-adding walk that claims to reduce the computational work per iteration in solving the discrete logarithm problem, comparing it to the original method to assess its effectiveness.
It is currently known from the work of Shoup and Nechaev that a generic algorithm to solve the discrete logarithm problem in a group of prime order must have complexity at least $k\sqrt{N}$ where $N$ is the order of the group. In many collision search algorithms this complexity is achieved. So with generic algorithms one can only hope to make the $k$ smaller. This $k$ depends on the complexity of the iterative step in the generic algorithms. The $\sqrt{N}$ comes from the fact there is about $\sqrt{N}$ iterations before a collision. So if we can find ways that can reduce the amount of work in one iteration then that is of great interest and probably the only possible modification of a generic algorithm. The modified $r$-adding walk allegedly does just that. It claims to reduce the amount of work done in one iteration of the original $r$-adding walk. In this paper we study this modified $r$-adding walk, we critically analyze it and we compare it with the original $r$-adding walk.