This is a simple, yet straightforward implementation of Pollard's rho algorithm  
for discrete logarithms. It computes X such that G^X = H mod P. P must be a safe  
prime, such that there is a prime Q for which P = 2Q+1 holds true. The algorithm  
was designed using a "Hase/Igel" (German: Rabbit/Hedgehog) approach. Meaning  
there are two independent computations of Pollard's rho at different speeds. The  
algorithm stops, when the slower "Igel" has overtaken the faster rabbit and their  
X values are equal.

In [None]:
def ext_euclid(a, b):
    """
    Extended Euclidean Algorithm
    :param a:
    :param b:
    :return:
    """
    if b == 0:
        return a, 1, 0
    else:
        d, xx, yy = ext_euclid(b, a%b)
        x = yy
        y = xx - (a / b) * yy
        return d, x, y
    
def inverse(a, n):
    """
    Inverse of a in mod n
    :param a:
    :param n:
    :return:
    """
    return ext_euclid(a, n)[1]

def xab(x, a, b, (G, H, P, Q)):
    """
    Pollard Step
    :param x:
    :param a:
    :param b:
    :return:
    """
    sub = x % 3 # Subsets
    
    if sub == 0:
        x = x * G % P
        a = (a + 1) % Q
        
    if sub == 1:
        x = x * H % P
        b = (b + 1) % Q
        
    if sub == 2:
        x = x * x % P
        a = a * 2 % Q
        b = b * 2 % Q
        
    return x, a, b

def pollard(G, H, P):
    
    # P: Prime
    # H:
    # G: Generator
    Q = (P - 1) / 2  # subgroup
    
    x = G * H
    a = 1
    b = 1
    
    X = x
    A = a
    B = b
    
    for i in range(1, P):
        # Hedgehog
        x, a, b = xab(x, a, b, (G, H, P, Q))
        
        # Rabbit
        X, A, B = xab(X, A, B, (G, H, P, Q))
        X, A, B = xab(X, A, B, (G, H, P, Q))
        
        if x == X:
            break
        
    nom = a - A
    denom = B - b
    
    print(nom, denom)
    
    # It is necessary to compute the inverse to properly compute the fraction mod q
    res = (inverse(denom, Q) * nom) % Q