I'm implementing Pollard's kangaroo algorithm as described here.
Wikipedia's description of the protocol says that you should have "a pseudorandom map $f:G\rightarrow S$."
Does anyone know what happens if you weaken the properties of the map? I'm trying to implement this (don't worry, it's for research--nothing nefarious) so a full hash function like SHA-256 seems like overkill in this situation (especially since $S$ is so small). Has anyone mathematically analyzed what would happen if you use something that is a bit weaker than a full-fledged Random-Oracle-like hash-function? Heuristically, I'm finding that even something ratched like using $f(p) = S[p.y \bmod |S|]$ when $G$ is an elliptic curve group does not seem to recognizably affect the number of hops before the wild kangaroo is caught.
