Bailey D. V., Batina L., Bernstein D. J., Birkner P., Bos J. W., Chen H. -. C., Cheng C. -. M., van Damme G., Güneysu T., Gurkaynak F., Kleinjung T., Paar C., Regazzoni F., Niederhagen R., Schwabe P., Uhsadel L., Van Herrewege A.
Articolo pubblicato in rivista scientifica
Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard''s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack.
IACR Cryptology ePrint Archive
Attacks, automorphisms, binary fields, Certicom challenges, DLP, ECC, implementation, Koblitz curves, parallelized Pollard rho