Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology in India

INDOCRYPT 2010: Progress in Cryptology - INDOCRYPT 2010 pp 328–346Cite as

ECC2K-130 on NVIDIA GPUs

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6498))

Abstract

A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and Graphics Processing Units (GPUs), to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over \(\mathbb{F}_{2^{131}}\). Optimizations have reduced the cost of the computation to approximately 277 bit operations in 261 iterations.

GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million \(\mathbb{F}_{2^{131}}\) multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.

Permanent ID of this document: 1957e89d79c5a898b6ef308dc10b0446. Date of this document: 2010.09.25. This work was sponsored in part by the National Science Foundation under grant ITR–0716498, in part by Taiwan’s National Science Council under grant NSC-96-2221-E-001-031-MY3, and under grant NSC-96-2218-E-001-001, also through the Taiwan Information Security Center under grant NSC-97-2219-E-001-001, and under grant NSC-96-2219-E-011-008, and in part by the European Commission through the ICT Programme under Contract ICT–2007–216676 ECRYPT II and the ICT Programme under Contract ICT–2007–216499 CACE.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C., Cheng, C.-M., van Damme, G., de Meulenaer, G., Dominguez Perez, L.J., Fan, J., Güneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130. Cryptology ePrint Archive, Report 2009/541 (2009), http://eprint.iacr.org/2009/541

  2. Bernstein, D.J.: qhasm: tools to help write high-speed software, http://cr.yp.to/qhasm.html

  3. Bernstein, D.J.: Batch binary Edwards. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009), http://cr.yp.to/papers.html#bbe

    Chapter  Google Scholar 

  4. Bernstein, D.J.: Minimum number of bit operations for multiplication (2009), http://binary.cr.yp.to/m.html (accessed 2009-12-07)

  5. Bernstein, D.J., Chen, H.-C., Chen, M.-S., Cheng, C.-M., Hsiao, C.-H., Lange, T., Lin, Z.-C., Yang, B.-Y.: The billion-mulmod-per-second PC. In: Workshop Record of SHARCS 2009: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 131–144 (2009), http://www.hyperelliptic.org/tanja/SHARCS/record2.pdf

  6. Bernstein, D.J., Chen, T.-R., Cheng, C.-M., Lange, T., Yang, B.-Y.: ECM on graphics cards. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 483–501. Springer, Heidelberg (2009), Document ID: 6904068c52463d70486c9c68ba045839 http://eprint.iacr.org/2008/480/

    Chapter  Google Scholar 

  7. Bernstein, D.J., Lange, T.: Explicit-formulas database, http://www.hyperelliptic.org/EFD/ (accessed 2010-09-25)

  8. Bernstein, D.J., Lange, T.: Type-II optimal polynomial bases. In: Anwar Hasan, M., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 41–61. Springer, Heidelberg (2010) Document ID: 90995f3542ee40458366015df5f2b9de, http://binary.cr.yp.to/opb-20100209.pdf

    Chapter  Google Scholar 

  9. Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  10. Bos, J.W., Kleinjung, T., Niederhagen, R., Schwabe, P.: ECC2K-130 on Cell CPUs. In: Bernstein, D.J., Lange, T. (eds.) Progress in Cryptology – AFRICACRYPT 2010. LNCS, vol. 6055, pp. 225–242. Springer, Heidelberg (2010) Document ID: bad46a78a56fdc3a44fcf725175fd253, http://eprint.iacr.org/2010/077

    Chapter  Google Scholar 

  11. Certicom. Certicom ECC challenge (1997), http://www.certicom.com/images/pdfs/cert_ecc_challenge.pdf

  12. Fan, J., Bailey, D.V., Batina, L., Güneysu, T., Paar, C., Verbauwhede, I.: Breaking elliptic curves cryptosystems using reconfigurable hardware. In: 20th International Conference on Field Programmable Logic and Applications (FPL 2010), Milano, Italy, August 31–September 2 (2010)

    Google Scholar 

  13. von zur Gathen, J., Shokrollahi, A., Shokrollahi, J.: Efficient multiplication using type 2 optimal normal bases. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 55–68. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  15. Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978)

    MathSciNet  MATH  Google Scholar 

  16. Shokrollahi, J.: Efficient implementation of elliptic curve cryptography on FPGAs. PhD thesis, Rheinische Friedrich-Wilhelms Universität (2007), Dissertation, http://nbn-resolving.de/urn:nbn:de:hbz:5N-09601

  17. van der Laan, W.J.: Cubin utilities (2007), http://wiki.github.com/laanwj/decuda

  18. van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12(1), 1–28 (1999)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Illinois at Chicago, 851 S. Morgan Street, Chicago, IL, 60607-7053, USA

    Daniel J. Bernstein

  2. Institute of Information Science, Academia Sinica, 128, Section 2, Academia Road, Taipei, 11529, Taiwan

    Hsieh-Chung Chen & Bo-Yin Yang

  3. Department of Electrical Engineering, National Taiwan University, 1, Section 4, Roosevelt Road, Taipei, 10617, Taiwan

    Chen-Mou Cheng & Ruben Niederhagen

  4. Department of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5600, MB, Eindhoven, Netherlands

    Tanja Lange, Ruben Niederhagen & Peter Schwabe

Authors
  1. Daniel J. Bernstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hsieh-Chung Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chen-Mou Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tanja Lange
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ruben Niederhagen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Peter Schwabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Bo-Yin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario, Canada

    Guang Gong

  2. Indian Statistical Institute, Applied Statistics Unit, 203 B. T. Road, 700108, Kolkata, India

    Kishan Chand Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernstein, D.J. et al. (2010). ECC2K-130 on NVIDIA GPUs. In: Gong, G., Gupta, K.C. (eds) Progress in Cryptology - INDOCRYPT 2010. INDOCRYPT 2010. Lecture Notes in Computer Science, vol 6498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17401-8_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17401-8_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17400-1

  • Online ISBN: 978-3-642-17401-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation