Abstract
A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and Graphics Processing Units (GPUs), to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over \(\mathbb{F}_{2^{131}}\). Optimizations have reduced the cost of the computation to approximately 277 bit operations in 261 iterations.
GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million \(\mathbb{F}_{2^{131}}\) multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.
Permanent ID of this document: 1957e89d79c5a898b6ef308dc10b0446. Date of this document: 2010.09.25. This work was sponsored in part by the National Science Foundation under grant ITR–0716498, in part by Taiwan’s National Science Council under grant NSC-96-2221-E-001-031-MY3, and under grant NSC-96-2218-E-001-001, also through the Taiwan Information Security Center under grant NSC-97-2219-E-001-001, and under grant NSC-96-2219-E-011-008, and in part by the European Commission through the ICT Programme under Contract ICT–2007–216676 ECRYPT II and the ICT Programme under Contract ICT–2007–216499 CACE.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C., Cheng, C.-M., van Damme, G., de Meulenaer, G., Dominguez Perez, L.J., Fan, J., Güneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130. Cryptology ePrint Archive, Report 2009/541 (2009), http://eprint.iacr.org/2009/541
Bernstein, D.J.: qhasm: tools to help write high-speed software, http://cr.yp.to/qhasm.html
Bernstein, D.J.: Batch binary Edwards. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009), http://cr.yp.to/papers.html#bbe
Bernstein, D.J.: Minimum number of bit operations for multiplication (2009), http://binary.cr.yp.to/m.html (accessed 2009-12-07)
Bernstein, D.J., Chen, H.-C., Chen, M.-S., Cheng, C.-M., Hsiao, C.-H., Lange, T., Lin, Z.-C., Yang, B.-Y.: The billion-mulmod-per-second PC. In: Workshop Record of SHARCS 2009: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 131–144 (2009), http://www.hyperelliptic.org/tanja/SHARCS/record2.pdf
Bernstein, D.J., Chen, T.-R., Cheng, C.-M., Lange, T., Yang, B.-Y.: ECM on graphics cards. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 483–501. Springer, Heidelberg (2009), Document ID: 6904068c52463d70486c9c68ba045839 http://eprint.iacr.org/2008/480/
Bernstein, D.J., Lange, T.: Explicit-formulas database, http://www.hyperelliptic.org/EFD/ (accessed 2010-09-25)
Bernstein, D.J., Lange, T.: Type-II optimal polynomial bases. In: Anwar Hasan, M., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 41–61. Springer, Heidelberg (2010) Document ID: 90995f3542ee40458366015df5f2b9de, http://binary.cr.yp.to/opb-20100209.pdf
Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)
Bos, J.W., Kleinjung, T., Niederhagen, R., Schwabe, P.: ECC2K-130 on Cell CPUs. In: Bernstein, D.J., Lange, T. (eds.) Progress in Cryptology – AFRICACRYPT 2010. LNCS, vol. 6055, pp. 225–242. Springer, Heidelberg (2010) Document ID: bad46a78a56fdc3a44fcf725175fd253, http://eprint.iacr.org/2010/077
Certicom. Certicom ECC challenge (1997), http://www.certicom.com/images/pdfs/cert_ecc_challenge.pdf
Fan, J., Bailey, D.V., Batina, L., Güneysu, T., Paar, C., Verbauwhede, I.: Breaking elliptic curves cryptosystems using reconfigurable hardware. In: 20th International Conference on Field Programmable Logic and Applications (FPL 2010), Milano, Italy, August 31–September 2 (2010)
von zur Gathen, J., Shokrollahi, A., Shokrollahi, J.: Efficient multiplication using type 2 optimal normal bases. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 55–68. Springer, Heidelberg (2007)
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)
Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978)
Shokrollahi, J.: Efficient implementation of elliptic curve cryptography on FPGAs. PhD thesis, Rheinische Friedrich-Wilhelms Universität (2007), Dissertation, http://nbn-resolving.de/urn:nbn:de:hbz:5N-09601
van der Laan, W.J.: Cubin utilities (2007), http://wiki.github.com/laanwj/decuda
van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12(1), 1–28 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernstein, D.J. et al. (2010). ECC2K-130 on NVIDIA GPUs. In: Gong, G., Gupta, K.C. (eds) Progress in Cryptology - INDOCRYPT 2010. INDOCRYPT 2010. Lecture Notes in Computer Science, vol 6498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17401-8_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-17401-8_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17400-1
Online ISBN: 978-3-642-17401-8
eBook Packages: Computer ScienceComputer Science (R0)