ECC2K-130 on Cell CPUs

This paper describes an implementation of Pollard's rho algorithm to compute the elliptic curve discrete logarithm for the Synergistic Processor Elements of the Cell Broadband Engine Architecture. Our implementation targets the elliptic curve discrete logarithm problem defined in the Certicom ECC2K-130 challenge. We compare a bitsliced implementation to a non-bitsliced implementation and describe several optimization techniques for both approaches. In particular, we address the question whether normal-basis or polynomial-basis representation of field elements leads to better performance. We show that using our software the ECC2K-130 challenge can be solved in one year using the Synergistic Processor Units of less than 2700 Sony Playstation 3 gaming consoles.

[1]  Joachim von zur Gathen,et al.  Efficient Multiplication Using Type 2 Optimal Normal Bases , 2007, WAIFI.

[2]  Daniel J. Bernstein,et al.  Batch Binary Edwards , 2009, CRYPTO.

[3]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[4]  Arjen K. Lenstra,et al.  On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography , 2009, IACR Cryptol. ePrint Arch..

[5]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[6]  H. Peter Hofstee,et al.  Power efficient processor architecture and the cell processor , 2005, 11th International Symposium on High-Performance Computer Architecture.

[7]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[8]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[9]  Marcelo E. Kaihara,et al.  Pollard Rho on the PlayStation 3 , 2009 .

[10]  J. Stein Computational problems associated with Racah algebra , 1967 .

[11]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[12]  Tanja Lange,et al.  Breaking ECC2K-130 , 2009, IACR Cryptol. ePrint Arch..

[13]  B. Harris PROBABILITY DISTRIBUTIONS RELATED TO RANDOM MAPPINGS , 1960 .

[14]  D. Bernstein Optimizing linear maps modulo 2 , 2009 .

[15]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[16]  Tanja Lange,et al.  The Certicom Challenges ECC2-X , 2009, IACR Cryptol. ePrint Arch..