Solving 114-Bit ECDLP for a Barreto-Naehrig Curve

The security of cryptographic protocols which are based on elliptic curve cryptography relies on the intractability of elliptic curve discrete logarithm problem (ECDLP). In this paper, the authors describe techniques applied to solve 114-bit ECDLP in Barreto-Naehrig (BN) curve defined over the odd characteristic field. Unlike generic elliptic curves, BN curve holds an especial interest since it is well studied in pairing-based cryptography. Till the date of our knowledge, the previous record for solving ECDLP in a prime field was 112-bit by Bos et al. in Certicom curve ‘secp112r1’. This work sets a new record by solving 114-bit prime field ECDLP of BN curve using Pollard’s rho method. The authors utilized sextic twist property of the BN curve to efficiently carry out the random walk of Pollard’s rho method. The parallel implementation of the rho method by adopting a client-server model, using 2000 CPU cores took about 6 months to solve the ECDLP.

[1]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[2]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[3]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[4]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[5]  Takuji Nishimura,et al.  Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator , 1998, TOMC.

[6]  Arjen K. Lenstra,et al.  Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction , 2012, Int. J. Appl. Cryptogr..

[7]  Tanja Lange,et al.  Faster discrete logarithms on FPGAs , 2016, IACR Cryptol. ePrint Arch..

[8]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[9]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[10]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[11]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[12]  Yasuyuki Nogami,et al.  Scalar Multiplication Using Frobenius Expansion over Twisted Elliptic Curve for Ate Pairing Based Cryptography , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Razvan Barbulescu,et al.  Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case , 2016, CRYPTO.

[14]  Erich Wenger,et al.  Solving the Discrete Logarithm of a 113-Bit Koblitz Curve with an FPGA Cluster , 2014, Selected Areas in Cryptography.

[15]  Yasuyuki Nogami,et al.  Web-based Volunteer Computing for Solving the Elliptic Curve Discrete Logarithm Problem , 2016, Int. J. Netw. Comput..

[16]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[17]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[18]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[19]  Yasuyuki Nogami,et al.  A Comparative Study of Image Segmentation Algorithms , 2015 .

[20]  Yasuyuki Nogami,et al.  Skew Frobenius Map and Efficient Scalar Multiplication for Pairing-Based Cryptography , 2008, CANS.