Faster discrete logarithms on FPGAs

This paper accelerates FPGA computations of discrete logarithms on elliptic curves over binary fields. As a toy example, this paper successfully attacks the SECG standard curve sect113r2, a binary elliptic curve that was not removed from the SECG standard until 2010 and was not disabled in OpenSSL until June 2015. This is a new size record for completed ECDL computations, using a prime order very slightly larger than the previous record holder. More importantly, this paper uses FPGAs much more efficiently, saving a factor close to 3/2 in the size of each high-speed ECDL core. This paper squeezes 3 cores into a low-cost Spartan-6 FPGA and many more cores into larger FPGAs. The paper also benchmarks many smaller-size attacks to demonstrate reliability of the estimates, and covers a much larger curve over a 127-bit field to demonstrate scalability.

[1]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[2]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[3]  G. Seroussi Compact Representation of Elliptic Curve Points over F 2 , 1998 .

[4]  Arjen K. Lenstra,et al.  On the Use of the Negation Map in the Pollard Rho Method , 2010, ANTS.

[5]  Erich Wenger,et al.  Harder, better, faster, stronger: elliptic curve discrete logarithm computations on FPGAs , 2016, Journal of Cryptographic Engineering.

[6]  Tanja Lange,et al.  ECC2K-130 on NVIDIA GPUs , 2010, INDOCRYPT.

[7]  Francisco Rodríguez-Henríquez,et al.  Lambda Coordinates for Binary Elliptic Curves , 2013, CHES.

[8]  Tanja Lange,et al.  Two grumpy giants and a baby , 2013, IACR Cryptol. ePrint Arch..

[9]  Tanja Lange,et al.  Computing Small Discrete Logarithms Faster , 2012, INDOCRYPT.

[10]  Edlyn Teske On random walks for Pollard's rho method , 2001, Math. Comput..

[11]  Erich Wenger,et al.  Solving the Discrete Logarithm of a 113-Bit Koblitz Curve with an FPGA Cluster , 2014, Selected Areas in Cryptography.

[12]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ecc) Brainpool Standard Curves and Curve Generation , 2010 .

[13]  Ed Dawson,et al.  The Security of Fixed versus Random Elliptic Curves in Cryptography , 2003, ACISP.

[14]  Fabian Kuhn,et al.  Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing Multiple Discrete Logarithms , 2001, Selected Areas in Cryptography.

[15]  Steven D. Galbraith,et al.  Recent progress on the elliptic curve discrete logarithm problem , 2015, Designs, Codes and Cryptography.

[16]  Marcelo E. Kaihara,et al.  Pollard Rho on the PlayStation 3 , 2009 .

[17]  Iwan M. Duursma,et al.  Speeding up the Discrete Log Computation on Curves with Automorphisms , 1999, ASIACRYPT.

[18]  Susanne Engels,et al.  Breaking ecc2-113: Efficient Implementation of an Optimized Attack on a Reconfigurable Hardware Cluster , 2014 .

[19]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[20]  Tim Güneysu,et al.  Breaking Elliptic Curve Cryptosystems Using Reconfigurable Hardware , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[21]  Tanja Lange,et al.  On the correct use of the negation map in the Pollard rho method , 2011, IACR Cryptol. ePrint Arch..

[22]  N. J. A. Sloane,et al.  The On-Line Encyclopedia of Integer Sequences , 2003, Electron. J. Comb..