ECC2K-130 on NVIDIA GPUs

D.J. Bernstein; H.-C. Chen; C.M. Cheng; T. Lange; R.F. Niederhagen; P. Schwabe; B.Y. Yang

doi:10.1007/978-3-642-17401-8_23

ECC2K-130 on NVIDIA GPUs

D.J. Bernstein, H.-C. Chen, C.M. Cheng, T. Lange, R.F. Niederhagen, P. Schwabe, B.Y. Yang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

12 Citations (Scopus)

322 Downloads (Pure)

Abstract

A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and Graphics Processing Units (GPUs), to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over $\rm F_{2^{131}}$ . Optimizations have reduced the cost of the computation to approximately 277 bit operations in 261 iterations. GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million $\rm F_{2^{131}}$ multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.

Original language	English
Title of host publication	Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings)
Editors	G. Gong, K.C. Gupta
Place of Publication	Berlin
Publisher	Springer
Pages	328-346
ISBN (Print)	978-3-642-17400-1
DOIs	https://doi.org/10.1007/978-3-642-17401-8_23
Publication status	Published - 2010

Publication series

Name	Lecture Notes in Computer Science
Volume	6498
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-642-17401-8_23

713600517347077Final published version, 704 KB

Cite this

Bernstein, D. J., Chen, H-C., Cheng, C. M., Lange, T., Niederhagen, R. F., Schwabe, P., & Yang, B. Y. (2010). ECC2K-130 on NVIDIA GPUs. In G. Gong, & K. C. Gupta (Eds.), Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings) (pp. 328-346). (Lecture Notes in Computer Science; Vol. 6498). Springer. https://doi.org/10.1007/978-3-642-17401-8_23

Bernstein, D.J. ; Chen, H.-C. ; Cheng, C.M. ; Lange, T. ; Niederhagen, R.F. ; Schwabe, P. ; Yang, B.Y. / ECC2K-130 on NVIDIA GPUs. Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings). editor / G. Gong ; K.C. Gupta. Berlin : Springer, 2010. pp. 328-346 (Lecture Notes in Computer Science).

@inproceedings{6c84a356e07245aeb37090fac0b2e37c,

title = "ECC2K-130 on NVIDIA GPUs",

abstract = "A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and Graphics Processing Units (GPUs), to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over $\rm F_{2^{131}}$ . Optimizations have reduced the cost of the computation to approximately 277 bit operations in 261 iterations. GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million $\rm F_{2^{131}}$ multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.",

author = "D.J. Bernstein and H.-C. Chen and C.M. Cheng and T. Lange and R.F. Niederhagen and P. Schwabe and B.Y. Yang",

year = "2010",

doi = "10.1007/978-3-642-17401-8_23",

language = "English",

isbn = "978-3-642-17400-1",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "328--346",

editor = "G. Gong and K.C. Gupta",

booktitle = "Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings)",

address = "Germany",

}

Bernstein, DJ, Chen, H-C, Cheng, CM, Lange, T, Niederhagen, RF, Schwabe, P & Yang, BY 2010, ECC2K-130 on NVIDIA GPUs. in G Gong & KC Gupta (eds), Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings). Lecture Notes in Computer Science, vol. 6498, Springer, Berlin, pp. 328-346. https://doi.org/10.1007/978-3-642-17401-8_23

ECC2K-130 on NVIDIA GPUs. / Bernstein, D.J.; Chen, H.-C.; Cheng, C.M.; Lange, T.; Niederhagen, R.F.; Schwabe, P.; Yang, B.Y.

Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings). ed. / G. Gong; K.C. Gupta. Berlin : Springer, 2010. p. 328-346 (Lecture Notes in Computer Science; Vol. 6498).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ECC2K-130 on NVIDIA GPUs

AU - Bernstein, D.J.

AU - Chen, H.-C.

AU - Cheng, C.M.

AU - Lange, T.

AU - Niederhagen, R.F.

AU - Schwabe, P.

AU - Yang, B.Y.

PY - 2010

Y1 - 2010

N2 - A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and Graphics Processing Units (GPUs), to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over $\rm F_{2^{131}}$ . Optimizations have reduced the cost of the computation to approximately 277 bit operations in 261 iterations. GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million $\rm F_{2^{131}}$ multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.

AB - A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and Graphics Processing Units (GPUs), to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over $\rm F_{2^{131}}$ . Optimizations have reduced the cost of the computation to approximately 277 bit operations in 261 iterations. GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million $\rm F_{2^{131}}$ multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.

U2 - 10.1007/978-3-642-17401-8_23

DO - 10.1007/978-3-642-17401-8_23

M3 - Conference contribution

SN - 978-3-642-17400-1

T3 - Lecture Notes in Computer Science

SP - 328

EP - 346

BT - Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings)

A2 - Gong, G.

A2 - Gupta, K.C.

PB - Springer

CY - Berlin

ER -

Bernstein DJ, Chen H-C, Cheng CM, Lange T, Niederhagen RF, Schwabe P et al. ECC2K-130 on NVIDIA GPUs. In Gong G, Gupta KC, editors, Progress in Cryptology - INDOCRYPT 2010 (11th International Conference on Cryptology in India, Hyderabad, India, December 12-15, 2010. Proceedings). Berlin: Springer. 2010. p. 328-346. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-17401-8_23

ECC2K-130 on NVIDIA GPUs

Abstract

Publication series

Access to Document

Fingerprint

Cite this