ECM on graphics cards

D.J. Bernstein; T.R. Chen; C.M. Cheng; T. Lange; B.Y. Yang

doi:10.1007/978-3-642-01001-9_28

ECM on graphics cards

D.J. Bernstein, T.R. Chen, C.M. Cheng, T. Lange, B.Y. Yang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

56 Citations (Scopus)

Abstract

This paper reports record-setting performance for the elliptic-curve method of integer factorization: for example, 926.11 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers on a single PC. The state-of-the-art GMP-ECM software handles 124.71 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers using all four cores of a 2.4 GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 295 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 295 the implementation performs 41.88 million modular multiplications per second for a general 280-bit modulus. GMP-ECM, using all four cores of a Q6600, performs 13.03 million modular multiplications per second. This paper also reports speeds on other graphics processors: for example, 2414 280-bit elliptic-curve scalar multiplications per second on an older NVIDIA 8800 GTS (G80), again for a general 280-bit modulus. For comparison, the CHES 2008 paper "Exploiting the Power of GPUs for Asymmetric Cryptography" reported 1412 elliptic-curve scalar multiplications per second on the same graphics processor despite having fewer bits in the scalar (224 instead of 280), fewer bits in the modulus (224 instead of 280), and a special modulus (2 to the 224 degree¿-¿2 to the 96¿ degree+¿1).

Original language	English
Title of host publication	Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings)
Editors	A. Joux
Place of Publication	Berlin
Publisher	Springer
Pages	483-501
ISBN (Print)	978-3-642-01000-2
DOIs	https://doi.org/10.1007/978-3-642-01001-9_28
Publication status	Published - 2009

Publication series

Name	Lecture Notes in Computer Science
Volume	5479
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-642-01001-9_28

Cite this

Bernstein, D. J., Chen, T. R., Cheng, C. M., Lange, T., & Yang, B. Y. (2009). ECM on graphics cards. In A. Joux (Ed.), Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings) (pp. 483-501). (Lecture Notes in Computer Science; Vol. 5479). Springer. https://doi.org/10.1007/978-3-642-01001-9_28

@inproceedings{d9478f29214244bbb971ced58d24663b,

title = "ECM on graphics cards",

abstract = "This paper reports record-setting performance for the elliptic-curve method of integer factorization: for example, 926.11 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers on a single PC. The state-of-the-art GMP-ECM software handles 124.71 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers using all four cores of a 2.4 GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 295 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 295 the implementation performs 41.88 million modular multiplications per second for a general 280-bit modulus. GMP-ECM, using all four cores of a Q6600, performs 13.03 million modular multiplications per second. This paper also reports speeds on other graphics processors: for example, 2414 280-bit elliptic-curve scalar multiplications per second on an older NVIDIA 8800 GTS (G80), again for a general 280-bit modulus. For comparison, the CHES 2008 paper {"}Exploiting the Power of GPUs for Asymmetric Cryptography{"} reported 1412 elliptic-curve scalar multiplications per second on the same graphics processor despite having fewer bits in the scalar (224 instead of 280), fewer bits in the modulus (224 instead of 280), and a special modulus (2 to the 224 degree¿-¿2 to the 96¿ degree+¿1).",

author = "D.J. Bernstein and T.R. Chen and C.M. Cheng and T. Lange and B.Y. Yang",

year = "2009",

doi = "10.1007/978-3-642-01001-9_28",

language = "English",

isbn = "978-3-642-01000-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "483--501",

editor = "A. Joux",

booktitle = "Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings)",

address = "Germany",

}

Bernstein, DJ, Chen, TR, Cheng, CM, Lange, T & Yang, BY 2009, ECM on graphics cards. in A Joux (ed.), Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings). Lecture Notes in Computer Science, vol. 5479, Springer, Berlin, pp. 483-501. https://doi.org/10.1007/978-3-642-01001-9_28

ECM on graphics cards. / Bernstein, D.J.; Chen, T.R.; Cheng, C.M. et al.
Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings). ed. / A. Joux. Berlin: Springer, 2009. p. 483-501 (Lecture Notes in Computer Science; Vol. 5479).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ECM on graphics cards

AU - Bernstein, D.J.

AU - Chen, T.R.

AU - Cheng, C.M.

AU - Lange, T.

AU - Yang, B.Y.

PY - 2009

Y1 - 2009

N2 - This paper reports record-setting performance for the elliptic-curve method of integer factorization: for example, 926.11 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers on a single PC. The state-of-the-art GMP-ECM software handles 124.71 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers using all four cores of a 2.4 GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 295 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 295 the implementation performs 41.88 million modular multiplications per second for a general 280-bit modulus. GMP-ECM, using all four cores of a Q6600, performs 13.03 million modular multiplications per second. This paper also reports speeds on other graphics processors: for example, 2414 280-bit elliptic-curve scalar multiplications per second on an older NVIDIA 8800 GTS (G80), again for a general 280-bit modulus. For comparison, the CHES 2008 paper "Exploiting the Power of GPUs for Asymmetric Cryptography" reported 1412 elliptic-curve scalar multiplications per second on the same graphics processor despite having fewer bits in the scalar (224 instead of 280), fewer bits in the modulus (224 instead of 280), and a special modulus (2 to the 224 degree¿-¿2 to the 96¿ degree+¿1).

AB - This paper reports record-setting performance for the elliptic-curve method of integer factorization: for example, 926.11 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers on a single PC. The state-of-the-art GMP-ECM software handles 124.71 curves/second for ECM stage 1 with B 1¿=¿8192 for 280-bit integers using all four cores of a 2.4 GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 295 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 295 the implementation performs 41.88 million modular multiplications per second for a general 280-bit modulus. GMP-ECM, using all four cores of a Q6600, performs 13.03 million modular multiplications per second. This paper also reports speeds on other graphics processors: for example, 2414 280-bit elliptic-curve scalar multiplications per second on an older NVIDIA 8800 GTS (G80), again for a general 280-bit modulus. For comparison, the CHES 2008 paper "Exploiting the Power of GPUs for Asymmetric Cryptography" reported 1412 elliptic-curve scalar multiplications per second on the same graphics processor despite having fewer bits in the scalar (224 instead of 280), fewer bits in the modulus (224 instead of 280), and a special modulus (2 to the 224 degree¿-¿2 to the 96¿ degree+¿1).

U2 - 10.1007/978-3-642-01001-9_28

DO - 10.1007/978-3-642-01001-9_28

M3 - Conference contribution

SN - 978-3-642-01000-2

T3 - Lecture Notes in Computer Science

SP - 483

EP - 501

BT - Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings)

A2 - Joux, A.

PB - Springer

CY - Berlin

ER -

Bernstein DJ, Chen TR, Cheng CM, Lange T, Yang BY. ECM on graphics cards. In Joux A, editor, Advances in Cryptology - Eurocrypt 2009 (28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings). Berlin: Springer. 2009. p. 483-501. (Lecture Notes in Computer Science). doi: 10.1007/978-3-642-01001-9_28

ECM on graphics cards

Abstract

Publication series

Access to Document

Fingerprint

Cite this