5 research outputs found

    Breaking ECC2K-130

    Get PDF
    Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard\u27s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack

    Developing an Automatic Generation Tool for Cryptographic Pairing Functions

    Get PDF
    Pairing-Based Cryptography is receiving steadily more attention from industry, mainly because of the increasing interest in Identity-Based protocols. Although there are plenty of applications, efficiently implementing the pairing functions is often difficult as it requires more knowledge than previous cryptographic primitives. The author presents a tool for automatically generating optimized code for the pairing functions which can be used in the construction of such cryptographic protocols. In the following pages I present my work done on the construction of pairing function code, its optimizations and how their construction can be automated to ease the work of the protocol implementer. Based on the user requirements and the security level, the created cryptographic compiler chooses and constructs the appropriate elliptic curve. It identifies the supported pairing function: the Tate, ate, R-ate or pairing lattice/optimal pairing, and its optimized parameters. Using artificial intelligence algorithms, it generates optimized code for the final exponentiation and for hashing a point to the required group using the parametrisation of the chosen family of curves. Support for several multi-precision libraries has been incorporated: Magma, MIRACL and RELIC are already included, but more are possible

    On the Analysis of Public-Key Cryptologic Algorithms

    Get PDF
    The RSA cryptosystem introduced in 1977 by Ron Rivest, Adi Shamir and Len Adleman is the most commonly deployed public-key cryptosystem. Elliptic curve cryptography (ECC) introduced in the mid 80's by Neal Koblitz and Victor Miller is becoming an increasingly popular alternative to RSA offering competitive performance due the use of smaller key sizes. Most recently hyperelliptic curve cryptography (HECC) has been demonstrated to have comparable and in some cases better performance than ECC. The security of RSA relies on the integer factorization problem whereas the security of (H)ECC is based on the (hyper)elliptic curve discrete logarithm problem ((H)ECDLP). In this thesis the practical performance of the best methods to solve these problems is analyzed and a method to generate secure ephemeral ECC parameters is presented. The best publicly known algorithm to solve the integer factorization problem is the number field sieve (NFS). Its most time consuming step is the relation collection step. We investigate the use of graphics processing units (GPUs) as accelerators for this step. In this context, methods to efficiently implement modular arithmetic and several factoring algorithms on GPUs are presented and their performance is analyzed in practice. In conclusion, it is shown that integrating state-of-the-art NFS software packages with our GPU software can lead to a speed-up of 50%. In the case of elliptic and hyperelliptic curves for cryptographic use, the best published method to solve the (H)ECDLP is the Pollard rho algorithm. This method can be made faster using classes of equivalence induced by curve automorphisms like the negation map. We present a practical analysis of their use to speed up Pollard rho for elliptic curves and genus 2 hyperelliptic curves defined over prime fields. As a case study, 4 curves at the 128-bit theoretical security level are analyzed in our software framework for Pollard rho to estimate their practical security level. In addition, we present a novel many-core architecture to solve the ECDLP using the Pollard rho algorithm with the negation map on FPGAs. This architecture is used to estimate the cost of solving the Certicom ECCp-131 challenge with a cluster of FPGAs. Our design achieves a speed-up factor of about 4 compared to the state-of-the-art. Finally, we present an efficient method to generate unique, secure and unpredictable ephemeral ECC parameters to be shared by a pair of authenticated users for a single communication. It provides an alternative to the customary use of fixed ECC parameters obtained from publicly available standards designed by untrusted third parties. The effectiveness of our method is demonstrated with a portable implementation for regular PCs and Android smartphones. On a Samsung Galaxy S4 smartphone our implementation generates unique 128-bit secure ECC parameters in 50 milliseconds on average

    17x bits elliptic curve scalar multiplication over GF(2M) using optimal normal basis.

    Get PDF
    Tang Ko Cheung, Simon.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 89-91).Abstracts in English and Chinese.Chapter 1 --- Theory of Optimal Normal Bases --- p.3Chapter 1.1 --- Introduction --- p.3Chapter 1.2 --- The minimum number of terms --- p.6Chapter 1.3 --- Constructions for optimal normal bases --- p.7Chapter 1.4 --- Existence of optimal normal bases --- p.10Chapter 2 --- Implementing Multiplication in GF(2m) --- p.13Chapter 2.1 --- Defining the Galois fields GF(2m) --- p.13Chapter 2.2 --- Adding and squaring normal basis numbers in GF(2m) --- p.14Chapter 2.3 --- Multiplication formula --- p.15Chapter 2.4 --- Construction of Lambda table for Type I ONB in GF(2m) --- p.16Chapter 2.5 --- Constructing Lambda table for Type II ONB in GF(2m) --- p.21Chapter 2.5.1 --- Equations of the Lambda matrix --- p.21Chapter 2.5.2 --- An example of Type IIa ONB --- p.23Chapter 2.5.3 --- An example of Type IIb ONB --- p.24Chapter 2.5.4 --- Creating the Lambda vectors for Type II ONB --- p.26Chapter 2.6 --- Multiplication in practice --- p.28Chapter 3 --- Inversion over optimal normal basis --- p.33Chapter 3.1 --- A straightforward method --- p.33Chapter 3.2 --- High-speed inversion for optimal normal basis --- p.34Chapter 3.2.1 --- Using the almost inverse algorithm --- p.34Chapter 3.2.2 --- "Faster inversion, preliminary subroutines" --- p.37Chapter 3.2.3 --- "Faster inversion, the code" --- p.41Chapter 4 --- Elliptic Curve Cryptography over GF(2m) --- p.49Chapter 4.1 --- Mathematics of elliptic curves --- p.49Chapter 4.2 --- Elliptic Curve Cryptography --- p.52Chapter 4.3 --- Elliptic curve discrete log problem --- p.56Chapter 4.4 --- Finding good and secure curves --- p.58Chapter 4.4.1 --- Avoiding weak curves --- p.58Chapter 4.4.2 --- Finding curves of appropriate order --- p.59Chapter 5 --- The performance of 17x bit Elliptic Curve Scalar Multiplication --- p.63Chapter 5.1 --- Choosing finite fields --- p.63Chapter 5.2 --- 17x bit test vectors for onb --- p.65Chapter 5.3 --- Testing methodology and sample runs --- p.68Chapter 5.4 --- Proposing an elliptic curve discrete log problem for an 178bit curve --- p.72Chapter 5.5 --- Results and further explorations --- p.74Chapter 6 --- On matrix RSA --- p.77Chapter 6.1 --- Introduction --- p.77Chapter 6.2 --- 2 by 2 matrix RSA scheme 1 --- p.80Chapter 6.3 --- Theorems on matrix powers --- p.80Chapter 6.4 --- 2 by 2 matrix RSA scheme 2 --- p.83Chapter 6.5 --- 2 by 2 matrix RSA scheme 3 --- p.84Chapter 6.6 --- An example and conclusion --- p.85Bibliography --- p.9
    corecore