Breaking Ciphers with COPACOBANA –A Cost-Optimized Parallel Code Breaker

  • Sandeep Kumar
  • Christof Paar
  • Jan Pelzl
  • Gerd Pfeiffer
  • Manfred Schimmler
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4249)


Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build special-purpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved cost-performance ratio so that breaking of commercial ciphers comes within reach.

This contribution presents the design and realization of the COPACOBANA (Cost-Optimized Parallel Code Breaker) machine, which is optimized for running cryptanalytical algorithms and can be realized for less than US$ 10,000. It will be shown that, depending on the actual algorithm, the architecture can outperform conventional computers by several orders in magnitude. COPACOBANA hosts 120 low-cost FPGAs and is able to, e.g., perform an exhaustive key search of the Data Encryption Standard (DES) in less than nine days on average. As a real-world application, our architecture can be used to attack machine readable travel documents (ePass). COPACOBANA is intended, but not necessarily restricted to solving problems related to cryptanalysis.

The hardware architecture is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. Even though breaking full-size RSA (1024 bit or more) or elliptic curves (ECC with 160 bit or more) is out of reach with COPACOBANA, it can be used to analyze cryptosystems with a (deliberately chosen) small bitlength to provide reliable security estimates of RSA and ECC by extrapolation.


Elliptic Curve Discrete Logarithm Problem International Civil Aviation Organization Data Encryption Standard Elliptic Curve Cryptosystems 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Blaze, M., Diffie, W., Rivest, R.L., Schneier, B., Shimomura, T., Thompson, E., Wiener, M.: Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security: A Report by an Ad Hoc Group of Cryptographers and Computer Scientists. Technical report (January 1996), Available at:
  2. 2.
    Certicom Corporation. Certicom ECC Challenges (2005),
  3. 3.
    CESYS GmbH. USB2FPGA Product Overview (January 2005),
  4. 4.
    Clayton, R., Bond, M.: Experience Using a Low-Cost FPGA Design to Crack DES Keys. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 579–592. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Diffie, W., Hellman, M.E.: Exhaustive cryptanalysis of the NBS Data Encryption Standard. COMPUTER 10(6), 74–84 (1977)CrossRefGoogle Scholar
  6. 6.
    Electronic Frontier Foundation: Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, p. 272. O’Reilly & Associates Inc, Sebastopol (1998)Google Scholar
  7. 7.
    Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  8. 8.
    Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: SecureComm 2005, First International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece (September 2005)Google Scholar
  9. 9.
    Kc, G.S., Karger, P.A.: Security and Privacy Issues in Machine Readable Travel Documents (MRTDs). RC 23575, IBM T. J. Watson Research Labs (April 2005)Google Scholar
  10. 10.
    NIST FIPS PUB 46-3. Data Encryption Standard. Federal Information Processing Standards, National Bureau of Standards, U.S. Department of Commerce (January 1977)Google Scholar
  11. 11.
    Pelzl, J., Šimka, M., Kleinjung, T., Franke, J., Priplata, C., Stahlke, C., Drutarovský, M., Fischer, V., Paar, C.: Area-Time Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method. IEE Proceedings Information Security 152(1), 67–78 (2005)CrossRefGoogle Scholar
  12. 12.
    Pfeiffer, G., Kreft, H., Schimmler, M.: Hardware Enhanced Biosequence Alignment. In: International Conference on METMBS, pp. 11–17. CSREA Press (2005)Google Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Rouvroy, G., Standaert, F.-X., Quisquater, J.-J., Legat, J.-D.: Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES. In: Field-Programmable Logic and Applications - FPL, pp. 181–193 (2003)Google Scholar
  15. 15.
    RSA Laboratories: Announcements: The RSA Data Security Secret-Key Challenge. CRYPTOBYTES 2(3), 16 (1997), Available at:
  16. 16.
    University of California, Berkeley. Seti@Home Website, 2005.
  17. 17.
    van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Cryptanalytic Applications. Journal of Cryptology 12(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Wiener, M.J.: Efficient DES Key Search. In: Stallings, W.R. (ed.) Practical Cryptography for Data Internetworks, pp. 31–79. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  19. 19.
    Wiener, M.J.: Efficient DES Key Search: An Update. CRYPTOBYTES 3(2), 6–8 (1997)Google Scholar
  20. 20.
    Xilinx. Spartan-3 FPGA Family: Complete Data Sheet, DS099 (January 2005),
  21. 21.
    Yu, C.W., Kwong, K.H., Lee, K.H., Leong, P.H.W.: A Smith-Waterman Systolic Cell. In: Proceedings of the 13th International Workshop on Field Programmable Logic and Applications — FPL 2003, pp. 375–384. Springer, Heidelberg (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sandeep Kumar
    • 1
  • Christof Paar
    • 1
  • Jan Pelzl
    • 1
  • Gerd Pfeiffer
    • 2
  • Manfred Schimmler
    • 2
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany
  2. 2.Institute of Computer Science and Applied Mathematics, Faculty of EngineeringChristian-Albrechts-University of KielGermany

Personalised recommendations