Breaking Ciphers with COPACOBANA –A Cost-Optimized Parallel Code Breaker
Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build special-purpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved cost-performance ratio so that breaking of commercial ciphers comes within reach.
This contribution presents the design and realization of the COPACOBANA (Cost-Optimized Parallel Code Breaker) machine, which is optimized for running cryptanalytical algorithms and can be realized for less than US$ 10,000. It will be shown that, depending on the actual algorithm, the architecture can outperform conventional computers by several orders in magnitude. COPACOBANA hosts 120 low-cost FPGAs and is able to, e.g., perform an exhaustive key search of the Data Encryption Standard (DES) in less than nine days on average. As a real-world application, our architecture can be used to attack machine readable travel documents (ePass). COPACOBANA is intended, but not necessarily restricted to solving problems related to cryptanalysis.
The hardware architecture is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. Even though breaking full-size RSA (1024 bit or more) or elliptic curves (ECC with 160 bit or more) is out of reach with COPACOBANA, it can be used to analyze cryptosystems with a (deliberately chosen) small bitlength to provide reliable security estimates of RSA and ECC by extrapolation.
- 1.Blaze, M., Diffie, W., Rivest, R.L., Schneier, B., Shimomura, T., Thompson, E., Wiener, M.: Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security: A Report by an Ad Hoc Group of Cryptographers and Computer Scientists. Technical report (January 1996), Available at: http://www.counterpane.com/keylength.html
- 2.Certicom Corporation. Certicom ECC Challenges (2005), http://www.certicom.com
- 3.CESYS GmbH. USB2FPGA Product Overview (January 2005), http://www.cesys.com
- 6.Electronic Frontier Foundation: Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, p. 272. O’Reilly & Associates Inc, Sebastopol (1998)Google Scholar
- 8.Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: SecureComm 2005, First International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece (September 2005)Google Scholar
- 9.Kc, G.S., Karger, P.A.: Security and Privacy Issues in Machine Readable Travel Documents (MRTDs). RC 23575, IBM T. J. Watson Research Labs (April 2005)Google Scholar
- 10.NIST FIPS PUB 46-3. Data Encryption Standard. Federal Information Processing Standards, National Bureau of Standards, U.S. Department of Commerce (January 1977)Google Scholar
- 12.Pfeiffer, G., Kreft, H., Schimmler, M.: Hardware Enhanced Biosequence Alignment. In: International Conference on METMBS, pp. 11–17. CSREA Press (2005)Google Scholar
- 14.Rouvroy, G., Standaert, F.-X., Quisquater, J.-J., Legat, J.-D.: Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES. In: Field-Programmable Logic and Applications - FPL, pp. 181–193 (2003)Google Scholar
- 15.RSA Laboratories: Announcements: The RSA Data Security Secret-Key Challenge. CRYPTOBYTES 2(3), 16 (1997), Available at: ftp://ftp.rsa.com/pub/cryptobytes/crypto2n3.pdf
- 16.University of California, Berkeley. Seti@Home Website, 2005. http://setiathome.berkeley.edu/
- 18.Wiener, M.J.: Efficient DES Key Search. In: Stallings, W.R. (ed.) Practical Cryptography for Data Internetworks, pp. 31–79. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
- 19.Wiener, M.J.: Efficient DES Key Search: An Update. CRYPTOBYTES 3(2), 6–8 (1997)Google Scholar
- 20.Xilinx. Spartan-3 FPGA Family: Complete Data Sheet, DS099 (January 2005), http://www.xilinx.com
- 21.Yu, C.W., Kwong, K.H., Lee, K.H., Leong, P.H.W.: A Smith-Waterman Systolic Cell. In: Proceedings of the 13th International Workshop on Field Programmable Logic and Applications — FPL 2003, pp. 375–384. Springer, Heidelberg (2003)Google Scholar