Advertisement

Solving 114-Bit ECDLP for a Barreto-Naehrig Curve

  • Takuya Kusaka
  • Sho Joichi
  • Ken Ikuta
  • Md. Al-Amin Khandaker
  • Yasuyuki Nogami
  • Satoshi Uehara
  • Nariyoshi Yamai
  • Sylvain Duquesne
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10779)

Abstract

The security of cryptographic protocols which are based on elliptic curve cryptography relies on the intractability of elliptic curve discrete logarithm problem (ECDLP). In this paper, the authors describe techniques applied to solve 114-bit ECDLP in Barreto-Naehrig (BN) curve defined over the odd characteristic field. Unlike generic elliptic curves, BN curve holds an especial interest since it is well studied in pairing-based cryptography. Till the date of our knowledge, the previous record for solving ECDLP in a prime field was 112-bit by Bos et al. in Certicom curve ‘secp112r1’. This work sets a new record by solving 114-bit prime field ECDLP of BN curve using Pollard’s rho method. The authors utilized sextic twist property of the BN curve to efficiently carry out the random walk of Pollard’s rho method. The parallel implementation of the rho method by adopting a client-server model, using 2000 CPU cores took about 6 months to solve the ECDLP.

Keywords

ECDLP Barreto-Naehrig curve Pollard’s rho method 

References

  1. 1.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006).  https://doi.org/10.1007/11693383_22 CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J., Engels, S., Lange, T., Niederhagen, R., Paar, C., Schwabe, P., Zimmermann, R.: Faster elliptic-curve discrete logarithms on FPGAs. Technical report, Cryptology eprint Archive, Report 2016/382 (2016)Google Scholar
  3. 3.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_30 CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_30 CrossRefGoogle Scholar
  5. 5.
    Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. IJACT 2(3), 212–228 (2012).  https://doi.org/10.1504/IJACT.2012.045590 MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Certicom: the Certicom ECC challenge. https://www.certicom.com/content/dam/certicom/images/pdfs/challenge-2009.pdf. Accessed 10 Aug 2017
  7. 7.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)CrossRefzbMATHGoogle Scholar
  8. 8.
    Gallant, R., Lambert, R., Vanstone, S.: Improving the parallelized pollard lambda search on anomalous binary curves. Math. Comput. Am. Math. Soc. 69(232), 1699–1705 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Kajitani, S., Nogami, Y., Miyoshi, S., Austin, T., Al-Amin, K.M., Begum, N., Duquesne, S.: Web-based volunteer computing for solving the elliptic curve discrete logarithm problem. Int. J. Netw. Comput. 6(2), 181–194 (2016)CrossRefGoogle Scholar
  10. 10.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_20 CrossRefGoogle Scholar
  11. 11.
    Matsumoto, M., Nishimura, T.: Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator. ACM Trans. Model. Comput. Simul. 8(1), 3–30 (1998).  https://doi.org/10.1145/272991.272995 CrossRefzbMATHGoogle Scholar
  12. 12.
    Miyoshi, S., Nogami, Y., Kusaka, T., Yamai, N.: Solving 94-bit ECDLP with 70 computers in parallel. Int. J. Comput. Electr. Autom. Control Inf. Eng. 9(8), 1966–1969 (2015)Google Scholar
  13. 13.
    Montgomery, P.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Nogami, Y., Sakemi, Y., Okimoto, T., Nekado, K., Akane, M., Morikawa, Y.: Scalar multiplication using frobenius expansion over twisted elliptic curve for ate pairing based cryptography. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 92–A(1), 182–189 (2009)CrossRefGoogle Scholar
  16. 16.
    Pollard, J.M.: Monte carlo methods for index computation (mod p). Math. Comput. 32(143), 918–924 (1978)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27 CrossRefGoogle Scholar
  18. 18.
    Sakai, R., Kasahara, M.: Id based cryptosystems with pairing on elliptic curve. IACR Cryptology ePrint Archive 2003, 54 (2003)Google Scholar
  19. 19.
    Sakemi, Y., Nogami, Y., Okeya, K., Kato, H., Morikawa, Y.: Skew Frobenius map and efficient scalar multiplication for pairing–based cryptography. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 226–239. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89641-8_16 CrossRefGoogle Scholar
  20. 20.
    Van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Wenger, E., Wolfger, P.: Solving the discrete logarithm of a 113-bit Koblitz curve with an FPGA cluster. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 363–379. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13051-4_22 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Graduate School of Natural Science and TechnologyOkayama UniversityOkayamaJapan
  2. 2.Department of Information and Media EngineeringThe University of KitakyushuFukuokaJapan
  3. 3.Institute of EngineeringTokyo University of Agriculture and TechnologyTokyoJapan
  4. 4.Univ Rennes, CNRS, IRMAR - UMR 6625RennesFrance

Personalised recommendations