ECC2K-130 on Cell CPUs

  • Joppe W. Bos
  • Thorsten Kleinjung
  • Ruben Niederhagen
  • Peter Schwabe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6055)

Abstract

This paper describes an implementation of Pollard’s rho algorithm to compute the elliptic curve discrete logarithm for the Synergistic Processor Elements of the Cell Broadband Engine Architecture. Our implementation targets the elliptic curve discrete logarithm problem defined in the Certicom ECC2K-130 challenge. We compare a bitsliced implementation to a non-bitsliced implementation and describe several optimization techniques for both approaches. In particular, we address the question whether normal-basis or polynomial-basis representation of field elements leads to better performance. We show that using our software the ECC2K-130 challenge can be solved in one year using the Synergistic Processor Units of less than 2700 Sony Playstation 3 gaming consoles.

Keywords

Cell Broadband Engine Architecture elliptic curve discrete logarithm problem binary-field arithmetic parallel Pollard rho 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bailey, D.V., Baldwin, B., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., van Damme, G., de Meulenaer, G., Fan, J., Güneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L.: The Certicom challenges ECC2-X. In: Workshop Record of SHARCS 2009: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 51–82 (2009), http://www.hyperelliptic.org/tanja/SHARCS/record2.pdf
  2. 2.
    Bailey, D.V., Batina, L., Bernstein, D.J., Birkner, P., Bos, J.W., Chen, H.-C., Cheng, C.-M., Van Damme, G., de Meulenaer, G., Dominguez Perez, L.J., Fan, J., Güneysu, T., Gürkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Niederhagen, R., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L., Van Herrewege, A., Yang, B.-Y.: Breaking ECC2K-130 (2009), http://eprint.iacr.org/2009/541
  3. 3.
    Bernstein, D.J.: Batch binary Edwards. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 317–336. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J.: Minimum number of bit operations for multiplication (May 2009), http://binary.cr.yp.to/m.html (accessed 2009-12-07)
  5. 5.
    Bernstein, D.J.: Optimizing linear maps modulo 2. In: Workshop Record of SPEED-CC: Software Performance Enhancement for Encryption and Decryption and Cryptographic Compilers, pp. 3–18 (2009), http://www.hyperelliptic.org/SPEED/record09.pdf
  6. 6.
    Bernstein, D.J., Lange, T.: Explicit-formulas database, http://www.hyperelliptic.org/EFD/ (accessed 2010-01-05)
  7. 7.
    Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Bos, J.W., Kaihara, M.E., Montgomery, P.L.: Pollard rho on the PlayStation 3. In: Workshop Record of SHARCS 2009: Special-purpose Hardware for Attacking Cryptographic Systems, pp. 35–50 (2009), http://www.hyperelliptic.org/tanja/SHARCS/record2.pdf
  9. 9.
    Certicom. Certicom ECC Challenge (1997), http://www.certicom.com/images/pdfs/cert_ecc_challenge.pdf
  10. 10.
    Hankerson, D., Menezes, A., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, New York (2004)MATHGoogle Scholar
  11. 11.
    Harris, B.: Probability distributions related to random mappings. The Annals of Mathematical Statistics 31, 1045–1062 (1960)MATHCrossRefGoogle Scholar
  12. 12.
    Peter Hofstee, H.: Power efficient processor architecture and the Cell processor. In: HPCA 2005, pp. 258–262. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  13. 13.
    IBM. IBM SDK for multicore acceleration (version 3.1), http://www.ibm.com/developerworks/power/cell/downloads.html?S_TACT=105AGX16&S_CMP=LP
  14. 14.
    IBM DeveloperWorks. Cell Broadband Engine programming handbook (version 1.11), (May 2008), https://www-01.ibm.com/chips/techlib/techlib.nsf/techdocs/1741C509C5F64B3300257460006FD68D
  15. 15.
    Karatsuba, A., Ofman, Y.: Multiplication of many-digital numbers by automatic computers. In: Proceedings of the USSR Academy of Science, vol. 145, pp. 293–294 (1962)Google Scholar
  16. 16.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32, 918–924 (1978)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Stein, J.: Computational problems associated with Racah algebra. Journal of Computational Physics 1(3), 397–405 (1967)MATHCrossRefGoogle Scholar
  19. 19.
    von zur Gathen, J., Shokrollahi, A., Shokrollahi, J.: Efficient multiplication using type 2 optimal normal bases. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 55–68. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joppe W. Bos
    • 1
  • Thorsten Kleinjung
    • 1
  • Ruben Niederhagen
    • 2
    • 3
  • Peter Schwabe
    • 3
  1. 1.Laboratory for Cryptologic AlgorithmsEPFLLausanneSwitzerland
  2. 2.Department of Electrical EngineeringNational Taiwan UniversityTaipeiTaiwan
  3. 3.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands

Personalised recommendations