Skip to main content
SpringerLink
Log in

On the Strength Comparison of the ECDLP and the IFP

  • Conference paper
Security and Cryptography for Networks (SCN 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7485))

Included in the following conference series:

Abstract

At present, the RSA cryptosystem is most widely used in public key cryptography. On the other hand, elliptic curve cryptography (ECC) has recently received much attention since smaller ECC key sizes provide the same security level as RSA. Although there are a lot of previous works that analyze the security of ECC and RSA, the comparison of strengths varies depending on analysis. The aim of this paper is once again to compare the security strengths, considering state-of-the-art of theory and experiments. The security of RSA is closely related to the hardness of the integer factorization problem (IFP), while the security of ECC is closely related to the elliptic curve discrete logarithm problem (ECDLP). In this paper, we compare the computing power required to solve the ECDLP and the IFP, respectively, and estimate the sizes of the problems that provide the same level of security.

The preliminary version of this work was presented at SHARCS 2012 [50].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) (1999)

    Google Scholar 

  2. Bailey, D., Baldwin, B., Batina, L., Bernstein, D., Birkner, P., Bos, J., van Damme, G., de Meulenaer, G., Fan, J., Güneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L.: The Certicom Challenges ECC2-X, IACR ePrint Archive, 2009/466 (2009), http://eprint.iacr.org/2009/466

  3. Bernstein, D.J.: Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Bernstein, D.J.: Speed Reports for Elliptic-Curve Cryptography (2010), http://cr.yp.to/ecdh/reports.html

  5. Bernstein, D.J., Chen, H.-C., Cheng, C.-M., Lange, T., Niederhagen, R., Schwabe, P., Yang, B.-Y.: ECC2K-130 on NVIDIA GPUs. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 328–346. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Bernstein, D.J., Lange, T., Schwabe, P.: On the Correct Use of the Negation Map in the Pollard rho Method. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 128–146. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Breaking ECC2K-130, IACR ePrint Achive, 2009/541, http://eprint.iacr.org/2009/541.pdf

  8. Brent, R., Pollard, J.: Factorization of the eighth Fermat number. Mathematics of Computation 36, 627–630 (1981)

    Article  MATH  MathSciNet  Google Scholar 

  9. Canfield, E.R., Erdos, P., Pomerance, C.: On a problem of Oppenheim concerning Factorisatio Numerorum. J. Number Theory 17, 1–28 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  10. CRYPTREC, CRYPTREC Report 2006 (2006), http://www.cryptrec.go.jp/report/c06_wat_final.pdf

  11. Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press (1999)

    Google Scholar 

  12. Certicom, Certicom ECC Challenge (1997), http://www.certicom.jp/images/pdfs/cert_ecc_challenge.pdf

  13. Certicom, Curves List (1997), http://www.certicom.jp/index.php/curves-list

  14. ECRYPT II, ECRYPT II Report on Key Sizes (2011), http://www.keylength.com/en/3/

  15. EPFL IC LACAL, PlayStation 3 computing breaks 260 barrier 112-bit prime ECDLP solved (2009), http://lacal.epfl.ch/112bit_prime

  16. Galbraith, S.D., Ruprai, R.S.: Using Equivalence Classes to Accelerate Solving the Discrete Logarithm Problem in a Short Interval. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 368–383. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Gallant, R., Lambert, R., Vanstone, S.: Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves. Mathematics of Computation 69, 1699–1705 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  18. Güneysu, T., Kasper, T., Novotný, M., Paar, C., Rupp, A.: Cryptanalysis with COPACOBANA. Transactions on Computers 57, 1498–1513 (2008)

    Article  Google Scholar 

  19. Granlund, T.: Instruction latencies and throughput for AMD and Intel x86 processors (February 13, 2012 version), http://gmplib.org/~tege/x86-timing.pdf

  20. Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing (2004)

    Google Scholar 

  21. Harley, R.: Elliptic curve discrete logarithms project, http://pauillac.inria.fr/~harley/ecdl/

  22. Izu, T., Kogure, J., Shimoyama, T.: CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 364–377. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  23. Kleinjung, T.: Estimates for factoring 1024-bit integers. In: Securing Cyberspace: Applications and Foundations of Cryptography and Computer Security, Workshop IV: Special Purpose Hardware for Cryptography: Attacks and Applications, Slides (2006), http://www.ipam.ucla.edu/schedule.aspx?pc=scws4

  24. Kleinjung, T.: Evaluation of Complexity of Mathematical Algorithms. CRYPTREC technical report No.0601 in FY 2006 (2007), http://www.cryptrec.jp/estimation.html

  25. Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)

    Google Scholar 

  26. Kleinjung, T., Bos, J.W., Lenstra, A.K., Osvik, D.A., Aoki, K., Contini, S., Franke, J., Thomé, E., Jermini, P., Thiémard, M., Leyland, P., Montgomery, P., Timofeev, A., Stockinger, H.: A heterogeneous computing environment to solve the 768-bit RSA. Cluster Computing 15(1), 53–68 (2012)

    Article  Google Scholar 

  27. Knuth, D.: The art of computer programming, Seminumerical Algorithms, vol. II. Addison-Wesley, Reading (1969)

    Google Scholar 

  28. Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  29. Lenstra, A., Lenstra, H., Manasse, M., Pollard, J.: The Number Field Sieve. In: Symposium on Theory of Computing - STOC 1990, pp. 564–572. ACM (1990)

    Google Scholar 

  30. Lenstra, A., Verheul, E.: Selecting Cryptographic Key Sizes. Journal of Cryptology 14(4), 255–293 (2001)

    MATH  MathSciNet  Google Scholar 

  31. Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39, 1639–1646 (1993)

    Article  MATH  MathSciNet  Google Scholar 

  32. Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

    Google Scholar 

  33. NESSIE, NESSIE Security Report (Feburary 2003)

    Google Scholar 

  34. NIST Special Publication 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

  35. Orman, H., Hoffman, P.: Determining Strengths for Public Keys Used for Exchanging Symmetric Keys. IETF RFC 3766/BCP 86 (April 2004)

    Google Scholar 

  36. Pollard, J.: Monte Carlo methods for index computation mod p. Mathematics of Computation 32, 918–924 (1978)

    MATH  MathSciNet  Google Scholar 

  37. Pomerance, C.: The Number Field Sieve. In: Proceedings of Symposia in Applied Mathematics, vol. 48, pp. 465–480 (1994)

    Google Scholar 

  38. Rivest, R., Shamir, A., Adelman, L.: A method for obtaining digital signatures and public-key cyrptosystems. Communications of the ACM 21, 120–126 (1978)

    Article  MATH  Google Scholar 

  39. RSA Labs. A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths, RSA Labs Bulletin (13) (April 2000) (revised November 2001)

    Google Scholar 

  40. Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Mathematici Universitatis Sancti Pauli 47, 81–92 (1998)

    MATH  MathSciNet  Google Scholar 

  41. Semaev, I.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p. Mathematics of Computation 67, 353–356 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  42. Shamir, A.: Factoring Large Numbers with the TWINKLE Device (Extended Abstract). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 2–12. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  43. Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  44. Smart, N.P.: The discrete logarithm problem on elliptic curves of trace one. Journal of Cryptology 12, 110–125 (1999)

    Google Scholar 

  45. Teske, E.: Speeding Up Pollard’s Rho Method for Computing Discrete Logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 541–554. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  46. Teske, E.: On random walks for Pollard’s rho method. Mathematics of Computation 70, 809–825 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  47. van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999)

    Article  MATH  Google Scholar 

  48. Wiener, M., Zuccherato, R.J.: Faster Attacks on Elliptic Curve Cryptosystems. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 190–200. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  49. Yasuda, M., Izu, T., Shimoyama, T., Kogure, J.: On random walks of Pollard’s rho method for the ECDLP on Koblitz curves. Journal of Math-for-Industry 3(2011B-3), 107–112 (2011)

    MathSciNet  Google Scholar 

  50. Yasuda, M., Shimoyma, T., Izu, T., Kogure, J.: On the strength comparison of ECC and RSA. In: Workshop Record of SHARCS 2012, pp. 61–79 (2012), http://2012.sharcs.org/

Download references

Author information

Authors and Affiliations

  1. Fujitsu Laboratories Ltd., 1-1, Kamikodanaka 4-chome, Nakahara-ku, Kawasaki, 211-8588, Japan

    Masaya Yasuda, Takeshi Shimoyama, Jun Kogure & Tetsuya Izu

Authors
  1. Masaya Yasuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takeshi Shimoyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jun Kogure
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tetsuya Izu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Salerno, via Ponte don Melillo, 84084, Fisciano, SA, Italy

    Ivan Visconti  & Roberto De Prisco  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yasuda, M., Shimoyama, T., Kogure, J., Izu, T. (2012). On the Strength Comparison of the ECDLP and the IFP. In: Visconti, I., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2012. Lecture Notes in Computer Science, vol 7485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32928-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32928-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32927-2

  • Online ISBN: 978-3-642-32928-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation