ECC2K-130 on NVIDIA GPUs

A major cryptanalytic computation is currently underway on multiple platforms, including standard CPUs, FPGAs, PlayStations and GPUs, to break the Certicom ECC2K-130 challenge. This challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over F2131 . Optimizations have reduced the cost of the computation to approximately 2 bit operations in 2 iterations. GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million F2131 multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger Permanent ID of this document: 1957e89d79c5a898b6ef308dc10b0446. Date of this document: 2012.01.02. This work was sponsored in part by the National Science Foundation under grant ITR–0716498, in part by Taiwan’s National Science Council under grant NSC-96-2221-E-001-031-MY3, and under grant NSC-96-2218-E-001-001, also through the Taiwan Information Security Center under grant NSC-97-2219E-001-001, and under grant NSC-96-2219-E-011-008, in part by the Netherlands National Computing Facilities foundation under grant MP-185-10, and in part by the European Commission through the ICT Programme under Contract ICT–2007– 216676 ECRYPT II and the ICT Programme under Contract ICT–2007–216499 CACE. 2 Bernstein, Chen, Cheng, Lange, Niederhagen, Schwabe, Yang systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.