TY - GEN
T1 - Solving 114-bit ECDLP for barreto-naehrig curve
AU - Kusaka, Takuya
AU - Joichi, Sho
AU - Ikuta, Ken
AU - Khandaker, Md Al Amin
AU - Nogami, Yasuyuki
AU - Uehara, Satoshi
AU - Yamai, Nariyoshi
AU - Duquesne, Sylvain
N1 - Publisher Copyright:
© Springer International Publishing AG, part of Springer Nature 2018.
PY - 2018
Y1 - 2018
N2 - The security of cryptographic protocols which are based on elliptic curve cryptography relies on the intractability of elliptic curve discrete logarithm problem (ECDLP). In this paper, the authors describe techniques applied to solve 114-bit ECDLP in Barreto-Naehrig (BN) curve defined over the odd characteristic field. Unlike generic elliptic curves, BN curve holds an especial interest since it is well studied in pairing-based cryptography. Till the date of our knowledge, the previous record for solving ECDLP in a prime field was 112-bit by Bos et al. in Certicom curve ‘secp112r1’. This work sets a new record by solving 114-bit prime field ECDLP of BN curve using Pollard’s rho method. The authors utilized sextic twist property of the BN curve to efficiently carry out the random walk of Pollard’s rho method. The parallel implementation of the rho method by adopting a client-server model, using 2000 CPU cores took about 6 months to solve the ECDLP.
AB - The security of cryptographic protocols which are based on elliptic curve cryptography relies on the intractability of elliptic curve discrete logarithm problem (ECDLP). In this paper, the authors describe techniques applied to solve 114-bit ECDLP in Barreto-Naehrig (BN) curve defined over the odd characteristic field. Unlike generic elliptic curves, BN curve holds an especial interest since it is well studied in pairing-based cryptography. Till the date of our knowledge, the previous record for solving ECDLP in a prime field was 112-bit by Bos et al. in Certicom curve ‘secp112r1’. This work sets a new record by solving 114-bit prime field ECDLP of BN curve using Pollard’s rho method. The authors utilized sextic twist property of the BN curve to efficiently carry out the random walk of Pollard’s rho method. The parallel implementation of the rho method by adopting a client-server model, using 2000 CPU cores took about 6 months to solve the ECDLP.
KW - Barreto-Naehrig curve
KW - ECDLP
KW - Pollard’s rho method
UR - http://www.scopus.com/inward/record.url?scp=85044436902&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85044436902&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-78556-1_13
DO - 10.1007/978-3-319-78556-1_13
M3 - Conference contribution
AN - SCOPUS:85044436902
SN - 9783319785554
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 231
EP - 244
BT - Information Security and Cryptology - ICISC 2017 - 20th International Conference, Revised Selected Papers
A2 - Kim, Dong-Chan
A2 - Kim, Howon
PB - Springer Verlag
T2 - 20th International Conference on Information Security and Cryptology, ICISC 2017
Y2 - 29 November 2017 through 1 December 2017
ER -