@article {18492, title = {Breaking ECC2K-130}, journal = {IACR Cryptology ePrint Archive}, volume = {2009}, year = {2009}, month = {11/2009}, pages = {541}, abstract = {Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard{\textquoteright}s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack. }, keywords = {Attacks, automorphisms, binary fields, Certicom challenges, DLP, ECC, implementation, Koblitz curves, parallelized Pollard rho}, url = {http://eprint.iacr.org/2009/541}, author = {Bailey, Daniel V. and Batina, Lejla and Bernstein, Daniel J. and Birkner, Peter and Bos, Joppe W. and Chen, Hsieh - Chung and Cheng, Chen - Mou and van Damme, Gauthier and G{\"u}neysu, Tim and Gurkaynak, Frank and Kleinjung, Thorsten and Paar, Christof and Regazzoni, Francesco and Niederhagen, Ruben and Schwabe, Peter and Uhsadel, Leif and Van Herrewege, Anthony} } @conference {18084, title = {The Certicom Challenges ECC2-X}, booktitle = {Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS)}, year = {2009}, month = {September}, address = {Lausanne, Switzerland}, author = {Bailey, Daniel V. and Baldwin, Brian and Batina, Lejla and Bernstein, Daniel J. and Birkner, Peter and Bos, Joppe W. and van Damme, Gauthier and de Meulenaer, Giacomo and Fan, Junfeng and Gurkaynak, Frank and G{\"u}neys, Tim and Kleinjung, Thorsten and Lange, Tanja and Mentens, Nele and Paar, Christof and Regazzoni, Francesco and Schwabe, Peter and Uhsadel, Leif} }