@article {18492, title = {Breaking ECC2K-130}, journal = {IACR Cryptology ePrint Archive}, volume = {2009}, year = {2009}, month = {11/2009}, pages = {541}, abstract = {Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard{\textquoteright}s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack. }, keywords = {Attacks, automorphisms, binary fields, Certicom challenges, DLP, ECC, implementation, Koblitz curves, parallelized Pollard rho}, url = {http://eprint.iacr.org/2009/541}, author = {Bailey, Daniel V. and Batina, Lejla and Bernstein, Daniel J. and Birkner, Peter and Bos, Joppe W. and Chen, Hsieh - Chung and Cheng, Chen - Mou and van Damme, Gauthier and G{\"u}neysu, Tim and Gurkaynak, Frank and Kleinjung, Thorsten and Paar, Christof and Regazzoni, Francesco and Niederhagen, Ruben and Schwabe, Peter and Uhsadel, Leif and Van Herrewege, Anthony} }