Solving 114-bit ECDLP for a Barreto-Naehrig Curve

Abstract : The security of cryptographic protocols which are based on elliptic curve cryptography relies on the intractability of elliptic curve discrete logarithm problem (ECDLP). In this paper, the authors describe techniques applied to solve 114-bit ECDLP in Barreto-Naehrig (BN) curve defined over the odd characteristic field. Unlike generic el-liptic curves, BN curve holds an especial interest since it is well studied in pairing-based cryptography. Till the date of our knowledge, the previous record for solving ECDLP in a prime field was 112-bit by Bos et al in Certicom curve 'secp112r1'. This work sets a new record by solving 114-bit prime field ECDLP of BN curve using Pollard's rho method. The authors utilized sextic twist property of the BN curve to efficiently carry out the random walk of Pollard's rho method. The parallel implementation of the rho method by adopting a client-server model, using 2000 CPU cores took about 6 months to solve the ECDLP.
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01633653
Contributor : Sylvain Duquesne <>
Submitted on : Monday, December 18, 2017 - 2:41:28 PM
Last modification on : Thursday, November 15, 2018 - 11:56:48 AM

File

article.pdf
Files produced by the author(s)

Identifiers

Citation

Takuya Kusaka, Sho Joichi, Ken Ikuta, Md Al-Amin Khandaker, Yasuyuki Nogami, et al.. Solving 114-bit ECDLP for a Barreto-Naehrig Curve. Information Security and Cryptology - ICISC 2017, Nov 2017, Séoul, South Korea. pp.231-244, ⟨10.1007/978-3-319-78556-1_13⟩. ⟨hal-01633653⟩

Share

Metrics

Record views

486

Files downloads

335