Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware

Gaj, Kris; Kwon, Soonhak; Baier, Patrick; Kohlbrenner, Paul; Le, Hoang; Khaleeluddin, Mohammed; Bachimanchi, Ramakrishna

doi:10.1007/11894063_10

Cited by 17 publications

(15 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related work on stage 1 of ECM for cofactoring on constrained devices can be found in [53,45,17,14,19,32,58,7,5,10]. Unlike these publications, the GPU-implementation presented here includes stage 2 of ECM, as it significantly improves the performance of ECM.…”

Section: Cofactoring Stepsmentioning

confidence: 99%

“…Most previous work in this direction focussed on offloading the elliptic curve integer factoring (ECM, [31]), which is only part of this follow-up stage. For graphics processing units (GPUs) this is considered in [7,5,10] and for reconfigurable hardware such as field-programmable gate arrays in [53,45,17,14,19,32,58]. To allow the CPUs to keep sieving, thus optimally using their memory, in this paper the possibility is explored to offload the entire follow-up stage to GPUs.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cofactorization on Graphics Processing Units

Miele

Bos

Kleinjung

et al. 2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

Abstract. We show how the cofactorization step, a compute-intensive part of the relation collection phase of the number field sieve (NFS), can be farmed out to a graphics processing unit. Our implementation on a GTX 580 GPU, which is integrated with a state-of-the-art NFS implementation, can serve as a cryptanalytic co-processor for several Intel i7-3770K quad-core CPUs simultaneously. This allows those processors to focus on the memory-intensive sieving and results in more useful NFS-relations found in less time.

show abstract

Section: Cofactoring Stepsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cofactorization on Graphics Processing Units

Miele

Bos

Kleinjung

et al. 2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

show abstract

“…As a proof of concept Pelzl et al present in [40] an FPGA-based implementation of ECM for numbers up to 200 bits and state "We show that massive parallel and cost-efficient ECM hardware engines can improve the areatime product of the RSA moduli factorization via the GNFS considerably." Gaj et al [20] consider the same task and improve upon their results.…”

Section: Introductionmentioning

confidence: 96%

ECM on Graphics Cards

Bernstein

Chen

Cheng

et al. 2009

Advances in Cryptology - EUROCRYPT 2009

View full text Add to dashboard Cite

Abstract. This paper reports record-setting performance for the ellipticcurve method of integer factorization: for example, 926.11 curves/second for ECM stage 1 with B1 = 8192 for 280-bit integers on a single PC. The state-of-the-art GMP-ECM software handles 124.71 curves/second for ECM stage 1 with B1 = 8192 for 280-bit integers using all four cores of a 2.4 GHz Core 2 Quad Q6600.The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 295 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 295 the implementation performs 41.88 million modular multiplications per second for a general 280-bit modulus. GMP-ECM, using all four cores of a Q6600, performs 13.03 million modular multiplications per second. This paper also reports speeds on other graphics processors: for example, 2414 280-bit elliptic-curve scalar multiplications per second on an older NVIDIA 8800 GTS (G80), again for a general 280-bit modulus. For comparison, the CHES 2008 paper "Exploiting the Power of GPUs for Asymmetric Cryptography" reported 1412 elliptic-curve scalar multiplications per second on the same graphics processor despite having fewer bits in the scalar (224 instead of 280), fewer bits in the modulus (224 instead of 280), and a special modulus (2 224 − 2 96 + 1).

show abstract

“…The core sieving speed of the developed device is comparable to the lattice sieving software implementation. As far as the authors know, this is the first FPGA implementation and experiment of the sieving step (while implementational results of the minifactoring and the linear algebra step have been reported [GKB+06,BMGG04]). …”

Section: Discussionmentioning

confidence: 97%

“…On the other hand, Franke et al proposed a sophisticated design SHARK by using a butterfly-sorting [FKP+05]. In order to accelerate the sieving step, FPGA implementations of the mini-factoring were discussed in [FKP+05,SPK+05,GKB+06]. In spite of these theoretical efforts, no implementational results of the whole sieving part on ASIC or FPGA have been known up to the present.…”

Section: Introductionmentioning

confidence: 99%

CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method

Izu

Kogure

Shimoyama

Cryptographic Hardware and Embedded Systems - CHES 2007

View full text Add to dashboard Cite

Abstract. The hardness of the integer factorization problem assures the security of some public-key cryptosystems including RSA, and the number field sieve method (NFS), the most efficient algorithm for factoring large integers currently, is a threat for such cryptosystems. Recently, dedicated factoring devices attract much attention since it might reduce the computing cost of the number field sieve method. In this paper, we report implementational and experimental results of a dedicated sieving device "CAIRN 2" with Xilinx's FPGA which is designed to handle up to 768-bit integers. Used algorithm is based on the line sieving, however, in order to optimize the efficiency, we adapted a new implementational method (the pipelined sieving). In addition, we actually factored a 423-bit integer in about 30 days with the developed device CAIRN 2 for the sieving step and usual PCs for other steps. As far as the authors know, this is the first FPGA implementation and experiment of the sieving step in NFS.

show abstract

Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware

Cited by 17 publications

References 16 publications

Cofactorization on Graphics Processing Units

Cofactorization on Graphics Processing Units

ECM on Graphics Cards

CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method

Contact Info

Product

Resources

About