Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elliptic Curve Cryptography The EC Discrete Logarithm problem and Pollard’s Rho attack Ofer Schwarz, Winter 2012-2013 Advisor: Barukh Ziv.

Published byIrving Pennel Modified over 9 years ago

Similar presentations

Presentation on theme: "Elliptic Curve Cryptography The EC Discrete Logarithm problem and Pollard’s Rho attack Ofer Schwarz, Winter 2012-2013 Advisor: Barukh Ziv."— Presentation transcript:

1 Elliptic Curve Cryptography The EC Discrete Logarithm problem and Pollard’s Rho attack Ofer Schwarz, Winter 2012-2013 Advisor: Barukh Ziv

2 Background ECDLP; The ECDLP attack; Project goals

3 Elliptic Curves

4 ECDLP

5 ECDLP using collisions

6 Pollard’s Rho

7 Additive walks

8 Pohlig-Hellman reduction

9 Project goals

10 Improvements and optimizations Nivasch’s algorithm; Montgomery trick and distinguished point method; Negation map

11 1. Nivasch’s algorithm

12 2. The Montgomery trick

13 Local parallelization

14 Distinguished points

15 3. Negation map

16 Fruitless cycles

17 Resolving fruitless cycles

18 Implementation and results EC arithmetic library; Collision library; Challenges and results

19 Curve arithmetic library Generic EC arithmetic library in C++ Support for various different curves and algorithms o Extensible syntax that allows adding even more curves and algorithms Fast field arithmetic using GMP and NTL o Incl. complex operations, e.g., Chinese remainders, modular square roots

20 Collision library Generic (templated) C++ library for finding collisions Only need to supply the function Currently implemented: o Floyd’s algorithm o Nivasch’s stack algorithm o Distinguished point method for parallelization

21 Challenges 4 ECDLP challenges of increasing difficulty o 30, 40, 50 and 64 bits 1 Extra challenge with non-prime order for testing Pohlig-Hellman reduction

22 Results!

23 Results!

24 Optimization tests Check every improvement against vanilla version Nivasch: 2.16 times less iterations, 1.4 speedup Montgomery: 1.43 speedup factor for 40 bits, 1.33 factor for 30 bits Negation map: 1.1 times less iterations, no speedup o (Actually about 1.07 times slower)

25 Improvement ideas Distributed attack Low-level optimizations o Integer arithmetic o Field arithmetic (probably harder since NTL is very good at that) o In-place operations instead of constructors and copying Use SIMD architecture (e.g., GPUs)

26 The End

Download ppt "Elliptic Curve Cryptography The EC Discrete Logarithm problem and Pollard’s Rho attack Ofer Schwarz, Winter 2012-2013 Advisor: Barukh Ziv."

Similar presentations

AKS Implementation of a Deterministic Primality Algorithm

AKS Implementation of a Deterministic Primality Algorithm
Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
RSA and Public Key Cryptography Oct. 2002 Nathanael Paul.

RSA and Public Key Cryptography Oct Nathanael Paul.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Cryptography and Network Security Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack.

Cryptography and Network Security Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack.
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
Lecture 8: Lattices and Elliptic Curves

Lecture 8: Lattices and Elliptic Curves
Fast Modular Reduction

Fast Modular Reduction
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.

Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.

Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.

A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.

Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.

-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.

Similar presentations

Ads by Google