Results 1  10
of
11
Cryptanalysis with COPACOBANA
 IEEE TRANSACTIONS ON COMPUTERS
, 2008
"... Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. Thus, in the absence of mathematical breakthroughs to a cryptanalytical problem, a promising way ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. Thus, in the absence of mathematical breakthroughs to a cryptanalytical problem, a promising way for tackling the computations involved is to build specialpurpose hardware exhibiting a (much) better performancecost ratio than offtheshelf computers. This contribution presents a variety of cryptanalytical applications utilizing the CostOptimized Parallel Code Breaker (COPACOBANA) machine, which is a highperformance lowcost cluster consisting of 120 fieldprogrammable gate arrays (FPGAs). COPACOBANA appears to be the only such reconfigurable parallel FPGA machine optimized for code breaking tasks reported in the open literature. Depending on the actual algorithm, the parallel hardware architecture can outperform conventional computers by several orders of magnitude. In this work, we will focus on novel implementations of cryptanalytical algorithms, utilizing the impressive computational power of COPACOBANA. We describe various exhaustive key search attacks on symmetric ciphers and demonstrate an attack on a security mechanism employed in the electronic passport (epassport). Furthermore, we describe timememory tradeoff techniques that can, e.g., be used for attacking the popular A5/1 algorithm used in GSM voice encryption. In addition, we introduce efficient implementations of more complex cryptanalysis on asymmetric cryptosystems, e.g., Elliptic Curve Cryptosystems (ECCs) and number cofactorization for RSA. Even though breaking RSA or elliptic curves with parameter lengths used in most practical applications is out of reach with COPACOBANA, our attacks on algorithms with artificially short bit lengths allow us to extrapolate more reliable security estimates for realworld bit lengths. This is particularly useful for deriving estimates about the longevity of asymmetric key lengths.
ECM on Graphics Cards
"... Abstract. This paper reports recordsetting performance for the ellipticcurve method of integer factorization: for example, 604.99 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers on a single PC. The stateoftheart GMPECM software handles 171.42 curves/second for ECM stage 1 with ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
Abstract. This paper reports recordsetting performance for the ellipticcurve method of integer factorization: for example, 604.99 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers on a single PC. The stateoftheart GMPECM software handles 171.42 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers using all four cores of a 2.4GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 280 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 280 the implementation performs 22.66 million modular multiplications per second for a general 280bit modulus. GMPECM, using all four cores of a Q6600, performs 17.91 million multiplications per second. This paper also reports speeds on other graphics processors: for example,
Integer Factorization Based on Elliptic Curve Method: Towards Better Exploitation of Reconfigurable Hardware
"... Currently, the best known algorithm for factorizing modulus of the RSA public key cryptosystem is the Number Field Sieve. One of its important phases usually combines a sieving technique and a method for checking smoothness of midsize numbers. For this factorization, the Elliptic Curve Method (ECM) ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Currently, the best known algorithm for factorizing modulus of the RSA public key cryptosystem is the Number Field Sieve. One of its important phases usually combines a sieving technique and a method for checking smoothness of midsize numbers. For this factorization, the Elliptic Curve Method (ECM) is an attractive solution. As ECM is highly regular and many parallel computations are required, hardwarebased platforms were shown to be more costeffective than software solutions. The few papers dealing with implementation of ECM on FPGA are all based on bitserial architectures. They use only generalpurpose logic and lowcost FPGAs which appear as the best performance/cost solution. This work explores another approach, based on the exploitation of embedded multipliers available in modern FPGAs and the use of highperformances FPGAs. The proposed architecture – based on a fully parallel and pipelined modular multiplier circuit – exhibits a 15fold improvement over throughput/hardware cost ratio of previously published results.
Three Years of Evolution: Cryptanalysis with COPACOBANA
"... In this paper, we review three years of development and improvements on COPACOBANA, the probably most popular, reconfigurable cluster system dedicated to the task of cryptanalysis. Latest changes on the architecture involve modifications for larger and more powerful FPGA devices with dedicated 32 MB ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
In this paper, we review three years of development and improvements on COPACOBANA, the probably most popular, reconfigurable cluster system dedicated to the task of cryptanalysis. Latest changes on the architecture involve modifications for larger and more powerful FPGA devices with dedicated 32 MB of external RAM and pointtopoint communication links for improved data throughput. We outline how advanced cryptanalytic applications, such as TimeMemory Tradeoff (TMTO) attacks or attacks on asymmetric cryptosystems, can benefit from these new architectural improvements. 1
Efficient SIMD arithmetic modulo a Mersenne number
 In IEEE Symposium on Computer Arithmetic – ARITH20
, 2011
"... Abstract—This paper describes carryless arithmetic operations modulo an integer 2 M − 1 in the thousandbit range, targeted at single instruction multiple data platforms and applications where overall throughput is the main performance criterion. Using an implementation on a cluster of PlayStation ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract—This paper describes carryless arithmetic operations modulo an integer 2 M − 1 in the thousandbit range, targeted at single instruction multiple data platforms and applications where overall throughput is the main performance criterion. Using an implementation on a cluster of PlayStation 3 game consoles a new record was set for the elliptic curve method for integer factorization.
Enhancing COPACOBANA for Advanced Applications in Cryptography and Cryptanalysis
"... Cryptanalysis of symmetric and asymmetric ciphers is a challenging task due to the enormous amount of involved computations. To tackle this computational complexity, usually the employment of specialpurpose hardware is considered as best approach. We have built a massively parallel cluster system (C ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Cryptanalysis of symmetric and asymmetric ciphers is a challenging task due to the enormous amount of involved computations. To tackle this computational complexity, usually the employment of specialpurpose hardware is considered as best approach. We have built a massively parallel cluster system (COPACOBANA) based on lowcost FPGAs as a costefficient platform primarily targeting cryptanalytical operations with these high computational efforts but low communication and memory requirements. However, some parallel applications in the field of cryptography are too complex for lowcost FPGAs and also require the availability of at least moderate communication and memory facilities. Particularly, this holds true for arithmetic intensive application as well as ones with a highly complex data flow. In this contribution, we describe a novel architecture for a more versatile and reliable COPACOBANA capable to host advanced cryptographic applications like highperformance digital signature generation according to the Elliptic Curve Digital Signature Algorithm (ECDSA) and integer factorization based on the Elliptic Curve Method (ECM). In addition to that, the new cluster design allows even to run more supercomputing applications beyond the field of cryptography. 1.
HighPerformance Integer Factoring with Reconfigurable Devices
 INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS
, 2010
"... We present a novel FPGAbased implementation of the Elliptic Curve Method (ECM) for the factorization of mediumsized composite integers. More precisely, we demonstrate an ECM implementation capable to determine prime factors of up to 2,424 151bit integers per second using a single Xilinx Virtex4 ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We present a novel FPGAbased implementation of the Elliptic Curve Method (ECM) for the factorization of mediumsized composite integers. More precisely, we demonstrate an ECM implementation capable to determine prime factors of up to 2,424 151bit integers per second using a single Xilinx Virtex4 SX35 FPGA. Using this implementation on a cluster like the COPACOBANA is beneficial for attacking cryptographic primitives like the wellknown RSA cryptosystem with advanced methods such as the Number Field Sieve (NFS). To provide this vast number of integer factorizations per FPGA, we make use of the available DSP blocks on each Virtex4 device to accelerate lowlevel arithmetic computations. This methodology allows the development of a timearea efficient design that runs 24 ECM cores in parallel, implementing both phase 1 and phase 2 of the ECM. Moreover, our design is fully scalable and supports composite integers in the range from 66 to 236 bits without any significant modifications to the hardware. Compared to the implementation by Gaj et al., who reported an ECM design for the same Virtex4 platform, our improved architecture provides an advanced costperformance ratio which is better by a factor of 37.
Elliptic Curve Factorization Method: Towards Better Exploitation of Reconfigurable Hardware
"... Currently, the best known algorithm for factorizing modulus of the RSA public key cryptosystem is the Number Field Sieve. One of its important phases usually combines a sieving technique and a method for checking smoothness of midsize numbers. For this factorization, the Elliptic Curve Method (ECM) ..."
Abstract
 Add to MetaCart
Currently, the best known algorithm for factorizing modulus of the RSA public key cryptosystem is the Number Field Sieve. One of its important phases usually combines a sieving technique and a method for checking smoothness of midsize numbers. For this factorization, the Elliptic Curve Method (ECM) is an attractive solution. As ECM is highly regular and many parallel computations are required, hardwarebased platforms were shown to be more costeffective than software solutions. The few papers dealing with implementation of ECM on FPGA are all based on bitserial architectures. They use only generalpurpose logic and lowcost FPGAs which appear as the best performance/cost solution. This work explores another approach, based on the exploitation of embedded multipliers available in modern FPGAs and the use of highperformances FPGAs. The proposed architecture – based on a fully parallel and pipelined modular multiplier circuit – exhibits a 15fold improvement over throughput/hardware cost ratio of previously published results.
ECM at Work
"... Abstract. The performance of the elliptic curve method (ECM) for integer factorization plays an important role in the security assessment of RSAbased protocols as a cofactorization tool inside the number field sieve. The efficient arithmetic for Edwards curves found an application by speeding up EC ..."
Abstract
 Add to MetaCart
Abstract. The performance of the elliptic curve method (ECM) for integer factorization plays an important role in the security assessment of RSAbased protocols as a cofactorization tool inside the number field sieve. The efficient arithmetic for Edwards curves found an application by speeding up ECM. We propose techniques based on generating and combining addition chains to optimize Edwards ECM in terms of both performance and memory requirements. This makes our approach very suitable for memoryconstrained devices such as graphics processing units. For commonly used ECM parameters we are able to lower the required memory up to a factor 55 compared to the stateoftheart Edwards ECM approach.
2011 20th IEEE Symposium on Computer Arithmetic Efficient SIMD arithmetic modulo a Mersenne number
"... Abstract—This paper describes carryless arithmetic operations modulo an integer 2 M −1 in the thousandbit range, targeted at single instruction multiple data platforms and applications where overall throughput is the main performance criterion. Using an implementation on a cluster of PlayStation 3 ..."
Abstract
 Add to MetaCart
Abstract—This paper describes carryless arithmetic operations modulo an integer 2 M −1 in the thousandbit range, targeted at single instruction multiple data platforms and applications where overall throughput is the main performance criterion. Using an implementation on a cluster of PlayStation 3 game consoles a new record was set for the elliptic curve method for integer factorization.