This paper analyzes the costs of breaking the Certicom challenges over the binary fields $\F_{2^{131}}$ and $\F_{2^{163}}$ on a variety of platforms. We describe details of the choice of step function and distinguished points for the Koblitz and non-Koblitz curves. In contrast to the implementations for the previous Certicom challenges we do not restrict ourselves to software and conventional PCs, but branch out to cover the majority of available platforms such as various ASICs, FPGAs, CPUs and the Cell Broadband Engine. For the field arithmetic we investigate polynomial and normal basis arithmetic for these specific fields; in particular for the challenges on Koblitz curves normal bases become more attractive on ASICs and FPGAs.
Category / Keywords: public-key cryptography / ECC, binary fields, Certicom challenges Date: received 22 Sep 2009 Contact author: tanja at hyperelliptic org Available formats: PDF | BibTeX Citation Version: 20090926:031756 (All versions of this report) Discussion forum: Show discussion | Start new discussion