Cryptology ePrint Archive: Report 2014/368

Solving the Discrete Logarithm of a 113-bit Koblitz Curve with an FPGA Cluster

Erich Wenger and Paul Wolfger

Abstract: Using FPGAs to compute the discrete logarithms of elliptic curves is a well-known method. However, until to date only CPU clusters succeeded in computing new elliptic curve discrete logarithm records. This work presents a high-speed FPGA implementation that was used to compute the discrete logarithm of a 113-bit Koblitz curve. The core of the design is a fully unrolled, highly pipelined, self-sufficient Pollard's rho iteration function. An 18-core Virtex-6 FPGA cluster computed the discrete logarithm of a 113-bit Koblitz curve in extrapolated 24 days. Until to date, no attack on such a large Koblitz curve succeeded using as little resources or in such a short time frame.

Category / Keywords: elliptic curve cryptography, discrete logarithm problem, Koblitz curve, hardware design, FPGA, discrete logarithm record

Original Publication (in the same form): Selected Areas in Cryptography 2014

Date: received 26 May 2014, last revised 26 Aug 2014

Contact author: erich wenger at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Note: Camera ready version of paper from Selected Areas in Cryptography 2014

Version: 20140826:073606 (All versions of this report)

Short URL: ia.cr/2014/368

Discussion forum: Show discussion | Start new discussion