GPUs are not designed for fast binary-field arithmetic; they are designed for highly vectorizable floating-point computations that fit into very small amounts of static RAM. This paper explains how to optimize the ECC2K-130 computation for this unusual platform. The resulting GPU software performs more than 63 million iterations per second, including 320 million F_2^131 multiplications per second, on a $500 NVIDIA GTX 295 graphics card. The same techniques for finite-field arithmetic and elliptic-curve arithmetic can be reused in implementations of larger systems that are secure against similar attacks, making GPUs an interesting option as coprocessors when a busy Internet server has many elliptic-curve operations to perform in parallel.
Category / Keywords: implementation / Graphics Processing Unit (GPU), Elliptic Curve Cryptography, Pollard rho, qhasm Publication Info: Updated version of paper at Indocrypt 2010 Date: received 2 Jan 2012 Contact author: tanja at hyperelliptic org Available format(s): PDF | BibTeX Citation Version: 20120102:203505 (All versions of this report) Short URL: ia.cr/2012/002