Abstract
At present, the RSA cryptosystem is most widely used in public key cryptography. On the other hand, elliptic curve cryptography (ECC) has recently received much attention since smaller ECC key sizes provide the same security level as RSA. Although there are a lot of previous works that analyze the security of ECC and RSA, the comparison of strengths varies depending on analysis. The aim of this paper is once again to compare the security strengths, considering state-of-the-art of theory and experiments. The security of RSA is closely related to the hardness of the integer factorization problem (IFP), while the security of ECC is closely related to the elliptic curve discrete logarithm problem (ECDLP). In this paper, we compare the computing power required to solve the ECDLP and the IFP, respectively, and estimate the sizes of the problems that provide the same level of security.
The preliminary version of this work was presented at SHARCS 2012 [50].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) (1999)
Bailey, D., Baldwin, B., Batina, L., Bernstein, D., Birkner, P., Bos, J., van Damme, G., de Meulenaer, G., Fan, J., Güneysu, T., Gurkaynak, F., Kleinjung, T., Lange, T., Mentens, N., Paar, C., Regazzoni, F., Schwabe, P., Uhsadel, L.: The Certicom Challenges ECC2-X, IACR ePrint Archive, 2009/466 (2009), http://eprint.iacr.org/2009/466
Bernstein, D.J.: Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)
Bernstein, D.J.: Speed Reports for Elliptic-Curve Cryptography (2010), http://cr.yp.to/ecdh/reports.html
Bernstein, D.J., Chen, H.-C., Cheng, C.-M., Lange, T., Niederhagen, R., Schwabe, P., Yang, B.-Y.: ECC2K-130 on NVIDIA GPUs. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 328–346. Springer, Heidelberg (2010)
Bernstein, D.J., Lange, T., Schwabe, P.: On the Correct Use of the Negation Map in the Pollard rho Method. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 128–146. Springer, Heidelberg (2011)
Breaking ECC2K-130, IACR ePrint Achive, 2009/541, http://eprint.iacr.org/2009/541.pdf
Brent, R., Pollard, J.: Factorization of the eighth Fermat number. Mathematics of Computation 36, 627–630 (1981)
Canfield, E.R., Erdos, P., Pomerance, C.: On a problem of Oppenheim concerning Factorisatio Numerorum. J. Number Theory 17, 1–28 (1983)
CRYPTREC, CRYPTREC Report 2006 (2006), http://www.cryptrec.go.jp/report/c06_wat_final.pdf
Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. Cambridge University Press (1999)
Certicom, Certicom ECC Challenge (1997), http://www.certicom.jp/images/pdfs/cert_ecc_challenge.pdf
Certicom, Curves List (1997), http://www.certicom.jp/index.php/curves-list
ECRYPT II, ECRYPT II Report on Key Sizes (2011), http://www.keylength.com/en/3/
EPFL IC LACAL, PlayStation 3 computing breaks 260 barrier 112-bit prime ECDLP solved (2009), http://lacal.epfl.ch/112bit_prime
Galbraith, S.D., Ruprai, R.S.: Using Equivalence Classes to Accelerate Solving the Discrete Logarithm Problem in a Short Interval. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 368–383. Springer, Heidelberg (2010)
Gallant, R., Lambert, R., Vanstone, S.: Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves. Mathematics of Computation 69, 1699–1705 (2000)
Güneysu, T., Kasper, T., Novotný, M., Paar, C., Rupp, A.: Cryptanalysis with COPACOBANA. Transactions on Computers 57, 1498–1513 (2008)
Granlund, T.: Instruction latencies and throughput for AMD and Intel x86 processors (February 13, 2012 version), http://gmplib.org/~tege/x86-timing.pdf
Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing (2004)
Harley, R.: Elliptic curve discrete logarithms project, http://pauillac.inria.fr/~harley/ecdl/
Izu, T., Kogure, J., Shimoyama, T.: CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 364–377. Springer, Heidelberg (2007)
Kleinjung, T.: Estimates for factoring 1024-bit integers. In: Securing Cyberspace: Applications and Foundations of Cryptography and Computer Security, Workshop IV: Special Purpose Hardware for Cryptography: Attacks and Applications, Slides (2006), http://www.ipam.ucla.edu/schedule.aspx?pc=scws4
Kleinjung, T.: Evaluation of Complexity of Mathematical Algorithms. CRYPTREC technical report No.0601 in FY 2006 (2007), http://www.cryptrec.jp/estimation.html
Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)
Kleinjung, T., Bos, J.W., Lenstra, A.K., Osvik, D.A., Aoki, K., Contini, S., Franke, J., Thomé, E., Jermini, P., Thiémard, M., Leyland, P., Montgomery, P., Timofeev, A., Stockinger, H.: A heterogeneous computing environment to solve the 768-bit RSA. Cluster Computing 15(1), 53–68 (2012)
Knuth, D.: The art of computer programming, Seminumerical Algorithms, vol. II. Addison-Wesley, Reading (1969)
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)
Lenstra, A., Lenstra, H., Manasse, M., Pollard, J.: The Number Field Sieve. In: Symposium on Theory of Computing - STOC 1990, pp. 564–572. ACM (1990)
Lenstra, A., Verheul, E.: Selecting Cryptographic Key Sizes. Journal of Cryptology 14(4), 255–293 (2001)
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39, 1639–1646 (1993)
Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
NESSIE, NESSIE Security Report (Feburary 2003)
NIST Special Publication 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Orman, H., Hoffman, P.: Determining Strengths for Public Keys Used for Exchanging Symmetric Keys. IETF RFC 3766/BCP 86 (April 2004)
Pollard, J.: Monte Carlo methods for index computation mod p. Mathematics of Computation 32, 918–924 (1978)
Pomerance, C.: The Number Field Sieve. In: Proceedings of Symposia in Applied Mathematics, vol. 48, pp. 465–480 (1994)
Rivest, R., Shamir, A., Adelman, L.: A method for obtaining digital signatures and public-key cyrptosystems. Communications of the ACM 21, 120–126 (1978)
RSA Labs. A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths, RSA Labs Bulletin (13) (April 2000) (revised November 2001)
Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Mathematici Universitatis Sancti Pauli 47, 81–92 (1998)
Semaev, I.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p. Mathematics of Computation 67, 353–356 (1998)
Shamir, A.: Factoring Large Numbers with the TWINKLE Device (Extended Abstract). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 2–12. Springer, Heidelberg (1999)
Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)
Smart, N.P.: The discrete logarithm problem on elliptic curves of trace one. Journal of Cryptology 12, 110–125 (1999)
Teske, E.: Speeding Up Pollard’s Rho Method for Computing Discrete Logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 541–554. Springer, Heidelberg (1998)
Teske, E.: On random walks for Pollard’s rho method. Mathematics of Computation 70, 809–825 (2001)
van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12, 1–28 (1999)
Wiener, M., Zuccherato, R.J.: Faster Attacks on Elliptic Curve Cryptosystems. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 190–200. Springer, Heidelberg (1999)
Yasuda, M., Izu, T., Shimoyama, T., Kogure, J.: On random walks of Pollard’s rho method for the ECDLP on Koblitz curves. Journal of Math-for-Industry 3(2011B-3), 107–112 (2011)
Yasuda, M., Shimoyma, T., Izu, T., Kogure, J.: On the strength comparison of ECC and RSA. In: Workshop Record of SHARCS 2012, pp. 61–79 (2012), http://2012.sharcs.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yasuda, M., Shimoyama, T., Kogure, J., Izu, T. (2012). On the Strength Comparison of the ECDLP and the IFP. In: Visconti, I., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2012. Lecture Notes in Computer Science, vol 7485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32928-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-32928-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32927-2
Online ISBN: 978-3-642-32928-9
eBook Packages: Computer ScienceComputer Science (R0)