New 113-bit ECDLP record

Erich Wenger and Paul Wolfger have just announced on NMBRTHRY a new ECDLP record computation.

The curve is over the field GF( 2^{113} ) and is not a Koblitz/subfield curve. So there is no speedup to Pollard rho from using equivalence classes under Frobenius. The number of points on the curve is 2 \cdot 5192296858534827689835882578830703 where the second number is a 112-bit prime.

No details of the computation are yet public, apart from the fact that 10 FPGAs were used. However, I presume the details will be similar to the SAC 2014 paper by the same authors. That paper was reporting on an ECDLP computation for a subfield curve, which was a significantly easier computation.

This result is not surprising, and does not change our opinions on the difficulty of the ECDLP, but it is always great to see computations of this type being performed.

— Steven Galbraith

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s