Elliptic Curve Discrete Logarithms: ECC2-97

Brought to you by Rob Harley.

Personal pages at INRIA

Professional pages at ArgoTech

Up to the ECDL Project front page.

Solved on September 22nd 1999.

The answer was: 64206457470187038759216338447 modulo 79228162514264464603828067969.

Press releases:

By 4K-Associates (English),

By INRIA (English, French).

Certicom also did a press release in which they manage to avoid giving proper credit to INRIA or to myself, except in connection with last year's ECCp-97 crack for some reason.

Some notable quotes.

Coverage by:

• ComputerWorld
• Le Monde
• Tasty Bits
• ZDNet
• Toronto Globe & Mail
• Data Communications
• The Irish Times
• Yahoo France
• 01 Informatique
• Le Monde Du Renseignement
• Crypto-Gram
• CNN

The FAQ, slightly technical details for the non-specialist.

Web pages of people involved in the project (as many as I know links for).

Calling all users of free and open-source software!

The challenge: Certicom ECC challenge.

The prize: $5000.

The good cause: Free Software Foundation.

We've got some awesome machines and are capable of solving big problems if a large enough percentage of us are mobilised. The first six problems in the Certicom ECC challenge have been already been solved (http://www.certicom.com/chal/ch_6.htm). This next problem, called ECC2-97, is the hardest yet.

For comparison with the just-completed factorisation of RSA-155: this is harder! Compared with an exhaustive search of DES: this is easier, but uses an interesting parallel algorithm rather than searching blindly for a needle in a haystack.

We need to find distinguished points on a certain elliptic curve until the same point is found in two different ways and then the solution can be computed easily. Each point takes a billion elliptic curve operations (on average) and it is estimated that a matching pair will be found after about 400000 points.

The prize for the first correct solution is $5000. If we win it, $500 will go to each of the two people who find the match and we will donate the remaining $4000 to the F.S.F. (same as last time).

So why not participate in the project?

Just grab the source code, compile it, and leave it running in the background. Once in a while it sends some email back to base (or you can send batches of results manually). The program uses CPU time but almost no other resources, so by running it with nice you'll hardly notice.

Good luck!
Rob.
Robert.Harley@inria.fr

PS: Constructive comments are very welcome.

Useful links:

Warez:

Source code (32-bit, 64-bit).

Binary executables (HPUX11, Linux, Solaris, Tru64 Unix, Windows).

Info:

The FAQ, slightly technical details for the non-specialist.

Web pages of people involved in the project (as many as I know links for).

Machine status, for spotting machines that may need to have their ecdl process stopped.

Statistics:

Points by team (all teams).

Points by team and user (all participants).

Full details (every machine - big table!).

Pictures:

Graph showing our total progress (also in postscript).

Graph showing our daily progress (also in postscript).

Latest updates:

(click reload or you might not see them)

September 28th:
- Press releases are out. See top of page!

September 27th:
- Press releases to go out tomorrow. Hold on to your hats!

September 23rd:
- Certicom has confirmed that the solution is correct, so now everybody can stop running their ECDL processes. Proper announcements are being prepared for release real soon now.

September 23rd:
- Still waiting for confirmation.

September 22nd:
- Good luck struck and we are finished! The chance of finishing this early was about one in twelve. When checking yesterday's points I discovered two independant matching pairs. The chances of this are about one in a hundred and forty!

The first was found at 13:00:10 by Paul Bourke on his ssi15 machine matching an earlier point from his it5. The second was found at 20:36:22 by my emilion machine matching an earlier point from Paul's iris0.

The solution has been submitted to Certicom and awaits confirmation.

September 15th:
- Links to people involved in the project.

September 13th:
- 20% done. We passed by RSA-155 already!
- Our server was down from 16:55 to 17:25 while a new CPU was added.

September 11th:
- Mac attack! Ian Miller has done a nice PowerPC port.

September 8th:
- There's now a FAQ.
- I'm working on a bit-sliced implementation that might be faster.

September 6th:
- We just passed 10%. At today's rate it would take 75 more days, but we're accelerating!
- Watch the teams duke it out with Brett Nash's handy CGI script.

September 3rd:
- The Windows binary now runs at idle priority i.e., has nice built in.

September 2nd:
- Laurent Desnogues made binaries for Solaris on UltraSPARCs.
- Windows stuff is merged (95, 98 and NT on x86) in binaries/Windows/.

September 1st:
- The Windows side of things just got an overhaul, thanks to Brian Gladman.

August 27th, circa midnight:
- Preliminary testing finished.
- Announced project publically. Please help spread the word!

August 25th:
- Version 1.2.1 available.

August 18th:
- Version 1.2.0 available.

August 17th:
- First participant joined the project: Wayne Baisley at Fermilab.

August 13th:
- Started running internally at I.N.R.I.A.
- Created Web pages and made source code version 1.1.0 available.

INRIA, Domaine de Voluceau - Rocquencourt, 78153 Le Chesnay, France.