Armadillo ECDSA-113

[tofu-sensei]

So... It effectively took three weeks to solve?

[contextrax]

Quote:

Originally Posted by tofu-sensei

So... It effectively took three weeks to solve?

Lets say four weeks but I think I was lucky this time only needed 2^50 iterations. (or lets say extremely lucky)
ECDLP is based on the birthday paradox so you never know exactly the among of work.
2^52 iterations would required 4 times more work.

[tofu-sensei]

Quote:

Originally Posted by contextrax

Lets say four weeks but I think I was lucky this time only needed 2^50 iterations. (or lets say extremely lucky)
ECDLP is based on the birthday paradox so you never know exactly the among of work.
2^52 iterations would required 4 times more work.

I'd say Armadillo is still secure enough then. Who's paying the electricity bill for your little experiment?

[contextrax]

Quote:

Originally Posted by tofu-sensei

I'd say Armadillo is still secure enough then. Who's paying the electricity bill for your little experiment?

My total speed of 600mill/sec was spred over ~20 different computers including friends and family.
The power consummation on todays cpu is not that bad. My laptop Core i7 has a max TDP of 15w.

Lets play with some numbers.
My fastest PC did 46mill/sec. (a Core i7-6700 @ 3.4GHz)
Say we as a group can collect 90 of them
That should give a speed of ~2^32 / sec
After 12 days we would reach 2^52 iterations.
If we are as lucky as I and solve after 2^50 iterations then this would take only ~3 days

Some other attacked this curve before I did and implemented it on FPGS's
https://eprint.iacr.org/2014/368.pdf

If I where to release a product today then I would not rely on a 113 bit's koblitz curve. Using a different 113 bits curve would be a bit better and perhaps out of reach for reversers today but new cpu's are hitting the market as we speak and the new inlet with 18 cores and amd with 16 corse will probably be speed monsters.
Would also be fun to try implementing this on GPU.
I know they did some research on this when attacking ecc2k-131.

[tofu-sensei]

Quote:

Originally Posted by contextrax

If we are as lucky as I and solve after 2^50 iterations then this would take only ~3 days

Point taken. I ran the numbers again and the power costs s̶h̶o̶u̶l̶d̶ could be well below the cost of a license for whatever software it is you're attacking.

[deepzero]

Quote:

Point taken. I ran the numbers again and the power costs should be well below the cost of a license for whatever software it is you're attacking.

It's not always about the monetary costs...

I think a true keygen for v9.6 would be a fitting end to the Armadillo saga.

[Kerlingen]

Quote:

Originally Posted by contextrax

The power consummation on todays cpu is not that bad.

You're talking about 90 CPUs. Keygenning a single software (if you own that amount of hardware) will cost you like 1000+ US-$ for energy alone, if you have to rent cloud computing you will be at 5000+ US-$.

[contextrax]

Quote:

Originally Posted by Kerlingen

You're talking about 90 CPUs. Keygenning a single software (if you own that amount of hardware) will cost you like 1000+ US-$ for energy alone, if you have to rent cloud computing you will be at 5000+ US-$.

I was thinking more of a joined attack. 90 cpu's is like 90 different people running the solver.