The ECCp-97 calculation was fucking huge, to use the technical term.
Is anyone keeping track of the top ten computations or something?
Of the biggies I can think of, the RC5-56 crack is #1 followed by the
2 DES cracks, and this is #4.
Am I missing anything? Were any of the factoring efforts this big???
Rob.
------------------------------------------------------------------------------
RESULT
The solution to Certicom's ECCp-97 problem is the residue class of
1 6C86AA7C ACF69F1D D28B3E2F modulo 1 6EA1595E D21AE98F B6CCA20D
The calculation was carried out in 53 days by a group of 588
people and 1288 machines in more than 16 countries. It was found
after 186,364 Distinguished Points. At an expected 2^30 iterations per
Point, we estimate it took 200 trillion (200 E12)iterations. We
sustained an average rate of 5 trillion (5 E12) iterations per day,
for the past two weeks.
We achieved 440K 97bit Elliptic Curve iterations per second on an Alpha
600MHz or 494K on an Alpha 400MHz 21264 prototype. We got
125K iterations/sec from a Pentium II 300 and 39K iterations/sec from
a PowerPC 604/120.
The method we used was a "birthday paradox" algorithm iterating
from random initial points (distributed over all machines) with a
pseudo-random function (the same on all machines) until a collision
was detected at 23:38 GMT on Monday 16th of March 1998. The two Points
were coincidentally both found by Greg Thomas on two different
AlphaServer 8200s, each with four 440MHz 21164A Alpha CPUs.
This effort was organised by the BT Labs team, led by Adrian Escott,
John Sager, Alex Selkirk & Dimitris Tsapakidis and by the Linux Alpha
group, led by Robert Harley at INRIA.
Our proposed prize distribution is indicated on our web page at
http://www.labs.bt.com/projects/security/crackers/p97/
If we have won the prize, then we will discuss the mechanics of this
separately.
CREDITS
Robert Harley(INRIA): Original 64bit Alpha code & client, p97 code
optimisation,
user support, ECC background.
John Sager(BT Labs): 64bit Alpha code conversion to p97, Pentium
assembler,
VMS & 32bit Unix clients, proxies, ECC background.
Adrian Escott(BT Labs): ECC background, 64->32bit core code conversion.
Alex Selkirk(BT Labs): Windows clients, keyserver.
Dimitris Tsapakidis(BT Labs): Live stats & user support.
Dave Parkinson(BT Labs): Pentium assembler.
Jake Hill(BT Labs): Mac client & PowerPC assembler.
CONTRIBUTORS
222 Alpha machines produced 103,000 Points or 55.3%,
753 Pentium machines produced 73,691 Points or 39.5%
the rest were produced by Sparcs, Macs, HPs and others.
The groups & people involved follow. Figures denote Points found
and total contribution.
BT Labs 131163, 70.38%
[484 email addresses]
digital 14794, 7.94%
simons@zk3.dec.com
gorton@amt.tay1.dec.com
schloss@zk3.dec.com
reeves@zk3.dec.com
frank@zk3.dec.com
gorton@400mhz_proto@amt.tay1.dec.com
inria 14472, 7.77%
robert.harley@inria.fr
guillaume.pierre@inria.fr
legion project 4961, 2.66%
lindahl@cs.virginia.edu
tu wien 3153, 1.69%
andi@complang.tuwien.ac.at
nino@complang.tuwien.ac.at
university of tromsoe 2308, 1.24%
frodef@acm.org
tobias@td.org.uit.no
alvin.brattli@phys.uit.no
duke university - demographics 2032, 1.09%
ggw@cds.duke.edu
barbarian brothers 1065, 0.57%
gorton@thetick.antix.com
csmith 1006, 0.54%
csmith@stoneboro.uucp.cirr.com
[... Rest elided to improve SNR. See:
http://pauillac.inria.fr/~harley/ecdl4/ECCp-97.submission.text
...]
Our source code can be downloaded from:
http://pauillac.inria.fr/~harley/ecdl4/
The main project page with more info and stats is at:
http://www.labs.bt.com/projects/security/crackers/p97/
We invite anyone interested in working on the next calculation to
point their Web browsers at:
http://pauillac.inria.fr/~harley/ecdl5/
------------------------------------------------------------------------------