From [email protected] Fri Dec 19 15:45:18 1997 
Date: Tue, 16 Dec 1997 14:18:54 +0100 (MET) 
From: Robert Harley  
Reply-To: [email protected] 
To: [email protected] 
Subject: ECC2-79 cracked: Alpha Linux did it. 
Resent-Date: 16 Dec 1997 13:19:42 -0000 
Resent-From: [email protected] 
Resent-cc: recipient list not shown: ; 
 
Jus' sent this out. 
 
------------------------------------------------------------------------------ 
This message is copyright Robert J. Harley, 1997. 
If you wish to quote more than one sentence, please quote the whole thing. 
 
To: [email protected] 
 
                                        Robert J. Harley, 
                                        Se`vres, France, 
                                        16th of December, 1997. 
 
Dear Mr. Gallant, 
 
There are two types of communications.  On the one hand are secure 
communications, intelligible only to their intended recipient, and on 
the other are all the rest.  Between them, as Louis Freeh would say, 
there is a "bright line".  On what side of that line does Certicom 
stand? 
 
The solution to your ECC2-79 problem is the residue class of 
276856274258963891889538 modulo 302231454903954479142443.  The work 
was led by a group of Alpha Linux enthusiasts, and the British Telecom 
Labs team joined in too.  We used about 30 Alphas running Linux, from 
UDBs up to 600 MHz workstations.  Jay Estabrook's new 21264 machine 
made a cameo appearance!  There were also 4 Alphas running Digital 
Unix. 
 
Contributors were: 
 
    Andries Brouwer     [email protected] 
    Christopher Brown   [email protected] 
    Zach Brown          [email protected] 
    Jay Estabrook       [email protected] 
    Rick Gorton         [email protected] 
    Oleg Gusev          [email protected] 
    Robert Harley       [email protected] 
    Richard Holmes      [email protected] 
    Andy Isaacson       [email protected] 
    Greg Lindahl        [email protected] 
    Jon Nathan          [email protected] 
    Dennis Opacki       [email protected] 
    Vance Petree        [email protected] 
    Tim Rowley          [email protected] 
    Michael Sandfort    [email protected] 
    Jason Shiffer       [email protected] 
    Aaron Spink         [email protected] 
    B.T. Labs Team      [email protected] 
    Bart-Jan Vrielink   [email protected] 
    Marinos Yannikos    [email protected] 
    Xiaoguang Zhang     [email protected] 
 
    and some anonymous others.   
 
The method we used was a "birthday paradox" algorithm iterating from a 
random initial point (one per machine) with a pseudo-random function 
(the same on all machines) until a collision was detected at 12:47 
today.  A total of 1737410165382 iterations were performed, finding 
1617 "distinguished" points and one collision.  Our source code can be 
downloaded from: 
 
  http://pauillac.inria.fr/~harley/ecdl/ 
 
 
We would like to thank Michael Wiener for sending his paper, 
co-authored with Paul van Oorschot, in which they suggest using 
distinguished points for discrete log calculations.  We used this 
idea to simplify our client program. 
 
Thanks also to John Sager who spotted a broken line of code in one 
version of the program.  We were quickly able to verify that it had 
caused no harm. 
 
If this is the first correct submission, then, well I don't really 
know what you should do with the prize!  Perhaps hold a raffle among 
the contributors? 
 
Thank you, 
  Rob. 
     .-.                     [email protected]                    .-. 
    /   \           .-.                                 .-.           /   \ 
   /     \         /   \       .-.     _     .-.       /   \         /     \ 
  /       \       /     \     /   \   / \   /   \     /     \       /       \ 
 /         \     /       \   /     `-'   `-'     \   /       \     /         \ 
            \   /         `-'                     `-'         \   / 
             `-' Linux + 500MHz Alpha + 256MB SDRAM = heaven   `-' 
------------------------------------------------------------------------------. 
 
S'pose that means that Alpha Linux is pretty cool. 
 
Who's up for ECCp-89?   =:-)