Certicom introduced the Elliptic Curve Cryptosystem (ECC) Challenge in November 1997. The first of its kind, the ECC Challenge was developed to increase industry understanding and appreciation for the difficulty of the elliptic curve discrete logarithm problem, and to encourage and stimulate further research in the security analysis of elliptic curve cryptosystems.
The knowledge and experience gained to date confirms comparisons of the security level of ECC with other systems.
The challenge is to compute the ECC private keys from the given list of ECC public keys and associated system parameters. This is the type of problem facing an adversary who wishes to completely defeat an elliptic curve cryptosystem.
| Level I | Level II |
| 109-bit challenge SOLVED | 163-bit challenge |
| [ECCp-109 SOLVEDNov. 2002 ] [ECC2-109 SOLVEDApril 2004 ] | 191-bit challenge |
| 131-bit challenge | 239-bit challenge |
| 359-bit challenge |
The 109-bit challenges have been solved, while the 131-bit challenges will require significantly more resources to solve. All Level II challenges are believed to be computationally infeasible.
The Certicom ECC Challenge was preceded by three Exercises:
Participants can attempt to solve Challenge sets using one or both of two finite fields. The first involves elliptic curves over the finite field F2m (the field having 2m elements in it), and the second involves elliptic curves over the finite field Fp (the field of integers modulo an odd prime p).