Certicom introduced the Elliptic Curve Cryptosystem (ECC) Challenge in November 1997. The first of its kind, the ECC Challenge was developed to increase industry understanding and appreciation for the difficulty of the elliptic curve discrete logarithm problem, and to encourage and stimulate further research in the security analysis of elliptic curve cryptosystems.

The knowledge and experience gained to date confirms comparisons of the security level of ECC with other systems.

The Certicom ECC Challenge: Defined

The challenge is to compute the ECC private keys from the given list of ECC public keys and associated system parameters. This is the type of problem facing an adversary who wishes to completely defeat an elliptic curve cryptosystem.

Challenge Levels:

Level I Level II
109-bit challenge SOLVED 163-bit challenge
[ECCp-109 SOLVEDNov. 2002 ] [ECC2-109 SOLVEDApril 2004 ] 191-bit challenge
131-bit challenge 239-bit challenge
  359-bit challenge

The 109-bit challenges have been solved, while the 131-bit challenges will require significantly more resources to solve. All Level II challenges are believed to be computationally infeasible.

The Certicom ECC Challenge was preceded by three Exercises:

  • 79-bit: SOLVED December 1997
  • 89-bit: SOLVED February 1998
  • 97-bit: SOLVED September 1999

Participants can attempt to solve Challenge sets using one or both of two finite fields. The first involves elliptic curves over the finite field F2m (the field having 2m elements in it), and the second involves elliptic curves over the finite field Fp (the field of integers modulo an odd prime p).