Mage Enables Cracking of Elliptic Curve Cryptography, Risks to Modern Internet Security

Elliptic Curve Cryptography (ECC) currently underpins much of modern digital security, protecting everything from online banking to cryptocurrency transactions, yet surprisingly little research investigates its vulnerability to advanced machine learning techniques. Lily Erickson from EmerGen LLC addresses this critical gap by demonstrating how modern language model architecture, specifically cross-axis transformers, can be used to crack ECC, effectively reversing the process of public keypair generation. This work establishes a new approach to cryptanalysis, moving beyond traditional methods and exploring the potential for machine learning to memorise and then exploit patterns within public-private keypairs. By proactively identifying these weaknesses, Erickson’s research highlights the urgent need to develop more robust cryptographic systems capable of withstanding the increasing power of artificial intelligence and safeguarding digital infrastructure. The study argues that machine learning can create effective rainbow tables, significantly reducing the effort required to break ECC and potentially rendering it insecure.

The team demonstrates that a machine learning model can learn to represent and memorize a substantial number of ECC private keys, effectively creating a precomputed database that allows for rapid decryption. This approach requires less effort than traditional methods for breaking ECC. Calculations show that a small model can break half of all keys with effort equivalent to breaking only 100 keys traditionally, while a larger model could potentially break half of all keys with effort equivalent to breaking 3 billion keys. The efficiency of memorizing keys is highlighted, noting that a batch size of 4 can be run on each core without quantization. Applying the Birthday Paradox, the research demonstrates that even a small percentage of compromised keys, such as 1%, could have a devastating impact on the security of the entire system, as an attacker only needs to break enough keys to create a significant risk of collision and compromise. The authors conclude that 256-bit cryptography is effectively vulnerable and that a large-scale attack is likely. They urge cybersecurity professionals to take this threat seriously and consider alternative cryptographic solutions. Acknowledging the ethical implications, the researchers have chosen not to release the model weights or training code, but are making the original Cross-Axis Transformer architecture and experimental results available. Researchers initially demonstrated the model’s ability to overfit to a small dataset of 5,000 key pairs, achieving 99% training accuracy. This highlighted a critical issue: standard optimizers, designed for language modeling, struggle with the randomness inherent in cryptographically generated data. The optimizer repeatedly corrected its direction, effectively preventing gradient descent. To address this, the team disabled the momentum parameter within the AdamW optimizer, enabling learning. The model architecture employed a Cross-Axis Transformer with RoPE, comprising 784 million parameters, a hidden size of 2048, and 16 layers with 16 attention heads. Training utilized a dataset of 100,000 key pairs, with performance evaluated on a separate dataset of 38,200 pairs. Further experiments demonstrated the model’s capacity to memorize training data, achieving 99% accuracy on the training set. However, as training loss decreased, evaluation loss increased, indicating overfitting. The research suggests that the model required significantly more data to learn a representation of the elliptic curve. Researchers investigated whether modern machine learning models could learn to reverse engineer the process of generating ECC keypairs.

The team employed a transformer model with 784 million parameters, a hidden size of 2048, 16 layers, and 16 attention heads, trained on a dataset of 100,000 samples and evaluated on 38,200. Initial experiments revealed the model achieved 99% accuracy on the training data, but performance on the evaluation dataset remained statistically insignificant. Subsequent tests using a generator function to create random keypairs showed no improvement after 350 epochs with 100,000 samples each, with loss remaining flatline. This suggested the model required significantly more data to learn a representation of the elliptic curve. Detailed calculations were performed to compare the computational complexity of generating a secp256r1 keypair with the cycles required for the machine learning model to memorize one. Researchers determined that the model required fewer cycles to memorize a single keypair, utilizing bfloat16 precision. The work underscores a potential vulnerability in current cryptographic systems and suggests that machine learning models may pose a future threat to digital security.

Machine Learning Breaks Cryptographic Key Security This research demonstrates that modern machine learning algorithms possess a concerning capacity to compromise current cryptographic security, specifically the Elliptic Curve Discrete Logarithm Problem.

The team successfully showed that these algorithms can not only memorise substantial numbers of public-private keypairs, but also intuitively learn to reverse engineer the key generation process itself. Results indicate that a relatively small model, with 784 million parameters, could memorise enough keypairs to compromise half of all private keys with an effort equivalent to breaking only 100 keys using traditional methods. Scaling this up to a 405 billion parameter model suggests the potential to invalidate billions of keys with a comparable effort. The study highlights the efficiency of machine learning in creating what amounts to advanced “rainbow tables”, enabling the rapid lookup of private keys given their public counterparts. Importantly, the research suggests that compromising even a small percentage of the entire curve, potentially less than one percent, could have widespread and damaging consequences. The authors acknowledge limitations in their work, notably the computational resources required for full-scale training, and refrain from releasing the model weights or training code due to ethical concerns regarding the potential misuse of this technology. Looking ahead, the team suggests that further research is needed to fully understand the implications of these findings and to develop countermeasures against this emerging threat. The results strongly indicate that current 256-bit cryptography may be vulnerable and that a proactive approach to cybersecurity is essential in the age of increasingly powerful machine learning algorithms. 👉 More information 🗞 Mage: Cracking Elliptic Curve Cryptography with Cross-Axis Transformers 🧠 ArXiv: https://arxiv.org/abs/2512.12483 Tags: