Is it possible to use a ASIC miner for that attack?
An ECDSA breaking ASIC? Sure. A Bitcoin mining ASIC? No. ASICs do one thing and one thing only.
Yes the question was hinting at Bitcoin mining ASICs, which ofc makes no sense. Thanks for the reminder what ASICs actually are
-snip-
You use Big O or for ECDSA you just remember that bit strength is 1/2 key length. Also remember Big O just gets us to the magnitude. There is no computer which can perform Pollard rho in a single operation. It might require 10 operations or 10,000 but these are linearly constraints. For cryptography we want to ensure the magnitude alone puts an attack beyond what is feasible.
You use Big O or for ECDSA you just remember that bit strength is 1/2 key length. Also remember Big O just gets us to the magnitude. There is no computer which can perform Pollard rho in a single operation. It might require 10 operations or 10,000 but these are linearly constraints. For cryptography we want to ensure the magnitude alone puts an attack beyond what is feasible.
I understand, so we just ignore everything else (constants, etc.) and just take the fastest growing part. E.g. if we had two loops from 0 to n within eachother we have O(n2) no matter how many commands are used in each loop. This would ofc just give us a rough picture, but (see below)
Against 64 bit security? Nobody should be using anything with only 64 bit security. Note this is supported by emperical evidence as well. A 112 bit ECC key (56 bit security) is the largest known ECC key to be brute forced. It was completed in 3.5 months of runtime using 200 Playstation 3s. http://lacal.epfl.ch/112bit_prime
but... as I read in the artical we are happy with a rough estimate anyway, because of the birthday paradoxon. There is a very slim chance that the last calculation would give us the result. It is more likely that we get our answer sooner. Thus the time needed for a calculation can only be estimated (e.g. 50% chance of success after X days) and is not fixed. So my calculation above is way off anyway.
And yes I just remembered that we are talking about 64 bit, thus we are in the exponent. So in comparison 128 bit security is not only "twice as secure" but "264 times as secure"