Results 1  10
of
15
A tale of two sieves
 Notices Amer. Math. Soc
, 1996
"... It is the best of times for the game of factoring large numbers into their prime factors. In 1970 it was barely possible to factor “hard ” 20digit numbers. In 1980, in the heyday of the BrillhartMorrison continued fraction factoring algorithm, factoring of 50digit numbers was becoming commonplace ..."
Abstract

Cited by 49 (2 self)
 Add to MetaCart
(Show Context)
It is the best of times for the game of factoring large numbers into their prime factors. In 1970 it was barely possible to factor “hard ” 20digit numbers. In 1980, in the heyday of the BrillhartMorrison continued fraction factoring algorithm, factoring of 50digit numbers was becoming commonplace. In 1990 my own quadratic sieve factoring algorithm had doubled the length of the numbers that could be factored, the record having 116 digits. By 1994 the quadratic sieve had factored the famous 129digit RSA challenge number that had been estimated in Martin Gardner’s 1976 Scientific American column to be safe for 40 quadrillion years (though other estimates around then were more modest). But the quadratic sieve is no longer the champion. It was replaced by Pollard’s number field sieve in the spring of 1996, when that method successfully split a 130digit RSA challenge number in about 15 % of the time the quadratic sieve would have taken. In this article we shall briefly meet these factorization algorithms—these two sieves—and some of the many people who helped to develop them. In the middle part of this century, computational issues seemed to be out of fashion. In most books the problem of factoring big numbers
Towards Practical Noninteractive Public Key Cryptosystems Using Nonmaximal Imaginary Quadratic Orders
 in Selected Areas in Cryptography, Lecture Notes in Computer Science
, 2000
"... Abstract. We present a new noninteractive public key distribution system based on the class group of a nonmaximal imaginary quadratic order Cl(∆p). The main advantage of our system over earlier proposals based on (Z/nZ) ∗ [19,21] is that embedding id information into group elements in a cyclic su ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
Abstract. We present a new noninteractive public key distribution system based on the class group of a nonmaximal imaginary quadratic order Cl(∆p). The main advantage of our system over earlier proposals based on (Z/nZ) ∗ [19,21] is that embedding id information into group elements in a cyclic subgroup of the class group is easy (straightforward embedding into prime ideals suffices) and secure, since the entire class group is cyclic with very high probability. In order to compute discrete logarithms in the class group, the KGC needs to know the prime factorization of ∆p = ∆1p 2. We present an algorithm for computing discrete logarithms in Cl(∆p) by reducing the problem to computing discrete logarithms in Cl(∆1) and either F ∗ p or F ∗ p2. We prove that a similar reduction works for arbitrary nonmaximal orders, and that it has polynomial complexity if the factorization of the conductor is known.
Integer Factorization
, 2006
"... Factorization problems are the “The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors, is known to be one of the most important and useful in arithmetic,” Gauss wrote in his Disquisitiones Arithmeticae in 1801. “The dignity of the sc ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Factorization problems are the “The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors, is known to be one of the most important and useful in arithmetic,” Gauss wrote in his Disquisitiones Arithmeticae in 1801. “The dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated.” But what exactly is the problem? It turns out that there are many different factorization problems, as we will discuss in this paper.
Implementation of the Hypercube Variation of the Multiple Polynomial Quadratic Sieve
, 1995
"... We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime fa ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an ndimensional cube. Since changing polynomials on the hypercube is cheap, the optimal value for the size of the sieving interval is much smaller than in other implementations of the Multiple Polynomial Quadratic Sieve (MPQS). This makes HMPQS substantially faster than MPQS. We also describe a relatively fast way to find good parameters for the single large prime variation of the algorithm. Finally, we report on the performance of our implementation on factoring several large numbers for the Cunningham Project. Supported by National Science Foundation grant No. CCR9207204 1 Introduction Integer factorization algorithms are usually cate...
COMPUTING DISCRETE LOGARITHMS IN THE JACOBIAN OF HIGHGENUS HYPERELLIPTIC CURVES OVER EVEN CHARACTERISTIC FINITE FIELDS
"... Abstract. We describe improved versions of indexcalculus algorithms for solving discrete logarithm problems in Jacobians of highgenus hyperelliptic curves de ned over even characteristic elds. Our rst improvement is to incorporate several ideas for the lowgenus case by Gaudry and Theriault, inclu ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We describe improved versions of indexcalculus algorithms for solving discrete logarithm problems in Jacobians of highgenus hyperelliptic curves de ned over even characteristic elds. Our rst improvement is to incorporate several ideas for the lowgenus case by Gaudry and Theriault, including the large prime variant and using a smaller factor base, into the largegenus algorithm of Enge and Gaudry. We extend the analysis in [24] to our new algorithm, allowing us to predict accurately the number of random walk steps required to nd all relations, and to select optimal degree bounds for the factor base. Our second improvement is the adaptation of sieving techniques from Flassenberg and Paulus, and Jacobson to our setting. The new algorithms are applied to concrete problem instances arising from the Weil descent attack methodology for solving the elliptic curve discrete logarithm problem, demonstrating signi cant improvements in practice. 1.
Factoring Integers with LargePrime Variations of the Quadratic Sieve
, 1995
"... This article is concerned with the largeprime variations of the multipolynomial quadratic sieve factorization method: the PMPQS (one large prime) and the PPMPQS (two). We present the results of many factorization runs with the PMPQS and PPMPQS on SGI workstations and on a Cray C90 vector computer. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This article is concerned with the largeprime variations of the multipolynomial quadratic sieve factorization method: the PMPQS (one large prime) and the PPMPQS (two). We present the results of many factorization runs with the PMPQS and PPMPQS on SGI workstations and on a Cray C90 vector computer. Experiments show that for our Cray C90 implementations PPMPQS beats PMPQS for numbers of more than 80 digits, and that this crossover point goes down with the amount of available central memory. For PMPQS we give a formula to predict the total running time based on a short test run. The accuracy of the prediction is within 10% of the actual running time. For PPMPQS we do not have such a formula. Yet in order to provide measurements to help determining a good choice of the parameters in PPMPQS, we factored many numbers. In addition we give an experimental prediction formula for PPMPQS suitable if one wishes to factor many large numbers of about the same size. 1. INTRODUCTION
Sieve with Two Large Primes
"... This paper deals with variations of the Quadratic Sieve integer factoring algorithm. We describe what we believe is the rst implementation of the Hypercube Multiple Polynomial Quadratic Sieve with two large primes, We have used this program to factor many integers with up to 116 digits. Our program ..."
Abstract
 Add to MetaCart
(Show Context)
This paper deals with variations of the Quadratic Sieve integer factoring algorithm. We describe what we believe is the rst implementation of the Hypercube Multiple Polynomial Quadratic Sieve with two large primes, We have used this program to factor many integers with up to 116 digits. Our program appears to be many times faster than the (nonhypercube) Multiple Polynomial Quadratic Sieve with two large primes.
Implementation of the Hypercube Multiple Polynomial Quadratic Sieve
"... . We discuss our implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on the Quadratic Sieve (QS) algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime facto ..."
Abstract
 Add to MetaCart
. We discuss our implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on the Quadratic Sieve (QS) algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an ndimensional cube. Since changing polynomials on the hypercube is cheap, the optimal value for the size of the sieving interval is much smaller than in other implementations of the Multiple Polynomial Quadratic Sieve (MPQS). This makes HMPQS substantially faster than MPQS. We also describe a relatively fast way to find good parameters for the single large prime variation of the algorithm. Finally, we report on the performance of our implementations on factoring several large numbers for the Cunningham Project. 1 Introduction Integer factorization algorithms are usually categorized as either general purpose or special purpose. Gene...