Results 1 
9 of
9
Recent progress and prospects for integer factorisation algorithms
 In Proc. of COCOON 2000
, 2000
"... Abstract. The integer factorisation and discrete logarithm problems are of practical importance because of the widespread use of public key cryptosystems whose security depends on the presumed difficulty of solving these problems. This paper considers primarily the integer factorisation problem. In ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The integer factorisation and discrete logarithm problems are of practical importance because of the widespread use of public key cryptosystems whose security depends on the presumed difficulty of solving these problems. This paper considers primarily the integer factorisation problem. In recent years the limits of the best integer factorisation algorithms have been extended greatly, due in part to Moore’s law and in part to algorithmic improvements. It is now routine to factor 100decimal digit numbers, and feasible to factor numbers of 155 decimal digits (512 bits). We outline several integer factorisation algorithms, consider their suitability for implementation on parallel machines, and give examples of their current capabilities. In particular, we consider the problem of parallel solution of the large, sparse linear systems which arise with the MPQS and NFS methods. 1
Improving the Exact Security of Digital Signature Schemes
, 1999
"... We provide two contributions to exact security analysis of digital signatures: 1. We put forward a new method of constructing FiatShamirlike signature schemes that yields better "exact security" than the original FiatShamir method; and 2. We extend exact security analysis to exact cost ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
(Show Context)
We provide two contributions to exact security analysis of digital signatures: 1. We put forward a new method of constructing FiatShamirlike signature schemes that yields better "exact security" than the original FiatShamir method; and 2. We extend exact security analysis to exact costsecurity analysis by showing that digital signature schemes with "loose security" may be preferable for reasonable measures of cost.
Analysis of Bernstein's Factorization Circuit
, 2002
"... In [1], Bernstein proposed a circuitbased implementation of the matrix step of the number field sieve factorization algorithm. These circuits o er an asymptotic cost reduction under the measure "construction cost × run time". We evaluate the cost of these circuits, in agreement ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
In [1], Bernstein proposed a circuitbased implementation of the matrix step of the number field sieve factorization algorithm. These circuits o er an asymptotic cost reduction under the measure "construction cost &times; run time". We evaluate the cost of these circuits, in agreement with [1], but argue that compared to previously known methods these circuits can factor integers that are 1.17 times larger, rather than 3.01 as claimed (and even this, only under the nonstandard cost measure).
Factoring estimates for a 1024bit RSA modulus
 IN: PROC. ASIACRYPT 2003, LNCS 2894
, 2003
"... We estimate the yield of the number field sieve factoring algorithm when applied to the 1024bit composite integer RSA1024 and the parameters as proposed in the draft version [17] of the TWIRL hardware factoring device [18]. We present the details behind the resulting improved parameter choices f ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
We estimate the yield of the number field sieve factoring algorithm when applied to the 1024bit composite integer RSA1024 and the parameters as proposed in the draft version [17] of the TWIRL hardware factoring device [18]. We present the details behind the resulting improved parameter choices from [18].
Yet Another Sieving Device
, 2003
"... A compact mesh architecture for supporting the relation collection step of the number eld sieve is described. Diering from TWIRL, only isolated chips without interchip communication are used. According to a preliminary analysis for 768bit numbers, with a 0:13 m process one meshbased device ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
A compact mesh architecture for supporting the relation collection step of the number eld sieve is described. Diering from TWIRL, only isolated chips without interchip communication are used. According to a preliminary analysis for 768bit numbers, with a 0:13 m process one meshbased device ts on a single chip of (4:9 cm) the largest proposed chips in the TWIRL cluster for 768bit occupy (6:7 cm) .
Arbitrarily Tight Bounds On The Distribution Of Smooth Integers
 Proceedings of the Millennial Conference on Number Theory
, 2002
"... This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFTbased powerseries exponentiation; explains how one can choose the parameters to achieve ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
This paper presents lower bounds and upper bounds on the distribution of smooth integers; builds an algebraic framework for the bounds; shows how the bounds can be computed at extremely high speed using FFTbased powerseries exponentiation; explains how one can choose the parameters to achieve any desired level of accuracy; and discusses several generalizations.
Computational Methods in Public Key Cryptology
, 2002
"... These notes informally review the most common methods from computational number theory that have applications in public key cryptology. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
These notes informally review the most common methods from computational number theory that have applications in public key cryptology.
A Probabilistic Elliptic Curve Cryptosystem as Secure as Factoring
"... In this paper, we propose a new trapdoor oneway function using elliptic curve discrete logarithm over Z=nZwhere n = p q. Computing its inverse is equivalent to factoring the integer n. As its applications, we propose one basic scheme and two new probabilistic public key cryptosystems made by ..."
Abstract
 Add to MetaCart
(Show Context)
In this paper, we propose a new trapdoor oneway function using elliptic curve discrete logarithm over Z=nZwhere n = p q. Computing its inverse is equivalent to factoring the integer n. As its applications, we propose one basic scheme and two new probabilistic public key cryptosystems made by the methods of BellareRogaway and FujisakiOkamoto [4, 8]. Both are semantically secure against the adaptive chosen ciphertext attack in random oracle model.