The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the Rivest-Shamir-Adelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60-decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiple-polynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617-decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.

Using alternative cache indexing/hashing functions is a popular technique to reduce conflict misses by achieving a more uniform cache access distribution across the sets in the cache. Although various alternative hashing functions have been demonstrated to eliminate the worst case conflict behavior, no study has really analyzed the pathological behavior of such hashing functions that often result in performance slowdown. In this paper, we present an in-depth analysis of the pathological behavior of cache hashing functions. Based on the analysis, we propose two new hashing functions: prime modulo and prime displacement that are resistant to pathological behavior and yet are able to eliminate the worst case conflict behavior in the L2 cache. We show that these two schemes can be implemented in fast hardware using a set of narrow add operations, with negligible fragmentation in the L2 cache. We evaluate the schemes on 23 memory intensive applications. For applications that have non-uniform cache accesses, both prime modulo and prime displacement hashing achieve an average speedup of 1.27 compared to traditional hashing, without slowing down any of the 23 benchmarks. We also evaluate using multiple prime displacement hashing functions in conjunction with a skewed associative L2 cache. The skewed associative cache achieves a better average speedup at the cost of some pathological behavior that slows down four applications by up to 7%. 1.

Abstract. The integer factorisation and discrete logarithm problems are of practical importance because of the widespread use of public key cryptosystems whose security depends on the presumed difficulty of solving these problems. This paper considers primarily the integer factorisation problem. In recent years the limits of the best integer factorisation algorithms have been extended greatly, due in part to Moore’s law and in part to algorithmic improvements. It is now routine to factor 100-decimal digit numbers, and feasible to factor numbers of 155 decimal digits (512 bits). We outline several integer factorisation algorithms, consider their suitability for implementation on parallel machines, and give examples of their current capabilities. In particular, we consider the problem of parallel solution of the large, sparse linear systems which arise with the MPQS and NFS methods. 1

Numbers of the form (6m + 1)(12m + 1)(18m + 1) where all three factors are simultaneously prime are the best known examples of Carmichael numbers. In this paper we tabulate the counts of such numbers up to 10 for each n 42. We also derive a function for estimating these counts that is remarkably accurate.

Mathematicians have been attempting to find better and faster ways to factor composite numbers since the beginning of time. Initially this involved dividing a number by larger and larger primes until you had the factorization. This trial division was not improved upon until Fermat applied the

3 Finite Fields In computational number theory and cryptographic applications, we often have to work over finite fields. A finite field F is a finite set with operations "+ " and "\Theta " which satisfy the usual associative, commutative and distributive laws:

This Report updates the tables of factorizations of a n \Sigma 1 for 13 a ! 100, previously published as CWI Report NM-R9212 (June 1992) and updated in CWI Report NM-R9419 (September 1994). A total of 760 new entries in the tables are given here. The factorizations are now complete for n ! 67, and there are no composite cofactors smaller than 10 94 . 1991 Mathematics Subject Classification. Primary 11A25; Secondary 11-04 Key words and phrases. Factor tables, ECM, MPQS, SNFS To appear as Report NM-R96??, Centrum voor Wiskunde en Informatica, Amsterdam, March 1996. Copyright c fl 1996, the authors. Only the front matter is given here. For the tables, see rpb134u2.txt . rpb134u2 typeset using L a T E X 1 Introduction For many years there has been an interest in the prime factors of numbers of the form a n \Sigma 1, where a is a small integer (the base) and n is a positive exponent. Such numbers often arise. For example, if a is prime then there is a finite field F with a n ...

This paper presents two algorithms that, given an n-bit positive integer m 2 1 + 8Z that is not a square, nd an element of Z=m that is a nonsquare or a nonzero non-unit. Under a standard conjecture, the rst algorithm takes time O(n(lg n) 3 lg lg n). Under a new but plausible conjecture, the second algorithm takes expected time O(n).

Let n > 2 be a positive integer and let denote Euler's totient function. De ne (n) = (n) and (n)) for all integers k 2. De ne the arithmetic function S by S(n) = (n) + (n) + 1, where (n) = 2. We say n is a perfect totient number if S(n) = n. We give a list of known perfect totient numbers, and we give sucient conditions for the existence of further perfect totient numbers.

This Report updates the tables of factorizations of a 1 for 13 a < 100, previously published as CWI Report NM-R9212 (June 1992) and updated in CWI Report NM-R9419 (September 1994). A total of 760 new entries in the tables are given here. The factorizations are now complete for n < 67, and there are no composite cofactors smaller than 10 .