Results 1  10
of
15
Some integer factorization algorithms using elliptic curves
 Australian Computer Science Communications
, 1986
"... Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order ..."
Abstract

Cited by 54 (13 self)
 Add to MetaCart
Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order log(p), where p is the factor which is found. In practice the speedup is significant. We mention some refinements which give greater speedup, an alternative way of implementing a second phase, and the connection with Pollard’s “p − 1” factorization algorithm. 1
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 43 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.
Factorization of the tenth and eleventh Fermat numbers
, 1996
"... . We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
(Show Context)
. We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a new 27decimal digit factor of the thirteenth Fermat number. This number has four known prime factors and a 2391decimal digit composite factor. All the new factors reported here were found by the elliptic curve method (ECM). The 40digit factor of the tenth Fermat number was found after about 140 Mflopyears of computation. We discuss aspects of the practical implementation of ECM, including the use of specialpurpose hardware, and note several other large factors found recently by ECM. 1. Introduction For a nonnegative integer n, the nth Fermat number is F n = 2 2 n + 1. It is known that F n is prime for 0 n 4, and composite for 5 n 23. Also, for n 2, the factors of F n are of th...
A Multilevel Blocking Distinctdegree Factorization Algorithm
 CONTEMPORARY MATHEMATICS
, 2008
"... We give a new algorithm for performing the distinctdegree factorization of a polynomial P(x) over GF(2), using a multilevel blocking strategy. The coarsest level of blocking replaces GCD computations by multiplications, as suggested by Pollard (1975), von zur Gathen and Shoup (1992), and others. ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
We give a new algorithm for performing the distinctdegree factorization of a polynomial P(x) over GF(2), using a multilevel blocking strategy. The coarsest level of blocking replaces GCD computations by multiplications, as suggested by Pollard (1975), von zur Gathen and Shoup (1992), and others. The novelty of our approach is that a finer level of blocking replaces multiplications by squarings, which speeds up the computation in GF(2)[x]/P(x) of certain interval polynomials when P(x) is sparse. As an application we give a fast algorithm to search for all irreducible trinomials x r + x s + 1 of degree r over GF(2), while producing a certificate that can be checked in less time than the full search. Naive algorithms cost O(r 2) per trinomial, thus O(r 3) to search over all trinomials of given degree r. Under a plausible assumption about the distribution of factors of trinomials, the new algorithm has complexity O(r 2 (log r) 3/2 (log log r) 1/2) for the search over all trinomials of degree r. Our implementation achieves a speedup of greater than a factor of 560 over the naive algorithm in the case r = 24036583 (a Mersenne exponent). Using our program, we have found two new primitive trinomials of degree 24036583 over GF(2) (the previous record degree was 6972593).
The great trinomial hunt
 American Mathematical Society Notices
"... A trinomial is a polynomial in one variable with three nonzero terms, for example P = 6x 7 + 3x 3 − 5. If the coefficients of a polynomial P (in this case 6, 3, −5) are in some ring or field F, we say that P is a polynomial ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
A trinomial is a polynomial in one variable with three nonzero terms, for example P = 6x 7 + 3x 3 − 5. If the coefficients of a polynomial P (in this case 6, 3, −5) are in some ring or field F, we say that P is a polynomial
Is the Data Encryption Standard a Group? (Results of Cycling Experiments on DES)I
"... Abstract. The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space ~ = {0, 1} 64. If this set of permutations were closed under functional composition, then the two most popular proposals for strengthening DES through multiple encryption would be equival ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space ~ = {0, 1} 64. If this set of permutations were closed under functional composition, then the two most popular proposals for strengthening DES through multiple encryption would be equivalent to single encryption. Moreover, DES would be vulnerable to a knownplaintext attack that runs in 22s steps on the average. It is unknown in the open literature whether or not DES has this weakness. Two statistical tests are presented for determining if an indexed set of permutations acting on a finite message space forms a group under functional composition. The first test is a "meetinthemiddle " algorithm which uses O(v/K) time and space, where K is the size of the key space. The second test, a novel cycling algorithm, uses the same amount of time but only a small constant amount of space. Each test yields a knownplaintext attack against any finite, deterministic cryptosystem that generates a small group. The cycling closure test takes a pseudorandom walk in the message space until
Will quantum computers make SHARCS obsolete?
"... Cost analysis of hash collisions: ..."
(Show Context)
unknown title
"... Atrinomial is a polynomial in one variable with three nonzero terms, for example P = 6x7 + 3x3 − 5. If the coefficients of a polynomial P (in this case 6, 3, −5) are in some ring or field F, we say that P is a polynomial over F, and write P ∈ F[x]. The operations of addition and multiplication of po ..."
Abstract
 Add to MetaCart
(Show Context)
Atrinomial is a polynomial in one variable with three nonzero terms, for example P = 6x7 + 3x3 − 5. If the coefficients of a polynomial P (in this case 6, 3, −5) are in some ring or field F, we say that P is a polynomial over F, and write P ∈ F[x]. The operations of addition and multiplication of polynomials in F[x] are defined in the usual way, with the operations on coefficients performed in F. Classically the most common cases are F = Z, Q, R, or C, respectively the integers, rationals, reals, or complex numbers. However, polynomials over finite fields are also important in applications. We restrict our attention to polynomials over the simplest finite field: the field GF(2) of two elements, usually written as 0 and 1. The field operations of addition and multiplication are defined as for integers modulo 2, so 0 + 1 = 1, 1 + 1 = 0, 0 × 1 = 0, 1 × 1 = 1, etc. An important consequence of the definitions is that, for polynomials P, Q ∈ GF(2)[x], we have (P + Q) 2 = P 2 + Q 2 because the “cross term ” 2PQ vanishes. High school algebra would have been much easier if we had used polynomials over GF(2) instead of over R! Trinomials over GF(2) are important in cryptography and random number generation. To Richard Brent is professor of mathematics at the Mathematical
A Birthday Paradox for Markov chains, with an optimal bound for collision in the Pollard Rho Algorithm for Discrete Logarithm
"... We show a Birthday Paradox for selfintersections of Markov chains with uniform stationary distribution. As an application, we analyze Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G and find that, if the partition in the algorithm is given by a random oracle, then wit ..."
Abstract
 Add to MetaCart
(Show Context)
We show a Birthday Paradox for selfintersections of Markov chains with uniform stationary distribution. As an application, we analyze Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G and find that, if the partition in the algorithm is given by a random oracle, then with high probability a collision occurs in Θ ( � G) steps. This is the first proof of the correct order bound which does not assume that every step of the algorithm produces an i.i.d. sample from G. 1