Results 1  10
of
21
An Implementation of the General Number Field Sieve
 In Proceedings of Crypto'93
, 1993
"... It was shown in [2] that under reasonable assumptions the general number field sieve (GNFS) is the asymptotically fastest known factoring algorithm. It is, however, not known how this algorithm behaves in practice. In this report we describe practical experience with our implementation of the GNFS ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
(Show Context)
It was shown in [2] that under reasonable assumptions the general number field sieve (GNFS) is the asymptotically fastest known factoring algorithm. It is, however, not known how this algorithm behaves in practice. In this report we describe practical experience with our implementation of the GNFS whose first version was completed in January 1993 at the Department of Computer Science at the Universitat des Saarlandes. 1 Introduction Factoring rational integers into primes is one of the most important and most difficult problems of computational number theory. It was shown in [2] that under reasonable assumptions the general number field sieve (GNFS) is the asymptotically fastest known factoring algorithm. It is, however, not known how this algorithm behaves in practice. In this report we describe practical experience with the first version of our implementation of the GNFS. For our implementation we used the methods described in [2], [3], and [7]. In the course of the implementati...
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
(Show Context)
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
An Implementation of the Number Field Sieve
 EXPERIMENTAL MATHEMATICS
, 1996
"... This article describes an implementation of the NFS, including the choice of two quadratic polynomials, both classical sieving and a special form of lattice sieving (line sieving), the block Lanczos method and a new square root algorithm. Finally some data on factorizations obtained with this implem ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
This article describes an implementation of the NFS, including the choice of two quadratic polynomials, both classical sieving and a special form of lattice sieving (line sieving), the block Lanczos method and a new square root algorithm. Finally some data on factorizations obtained with this implementation are listed, including the record factorization of 12^151 1.
Strategies in Filtering in the Number Field Sieve
 In preparation
, 2000
"... A critical step when factoring large integers by the Number Field Sieve [8] consists of finding dependencies in a huge sparse matrix over the field F2 , using a Block Lanczos algorithm. Both size and weight (the number of nonzero elements) of the matrix critically affect the running time of Block ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
(Show Context)
A critical step when factoring large integers by the Number Field Sieve [8] consists of finding dependencies in a huge sparse matrix over the field F2 , using a Block Lanczos algorithm. Both size and weight (the number of nonzero elements) of the matrix critically affect the running time of Block Lanczos. In order to keep size and weight small the relations coming out of the siever do not flow directly into the matrix, but are filtered first in order to reduce the matrix size. This paper discusses several possible filter strategies and their use in the recent record factorizations of RSA140, R211 and RSA155. 2000 Mathematics Subject Classification: Primary 11Y05. Secondary 11A51. 1999 ACM Computing Classification System: F.2.1. Keywords and Phrases: Number Field Sieve, factoring, filtering, Structured Gaussian elimination, Block Lanczos, RSA. Note: Work carried out under project MAS2.2 "Computational number theory and data security". This report will appear in the proceed...
Computing Discrete Logarithms with the General Number Field Sieve
, 1996
"... . The difficulty in solving the discrete logarithm problem is of extreme cryptographic importance since it is widely used in signature schemes, message encryption, key exchange, authentication and so on ([15], [17], [21], [29] etc.). The General Number Field Sieve (GNFS) is the asymptotically fastes ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. The difficulty in solving the discrete logarithm problem is of extreme cryptographic importance since it is widely used in signature schemes, message encryption, key exchange, authentication and so on ([15], [17], [21], [29] etc.). The General Number Field Sieve (GNFS) is the asymptotically fastest known method to compute discrete logs mod p [18]. With the first implementation of the GNFS for discrete logs by using Schirokauer's improvement [27] we were able to show its practicability [31]. In this report we write about a new record in computing discrete logarithms mod p and some experimental data collected while finishing the precomputation step for breaking K. McCurley's 129digit challenge [10]. 1 Introduction Let p be a prime number and IF p (\Delta) be the cyclic multiplicative group of the prime field of p elements, which has order p \Gamma 1. Let a 2 IF p . In the case of b 2 hai, the multiplicative subgroup generated by a, there exist infinitely many x 2 IN 0 such th...
Solving a 676bit discrete logarithm problem
 in GF (3 6n ),” in PKC 2010, LNCS 6056
"... Abstract. Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The T pairing on supersingular curves over GF(3n) is particularly popular since it is efficiently implementable. Taking into account the MenezesOkamotoVanstone (MOV) attack, the d ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Pairings on elliptic curves over finite fields are crucial for constructing various cryptographic schemes. The T pairing on supersingular curves over GF(3n) is particularly popular since it is efficiently implementable. Taking into account the MenezesOkamotoVanstone (MOV) attack, the discrete logarithm problem (DLP) in GF(36n) becomes a concern for the security of cryptosystems using T pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the medium prime case, named JL06FFS. We have, however, not yet found any practical implementations on JL06FFS over GF(36n). Therefore, we first fulfill such an implementation and we successfully set a new record for solving the DLP in GF(36n), the DLP in GF(3671) of 676bit size. In addition, we also compare JL06FFS and an earlier version, named JL02FFS, with practical experiments. Our results confirm that the former is several times faster than the latter under certain conditions. Key words: function field sieve, discrete logarithm problem, pairingbased cryptosystems 1
Efficient SIMD arithmetic modulo a Mersenne number
 20TH IEEE SYMPOSIUM ON COMPUTER ARITHMETIC
, 2011
"... This paper describes carryless arithmetic operations modulo an integer 2 M −1 in the thousandbit range, targeted at single instruction multiple data platforms and applications where overall throughput is the main performance criterion. Using an implementation on a cluster of PlayStation 3 game con ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
This paper describes carryless arithmetic operations modulo an integer 2 M −1 in the thousandbit range, targeted at single instruction multiple data platforms and applications where overall throughput is the main performance criterion. Using an implementation on a cluster of PlayStation 3 game consoles a new record was set for the elliptic curve method for integer factorization.
The MultipleLattice Number Field Sieve
 Chapter 3 of Ph.D. thesis; ftp://koobera.math.uic.edu/pub/papers/mlnfs.dvi
"... We introduce the multiplelattice number field sieve. The formal relation between the multiplelattice number field sieve and the number field sieve is the same as the formal relation between the multiplepolynomial quadratic sieve and the quadratic sieve. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We introduce the multiplelattice number field sieve. The formal relation between the multiplelattice number field sieve and the number field sieve is the same as the formal relation between the multiplepolynomial quadratic sieve and the quadratic sieve.
Integer Factoring
, 2000
"... Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization.
Relation collection for the Function Field Sieve
"... Abstract—In this paper, we focus on the relation collection step of the Function Field Sieve (FFS), which is to date the best algorithm known for computing discrete logarithms in smallcharacteristic finite fields of cryptographic sizes. Denoting such a finite field by Fpn, where p is much smaller th ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract—In this paper, we focus on the relation collection step of the Function Field Sieve (FFS), which is to date the best algorithm known for computing discrete logarithms in smallcharacteristic finite fields of cryptographic sizes. Denoting such a finite field by Fpn, where p is much smaller than n, the main idea behind this step is to find polynomials of the form a(t) − b(t)x in Fp[t][x] which, when considered as principal ideals in carefully selected function fields, can be factored into products of lowdegree prime ideals. Such polynomials are called “relations”, and current recordsized discretelogarithm computations need billions of those. Collecting relations is therefore a crucial and extremely expensive step in FFS, and a practical implementation thereof requires heavy use of cacheaware sieving algorithms, along with efficient polynomial arithmetic over Fp[t]. This paper presents the algorithmic and arithmetic techniques which were put together as part of a new public implementation of FFS, aimed at medium to recordsized computations. Keywordsfunction field sieve; discrete logarithm; polynomial arithmetic; finitefield arithmetic. I.