Results 1  10
of
23
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 38 (13 self)
 Add to MetaCart
(Show Context)
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
ECM on Graphics Cards
"... Abstract. This paper reports recordsetting performance for the ellipticcurve method of integer factorization: for example, 604.99 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers on a single PC. The stateoftheart GMPECM software handles 171.42 curves/second for ECM stage 1 with ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper reports recordsetting performance for the ellipticcurve method of integer factorization: for example, 604.99 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers on a single PC. The stateoftheart GMPECM software handles 171.42 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers using all four cores of a 2.4GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 280 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 280 the implementation performs 22.66 million modular multiplications per second for a general 280bit modulus. GMPECM, using all four cores of a Q6600, performs 17.91 million multiplications per second. This paper also reports speeds on other graphics processors: for example,
On the security of 1024bit RSA and 160bit elliptic curve cryptography: version 2.1. Cryptology ePrint Archive, Report 2009/389
, 2009
"... Abstract. Meeting the requirements of NIST’s new cryptographic standards means phasing out usage of 1024bit RSA and 160bit elliptic curve cryptography (ECC) by the end of the year 2010. This writeup comments on the vulnerability of these systems to an open community attack effort and aims to asse ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
Abstract. Meeting the requirements of NIST’s new cryptographic standards means phasing out usage of 1024bit RSA and 160bit elliptic curve cryptography (ECC) by the end of the year 2010. This writeup comments on the vulnerability of these systems to an open community attack effort and aims to assess the risk of their unavoidable continued usage beyond 2010 until the migration to the new standards has been completed. We conclude that for 1024bit RSA the risk is small at least until the year 2014, and that 160bit ECC over a prime field may safely be used for much longer – with the current state of the art in cryptanalysis we would be surprised if a public effort can make a dent in 160bit prime field ECC by the year 2020. Our assessment is based on the latest practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts.
Faster Multiplication in GF(2)[x]
"... Abstract. In this paper, we discuss an implementation of various algorithms for multiplying polynomials in GF(2)[x]: variants of the window methods, Karatsuba’s, ToomCook’s, Schönhage’s and Cantor’s algorithms. For most of them, we propose improvements that lead to practical speedups. ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we discuss an implementation of various algorithms for multiplying polynomials in GF(2)[x]: variants of the window methods, Karatsuba’s, ToomCook’s, Schönhage’s and Cantor’s algorithms. For most of them, we propose improvements that lead to practical speedups.
Relation collection for the Function Field Sieve
"... Abstract—In this paper, we focus on the relation collection step of the Function Field Sieve (FFS), which is to date the best algorithm known for computing discrete logarithms in smallcharacteristic finite fields of cryptographic sizes. Denoting such a finite field by Fpn, where p is much smaller th ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract—In this paper, we focus on the relation collection step of the Function Field Sieve (FFS), which is to date the best algorithm known for computing discrete logarithms in smallcharacteristic finite fields of cryptographic sizes. Denoting such a finite field by Fpn, where p is much smaller than n, the main idea behind this step is to find polynomials of the form a(t) − b(t)x in Fp[t][x] which, when considered as principal ideals in carefully selected function fields, can be factored into products of lowdegree prime ideals. Such polynomials are called “relations”, and current recordsized discretelogarithm computations need billions of those. Collecting relations is therefore a crucial and extremely expensive step in FFS, and a practical implementation thereof requires heavy use of cacheaware sieving algorithms, along with efficient polynomial arithmetic over Fp[t]. This paper presents the algorithmic and arithmetic techniques which were put together as part of a new public implementation of FFS, aimed at medium to recordsized computations. Keywordsfunction field sieve; discrete logarithm; polynomial arithmetic; finitefield arithmetic. I.
On Nonlinear Polynomial Selection and Geometric Progression (mod N) for Number Field Sieve. https://eprint.iacr.org/2011/292.pdf
"... The general number field sieve (GNFS) is asymptotically the fastest known factoring algorithm. One of the most important steps of GNFS is to select a good polynomial pair. A standard way of polynomial selection (being used in factoring RSA challenge numbers) is to select a nonlinear polynomial for a ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
The general number field sieve (GNFS) is asymptotically the fastest known factoring algorithm. One of the most important steps of GNFS is to select a good polynomial pair. A standard way of polynomial selection (being used in factoring RSA challenge numbers) is to select a nonlinear polynomial for algebraic sieving and a linear polynomial for rational sieving. There is another method called a nonlinear method which selects two polynomials of the same degree greater than one. In this paper, we generalize Montgomery’s method [7] using small geometric progression (GP) (mod N) to construct a pair of nonlinear polynomials. We introduce GP of length d + k with 1 ≤ k ≤ d − 1 and show that we can construct polynomials of degree d having common root (mod N), where the number of such polynomials and the size of the coefficients can be precisely determined.
Discrete logarithm in GF(2809) with FFS
"... Abstract. The year 2013 has seen several major complexity advances for the discrete logarithm problem in multiplicative groups of smallcharacteristic finite fields. These outmatch, asymptotically, the Function Field Sieve (FFS) approach, which was so far the most efficient algorithm known for this ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The year 2013 has seen several major complexity advances for the discrete logarithm problem in multiplicative groups of smallcharacteristic finite fields. These outmatch, asymptotically, the Function Field Sieve (FFS) approach, which was so far the most efficient algorithm known for this task. Yet, on the practical side, it is not clear whether the new algorithms are uniformly better than FFS. This article presents the state of the art with regard to the FFS algorithm, and reports data from a recordsized discrete logarithm computation in a primedegree extension field.
Factorization of a 1061bit number by the Special Number Field Sieve
, 2012
"... I provide the details of the factorization of the Mersenne number 2 1061 − 1 by the Special Number Field Sieve. Although this factorization is easier than the completed factorization of RSA768, it represents a new milestone for factorization using publicly available software. 1 ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
I provide the details of the factorization of the Mersenne number 2 1061 − 1 by the Special Number Field Sieve. Although this factorization is easier than the completed factorization of RSA768, it represents a new milestone for factorization using publicly available software. 1
Efficiency improvement for NTRU
 In Ammar Alkassar and Jörg Siekmann, editors, SICHERHEIT 2008
"... Abstract: The NTRU encryption scheme is an interesting alternative to wellestablished encryption schemes such as RSA, ElGamal, and ECIES. The security of NTRU relies on the hardness of computing short lattice vectors and thus is a promising candidate for being quantum computer resistant. There has ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract: The NTRU encryption scheme is an interesting alternative to wellestablished encryption schemes such as RSA, ElGamal, and ECIES. The security of NTRU relies on the hardness of computing short lattice vectors and thus is a promising candidate for being quantum computer resistant. There has been extensive research on efficient implementation of the NTRU encryption scheme. In this paper, we present a new algorithm for enhancing the performance of NTRU. The proposed method is between 11 % and 23 % faster on average than the best previously known method. We also present a highly efficient implementation of NTRU within the Java Cryptography Architecture.
Natarajan Vijayarangan, TCS Innovation Labs.................................................................18
"... Hi, I am reading the document and was wondering what distinguishes "data authentication" ..."
Abstract
 Add to MetaCart
Hi, I am reading the document and was wondering what distinguishes "data authentication"