Results 1  10
of
11
Distributed MatrixFree Solution of Large Sparse Linear Systems over Finite Fields
 Algorithmica
, 1996
"... We describe a coarsegrain parallel software system for the homogeneous solution of linear systems. Our solutions are symbolic, i.e., exact rather than numerical approximations. Our implementation can be run on a network cluster of SPARC20 computers and on an SP2 multiprocessor. Detailed timings a ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
We describe a coarsegrain parallel software system for the homogeneous solution of linear systems. Our solutions are symbolic, i.e., exact rather than numerical approximations. Our implementation can be run on a network cluster of SPARC20 computers and on an SP2 multiprocessor. Detailed timings are presented for experiments with systems that arise in RSA challenge integer factoring efforts. For example, we can solve a 252; 222 \Theta 252; 222 system with about 11.04 million nonzero entries over the Galois field with 2 elements using 4 processors of an SP2 multiprocessor, in about 26.5 hours CPU time. 1 Introduction The problem of solving large, unstructured, sparse linear systems using exact arithmetic arises in symbolic linear algebra and computational number theory. For example the sievebased factoring of large integers can lead to systems containing over 569,000 equations and variables and over 26.5 million nonzero entries, that need to be solved over the Galois field of two...
NFS with Four Large Primes: An Explosive Experiment
, 1995
"... The purpose of this paper is to report the unexpected results that we obtained while experimenting with the multilarge prime variation of the general number field sieve integer factoring algorithm (NFS, cf. [8]). For traditional factoring algorithms that make use of at most two large primes, the ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
The purpose of this paper is to report the unexpected results that we obtained while experimenting with the multilarge prime variation of the general number field sieve integer factoring algorithm (NFS, cf. [8]). For traditional factoring algorithms that make use of at most two large primes, the completion time can quite accurately be predicted by extrapolating an almost quartic and entirely ‘smooth ’ function that counts the number of useful combinations among the large primes [l]. For NFS such extrapolations seem to be impossiblethe number of useful combinations suddenly ‘explodes ’ in an as yet unpredictable way, that we have not yet been able to understand completely. The consequence of this explosion is that NFS is substantially faster than expected, which implies that factoring is somewhat easier than we thought.
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Analysis and Optimization of the TWINKLE Factoring Device
 PROCEEDINGS EUROCRYPT 2000, LNCS 1807
, 2000
"... We describe an enhanced version of the TWINKLE factoring device and analyse to what extent it can be expected to speed up the sieving step of the Quadratic Sieve and Number Field Sieve factoring algorithms. The bottom line of our analysis is that the TWINKLEassisted factorization of 768bit number ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
We describe an enhanced version of the TWINKLE factoring device and analyse to what extent it can be expected to speed up the sieving step of the Quadratic Sieve and Number Field Sieve factoring algorithms. The bottom line of our analysis is that the TWINKLEassisted factorization of 768bit numbers is difficult but doable in about 9 months (including the sieving and matrix parts) by a large organization which can use 80,000 standard Pentium II PC’s and 5,000 TWINKLE devices.
Improvements to the general number field sieve for discrete logarithms in prime fields
 Mathematics of Computation
, 2003
"... Abstract. In this paper, we describe many improvements to the number field sieve. Our main contribution consists of a new way to compute individual logarithms with the number field sieve without solving a very large linear system for each logarithm. We show that, with these improvements, the number ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Abstract. In this paper, we describe many improvements to the number field sieve. Our main contribution consists of a new way to compute individual logarithms with the number field sieve without solving a very large linear system for each logarithm. We show that, with these improvements, the number field sieve outperforms the gaussian integer method in the hundred digit range. We also illustrate our results by successfully computing discrete logarithms with GNFS in a large prime field. 1.
SHARK — A Realizable Special Hardware Sieving Device for Factoring 1024bit Integers
 In: SHARCS
, 2005
"... Since 1999 specialized hardware architectures for factoring numbers of 1024 bit size with the Generalized Number Field Sieve (GNFS) have attracted a lot of attention ([Ber], [ST]). Concerns about the feasibility of giant monolytic ASIC architectures such as TWIRL have been raised. Therefore, we prop ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
Since 1999 specialized hardware architectures for factoring numbers of 1024 bit size with the Generalized Number Field Sieve (GNFS) have attracted a lot of attention ([Ber], [ST]). Concerns about the feasibility of giant monolytic ASIC architectures such as TWIRL have been raised. Therefore, we propose a parallelized lattice sieving device called SHARK, which completes the sieving step of the GNFS for a 1024bit number in one year. Its architecture is modular and consists of small ASICs connected by a specialized butterfly transport system. We estimate the costs of such a device to be less than US $ 200 million. Because of the modular architecture based on small ASICs, we claim that this device can be built with today’s technology.
CONTINUED FRACTIONS AND LATTICE SIEVING
"... Abstract. We present a new method of lattice sieving which we expect to be faster by a constant factor than the method of Pollard, and which has been used in recent GNFS records. We also explain how to efficiently split the sieving region among several computing nodes and analyze the asymptotic beha ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. We present a new method of lattice sieving which we expect to be faster by a constant factor than the method of Pollard, and which has been used in recent GNFS records. We also explain how to efficiently split the sieving region among several computing nodes and analyze the asymptotic behaviour of the cost of sieving on a large parallel computer. The asymptotic behaviour of the cost parallelized sieving has recently been analyzed by D. Bernstein ([Ber]), who assumed that a twodimensional mesh is used. We propose a parallelized lattice siever using a butterflylike topology. The Bernstein cost function for this siever is superior to the cost function for the methods proposed by Bernstein, both asymptotically and for projects of a size comparable to current factorization records. For very large projects, of a size well above RSA1024, one may encounter problems realizing this topology in threedimensional Euclidean space. We will explain in Remark 3 in the last section that this problem is unlikely to occur for projects of a feasible size. 1. The algorithm for lattice sieving
Integer Factoring
, 2000
"... Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization.
Sieving Using Bucket Sort ⋆
"... Abstract. This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatical ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatically reduces the number of cache hit misses when the size of the sieving region is roughly less than the square of the cache size, and the memory updates are several times faster than the straightforward implementation. 1