Results 1  10
of
17
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 38 (13 self)
 Add to MetaCart
(Show Context)
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Distributed MatrixFree Solution of Large Sparse Linear Systems over Finite Fields
 Algorithmica
, 1996
"... We describe a coarsegrain parallel software system for the homogeneous solution of linear systems. Our solutions are symbolic, i.e., exact rather than numerical approximations. Our implementation can be run on a network cluster of SPARC20 computers and on an SP2 multiprocessor. Detailed timings a ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
(Show Context)
We describe a coarsegrain parallel software system for the homogeneous solution of linear systems. Our solutions are symbolic, i.e., exact rather than numerical approximations. Our implementation can be run on a network cluster of SPARC20 computers and on an SP2 multiprocessor. Detailed timings are presented for experiments with systems that arise in RSA challenge integer factoring efforts. For example, we can solve a 252; 222 \Theta 252; 222 system with about 11.04 million nonzero entries over the Galois field with 2 elements using 4 processors of an SP2 multiprocessor, in about 26.5 hours CPU time. 1 Introduction The problem of solving large, unstructured, sparse linear systems using exact arithmetic arises in symbolic linear algebra and computational number theory. For example the sievebased factoring of large integers can lead to systems containing over 569,000 equations and variables and over 26.5 million nonzero entries, that need to be solved over the Galois field of two...
NFS with Four Large Primes: An Explosive Experiment
, 1995
"... The purpose of this paper is to report the unexpected results that we obtained while experimenting with the multilarge prime variation of the general number field sieve integer factoring algorithm (NFS, cf. [8]). For traditional factoring algorithms that make use of at most two large primes, the ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
The purpose of this paper is to report the unexpected results that we obtained while experimenting with the multilarge prime variation of the general number field sieve integer factoring algorithm (NFS, cf. [8]). For traditional factoring algorithms that make use of at most two large primes, the completion time can quite accurately be predicted by extrapolating an almost quartic and entirely ‘smooth ’ function that counts the number of useful combinations among the large primes [l]. For NFS such extrapolations seem to be impossiblethe number of useful combinations suddenly ‘explodes ’ in an as yet unpredictable way, that we have not yet been able to understand completely. The consequence of this explosion is that NFS is substantially faster than expected, which implies that factoring is somewhat easier than we thought.
Improvements to the general number field sieve for discrete logarithms in prime fields
 Mathematics of Computation
, 2003
"... Abstract. In this paper, we describe many improvements to the number field sieve. Our main contribution consists of a new way to compute individual logarithms with the number field sieve without solving a very large linear system for each logarithm. We show that, with these improvements, the number ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we describe many improvements to the number field sieve. Our main contribution consists of a new way to compute individual logarithms with the number field sieve without solving a very large linear system for each logarithm. We show that, with these improvements, the number field sieve outperforms the gaussian integer method in the hundred digit range. We also illustrate our results by successfully computing discrete logarithms with GNFS in a large prime field. 1.
Analysis and Optimization of the TWINKLE Factoring Device
 PROCEEDINGS EUROCRYPT 2000, LNCS 1807
, 2000
"... We describe an enhanced version of the TWINKLE factoring device and analyse to what extent it can be expected to speed up the sieving step of the Quadratic Sieve and Number Field Sieve factoring algorithms. The bottom line of our analysis is that the TWINKLEassisted factorization of 768bit number ..."
Abstract

Cited by 24 (5 self)
 Add to MetaCart
(Show Context)
We describe an enhanced version of the TWINKLE factoring device and analyse to what extent it can be expected to speed up the sieving step of the Quadratic Sieve and Number Field Sieve factoring algorithms. The bottom line of our analysis is that the TWINKLEassisted factorization of 768bit numbers is difficult but doable in about 9 months (including the sieving and matrix parts) by a large organization which can use 80,000 standard Pentium II PC’s and 5,000 TWINKLE devices.
SHARK — A Realizable Special Hardware Sieving Device for Factoring 1024bit Integers
 In: SHARCS
, 2005
"... Since 1999 specialized hardware architectures for factoring numbers of 1024 bit size with the Generalized Number Field Sieve (GNFS) have attracted a lot of attention ([Ber], [ST]). Concerns about the feasibility of giant monolytic ASIC architectures such as TWIRL have been raised. Therefore, we prop ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
(Show Context)
Since 1999 specialized hardware architectures for factoring numbers of 1024 bit size with the Generalized Number Field Sieve (GNFS) have attracted a lot of attention ([Ber], [ST]). Concerns about the feasibility of giant monolytic ASIC architectures such as TWIRL have been raised. Therefore, we propose a parallelized lattice sieving device called SHARK, which completes the sieving step of the GNFS for a 1024bit number in one year. Its architecture is modular and consists of small ASICs connected by a specialized butterfly transport system. We estimate the costs of such a device to be less than US $ 200 million. Because of the modular architecture based on small ASICs, we claim that this device can be built with today’s technology.
Sieving Using Bucket Sort ⋆
"... Abstract. This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatical ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatically reduces the number of cache hit misses when the size of the sieving region is roughly less than the square of the cache size, and the memory updates are several times faster than the straightforward implementation. 1
Continued fractions and the lattice sieving
 In Proceedings of SHARCS
, 2005
"... ..."
(Show Context)