Results 11  20
of
25
Implementation of the Hypercube Variation of the Multiple Polynomial Quadratic Sieve
, 1995
"... We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime fa ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an ndimensional cube. Since changing polynomials on the hypercube is cheap, the optimal value for the size of the sieving interval is much smaller than in other implementations of the Multiple Polynomial Quadratic Sieve (MPQS). This makes HMPQS substantially faster than MPQS. We also describe a relatively fast way to find good parameters for the single large prime variation of the algorithm. Finally, we report on the performance of our implementation on factoring several large numbers for the Cunningham Project. Supported by National Science Foundation grant No. CCR9207204 1 Introduction Integer factorization algorithms are usually cate...
A GENERIC APPROACH TO SEARCHING FOR JACOBIANS
 MATHEMATICS OF COMPUTATION
, 2009
"... We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N 1/12) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over lowdegree extension fields, where in genus 2 we find Jacobians over F p 2 and trace zero varieties over F p 3 with nearprime orders up to 372 bits in size. For p =2 61 − 1, the average time to find a group with 244bit nearprime order is under an hour on a PC.
Elliptic Curve Factorization Using a "Partially Oblivious" Function.
"... . Let N = P R where P is a prime not dividing R. We show how a special class of functions f : ZN ! Z can be used to help obtain P given N . The requirements of f are that it be nontrivial and that f(x) = f(x mod P ). Such a function does not \see" R. Hence the name partially oblivious. 1. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. Let N = P R where P is a prime not dividing R. We show how a special class of functions f : ZN ! Z can be used to help obtain P given N . The requirements of f are that it be nontrivial and that f(x) = f(x mod P ). Such a function does not \see" R. Hence the name partially oblivious. 1. Introduction It is not known how to eciently factor a large integer N . Currently, the algorithm with best asymptotic complexity is the Number Field Sieve (see [6] ). For numbers below a certain size (currently believed to be about 100 decimal digits), either the Quadratic Sieve [12] or Lenstra's Elliptic Curve Method (ECM) [7] are faster. Which of these algorithms to use depends on the size of N and of the smallest prime factor of N . When the size of the smallest factor is suciently smaller than p N , ECM is the fastest of the three. This note describes a speedup of ECM under special conditions. Suppose N = P R, where P is a prime not dividing R. We assume the size, in bits, of P is know...
The ThreeLargePrimes Variant of the Number Field Sieve
"... The Number Field Sieve (NFS) is the asymptotically fastest known factoring algorithm for large integers. This method was proposed by John Pollard [20] in 1988. Since then several variants have been implemented with the objective of improving the siever which is the most time consuming part of this ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
The Number Field Sieve (NFS) is the asymptotically fastest known factoring algorithm for large integers. This method was proposed by John Pollard [20] in 1988. Since then several variants have been implemented with the objective of improving the siever which is the most time consuming part of this method (but fortunately, also the easiest to parallelise). Pollard's original method allowed one large prime. After that the twolargeprimes variant led to substantial improvements [11]. In this paper we investigate whether the threelargeprimes variant may lead to any further improvement. We present theoretical expectations and experimental results. We assume the reader to be familiar with the NFS.
Optimal Parameterization of SNFS
, 2003
"... The Special Number Field Sieve factoring algorithm has a large number of parametric choices, each of which can affect its run time. We give guidelines for these choices along with a discussion of useful coding optimizations. We also give a theoretical argument which proves that the choice of sieving ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
The Special Number Field Sieve factoring algorithm has a large number of parametric choices, each of which can affect its run time. We give guidelines for these choices along with a discussion of useful coding optimizations. We also give a theoretical argument which proves that the choice of sieving region that has been used so far in successful factorizations is not optimal and show how to obtain an improved sieve region. The improvement has yielded a 15% speed increase in practice.
Divisibility, Smoothness and Cryptographic Applications
, 2008
"... This paper deals with products of moderatesize primes, familiarly known as smooth numbers. Smooth numbers play an crucial role in information theory, signal processing and cryptography. We present various properties of smooth numbers relating to their enumeration, distribution and occurrence in var ..."
Abstract
 Add to MetaCart
(Show Context)
This paper deals with products of moderatesize primes, familiarly known as smooth numbers. Smooth numbers play an crucial role in information theory, signal processing and cryptography. We present various properties of smooth numbers relating to their enumeration, distribution and occurrence in various integer sequences. We then turn our attention to cryptographic applications in which smooth numbers play a pivotal role. 1 1
Implementation of the Hypercube Multiple Polynomial Quadratic Sieve
"... . We discuss our implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on the Quadratic Sieve (QS) algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime facto ..."
Abstract
 Add to MetaCart
. We discuss our implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on the Quadratic Sieve (QS) algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an ndimensional cube. Since changing polynomials on the hypercube is cheap, the optimal value for the size of the sieving interval is much smaller than in other implementations of the Multiple Polynomial Quadratic Sieve (MPQS). This makes HMPQS substantially faster than MPQS. We also describe a relatively fast way to find good parameters for the single large prime variation of the algorithm. Finally, we report on the performance of our implementations on factoring several large numbers for the Cunningham Project. 1 Introduction Integer factorization algorithms are usually categorized as either general purpose or special purpose. Gene...
SideChannel Attacks on Textbook RSA and ElGamal Encryption
"... Abstract. This paper describes very efficient attacks on plain RSA encryption as usually described in textbooks. These attacks exploit side channels caused by implementations that, during decryption, incorrectly make certain assumption on the size of message. We highlight different assumptions that ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper describes very efficient attacks on plain RSA encryption as usually described in textbooks. These attacks exploit side channels caused by implementations that, during decryption, incorrectly make certain assumption on the size of message. We highlight different assumptions that are easily made when implementing plain RSA decryption and present corresponding attacks. These attacks make clear that plain RSA is a padding scheme that has to be checked carefully during decryption instead of simply assuming a length of the transported message. Furthermore we note that the attacks presented here do also work against a similar setting of ElGamal encryption with only minimal changes. Keywords: RSA encryption, ElGamal encryption, Sidechannel attack. 1