Results 1  10
of
11
Selecting Cryptographic Key Sizes
 TO APPEAR IN THE JOURNAL OF CRYPTOLOGY, SPRINGERVERLAG
, 2001
"... In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter ..."
Abstract

Cited by 253 (6 self)
 Add to MetaCart
In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems.
Parallel Collision Search with Cryptanalytic Applications
 Journal of Cryptology
, 1996
"... A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to ad ..."
Abstract

Cited by 145 (3 self)
 Add to MetaCart
A simple new technique of parallelizing methods for solving search problems which seek collisions in pseudorandom walks is presented. This technique can be adapted to a wide range of cryptanalytic problems which can be reduced to finding collisions. General constructions are given showing how to adapt the technique to finding discrete logarithms in cyclic groups, finding meaningful collisions in hash functions, and performing meetinthemiddle attacks such as a knownplaintext attack on double encryption. The new technique greatly extends the reach of practical attacks, providing the most costeffective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions such as MD5, RIPEMD, SHA1, MDC2, and MDC4; and double encryption and threekey triple encryption. The practical significance of the technique is illustrated by giving the design for three $10 million custom machines which could be built with current technology: one finds elliptic curve logarithms in GF(2 ) thereby defeating a proposed elliptic curve cryptosystem in expected time 32 days, the second finds MD5 collisions in expected time 21 days, and the last recovers a doubleDES key from 2 known plaintexts in expected time 4 years, which is four orders of magnitude faster than the conventional meetinthemiddle attack on doubleDES. Based on this attack, doubleDES offers only 17 more bits of security than singleDES.
Parallel Implementation of Algorithms for Finding Connected Components in Graphs
, 1997
"... In this paper, we describe our implementation of several parallel graph algorithms for finding connected components. Our implementation, with virtual processing, is on a 16,384processor MasPar MP1 using the language MPL. We present extensive test data on our code. In our previous projects [21, 22, ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
In this paper, we describe our implementation of several parallel graph algorithms for finding connected components. Our implementation, with virtual processing, is on a 16,384processor MasPar MP1 using the language MPL. We present extensive test data on our code. In our previous projects [21, 22, 23], we reported the implementation of an extensible parallel graph algorithms library. We developed general implementation and finetuning techniques without expending too much effort on optimizing each individual routine. We also handled the issue of implementing virtual processing. In this paper, we describe several algorithms and finetuning techniques that we developed for the problem of finding connected components in parallel; many of the finetuning techniques are of general interest, and should be applicable to code for other problems. We present data on the execution time and memory usage of our various implementations.
On the factorization of RSA120
, 1994
"... We present data concerning the factorization of the 120digit number RSA120, which we factored on July 9, 1993, using the quadratic sieve method. The factorization took approximately 825 MIPS years and was completed within three months real time. At the time of writing RSA120 is the largest inte ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
We present data concerning the factorization of the 120digit number RSA120, which we factored on July 9, 1993, using the quadratic sieve method. The factorization took approximately 825 MIPS years and was completed within three months real time. At the time of writing RSA120 is the largest integer ever factored by a general purpose factoring algorithm. We also present some conservative extrapolations to estimate the difficulty of factoring even larger numbers, using either the quadratic sieve method or the number field sieve, and discuss the issue of the crossover point between these two methods.
Implementation of Parallel Graph Algorithms on a Massively Parallel SIMD Computer with Virtual Processing
, 1995
"... We describe our implementation of several PRAM graph algorithms on the massively parallel computer MasPar MP1 with 16,384 processors. Our implementation incorporated virtual processing and we present extensive test data. In a previous project [13], we reported the implementation of a set of paralle ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
We describe our implementation of several PRAM graph algorithms on the massively parallel computer MasPar MP1 with 16,384 processors. Our implementation incorporated virtual processing and we present extensive test data. In a previous project [13], we reported the implementation of a set of parallel graph algorithms with the constraint that the maximum input size was restricted to be no more than the physical number of processors on the MasPar. The MasPar language MPL that we used for our code does not support virtual processing. In this paper, we describe a method of simulating virtual processors on the MasPar. We recoded and finetuned our earlier parallel graph algorithms to incorporate the usage of virtual processors. Under the current implementation scheme, there is no limit on the number of virtual processors that one can use in the program as long as there is enough main memory to store all the data required during the computation. We also give two general optimization techniq...
Analysis of Bernstein's Factorization Circuit
, 2002
"... In [1], Bernstein proposed a circuitbased implementation of the matrix step of the number field sieve factorization algorithm. These circuits o er an asymptotic cost reduction under the measure "construction cost × run time". We evaluate the cost of these circuits, in agreement with [1], but ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
In [1], Bernstein proposed a circuitbased implementation of the matrix step of the number field sieve factorization algorithm. These circuits o er an asymptotic cost reduction under the measure "construction cost × run time". We evaluate the cost of these circuits, in agreement with [1], but argue that compared to previously known methods these circuits can factor integers that are 1.17 times larger, rather than 3.01 as claimed (and even this, only under the nonstandard cost measure).
The Magic Words Are Squeamish Ossifrage (Extended Abstract)
"... We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic siev ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic sieve integer factoring algorithm can more effectively be approximated by a quartic function of the time spent, than by the more familiar quadratic function. We also present, as an update to [15], some of our experiences with the management of a large computation distributed over the Internet. Based on this experience, we give some realistic estimates of the current readily available computational power of the Internet. We conclude that commonlyused 512bit RSA moduli are vulnerable to any organization prepared to spend a few million dollars and to wait a few months.
A Theoretical and Empirical Study of Current Techniques and Results
, 1997
"... This paper [PCT88] describes a concept for a dedicated factoring machine, implementing a variation on the quadratic sieve algorithm, which the author's conjecture could have been built in 1988 for $50,000 to be able to factor a 100 digit number in two weeks. Based on this, they conjectured that a $1 ..."
Abstract
 Add to MetaCart
This paper [PCT88] describes a concept for a dedicated factoring machine, implementing a variation on the quadratic sieve algorithm, which the author's conjecture could have been built in 1988 for $50,000 to be able to factor a 100 digit number in two weeks. Based on this, they conjectured that a $10,000,000 effort over a year could, at the time, have factored a 144 digit number. Based on the observations below, all of these conjectures should be taken with a large grain of salt
Finding Connected Components in Graphs
, 1996
"... In this paper, we describe our implementation of several parallel graph algorithms for finding connected components. Our implementation, with virtual processing, is on a 16,384processor MasPar MP1 using the language MPL. We present extensive test data on our code. In our previous projects [21, 22, ..."
Abstract
 Add to MetaCart
In this paper, we describe our implementation of several parallel graph algorithms for finding connected components. Our implementation, with virtual processing, is on a 16,384processor MasPar MP1 using the language MPL. We present extensive test data on our code. In our previous projects [21, 22, 23], we reported the implementation of an extensible parallel graph algorithms library. We developed general implementation and netuning techniques without expending too much e ort on optimizing each individual routine. We also handled the issue of implementing virtual processing. In this paper, we describe several algorithms and finetuning techniques that we developed for the problem of finding connected components in parallel; many of the finetuning techniques are of general interest, and should be applicable to code for other problems. We present data on the execution time and memory usage of our various implementations.