Results 1  10
of
15
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
(Show Context)
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Index calculus in class groups of nonhyperelliptic curves of genus three, in "Journal of Cryptology", The original publication is available at www.springerlink.com
, 2007
"... We study an index calculus algorithm to solve the discrete logarithm problem (DLP) in degree 0 class groups of nonhyperelliptic curves of genus 3 over finite fields. We present a heuristic analysis of the algorithm which indicates that the DLP in degree 0 class groups of nonhyperelliptic curves of ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
(Show Context)
We study an index calculus algorithm to solve the discrete logarithm problem (DLP) in degree 0 class groups of nonhyperelliptic curves of genus 3 over finite fields. We present a heuristic analysis of the algorithm which indicates that the DLP in degree 0 class groups of nonhyperelliptic curves of genus 3 can be solved in an expected time of Õ(q). This heuristic result relies on one heuristic assumption which is studied experimentally. We also present experimental data which show that a variant of the algorithm is faster than the Rho method even for small group sizes, and we address practical limitations of the algorithm.
A kilobit special number field sieve factorization
 IN ADVANCES IN CRYPTOLOGY – ASIACRYPT 2007 (2007), LNCS
, 2007
"... We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number 2 1039 − 1. Although this factorization is orders of magnitude ‘easier ’ than a factorization of a 1024bit RSA m ..."
Abstract

Cited by 20 (6 self)
 Add to MetaCart
(Show Context)
We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number 2 1039 − 1. Although this factorization is orders of magnitude ‘easier ’ than a factorization of a 1024bit RSA modulus is believed to be, the methods we used to obtain our result shed new light on the feasibility of the latter computation.
Improvements to the general number field sieve for discrete logarithms in prime fields
 Mathematics of Computation
, 2003
"... Abstract. In this paper, we describe many improvements to the number field sieve. Our main contribution consists of a new way to compute individual logarithms with the number field sieve without solving a very large linear system for each logarithm. We show that, with these improvements, the number ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we describe many improvements to the number field sieve. Our main contribution consists of a new way to compute individual logarithms with the number field sieve without solving a very large linear system for each logarithm. We show that, with these improvements, the number field sieve outperforms the gaussian integer method in the hundred digit range. We also illustrate our results by successfully computing discrete logarithms with GNFS in a large prime field. 1.
Factorization of RSA140 Using the Number Field Sieve
 IN ADVANCES IN CRYPTOLOGY, ASIACRYPT’99
, 1999
"... ..."
Breaking pairingbased cryptosystems using ηT pairing over GF (3 97)
"... Abstract. There are many useful cryptographic schemes, such as IDbased encryption, short signature, keyword searchable encryption, attributebased encryption, functional encryption, that use a bilinear pairing. It is important to estimate the security of such pairingbased cryptosystems in cryptogr ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. There are many useful cryptographic schemes, such as IDbased encryption, short signature, keyword searchable encryption, attributebased encryption, functional encryption, that use a bilinear pairing. It is important to estimate the security of such pairingbased cryptosystems in cryptography. The most essential numbertheoretic problem in pairingbased cryptosystems is the discrete logarithm problem (DLP) because pairingbased cryptosystems are no longer secure once the underlining DLP is broken. One efficient bilinear pairing is the ηT pairing defined over a supersingular elliptic curve E on the finite field GF (3 n) for a positive integer n. The embedding degree of the ηT pairing is 6; thus, we can reduce the DLP over E on GF (3 n) to that over the finite field GF (3 6n). In this paper, for breaking the ηT pairing over GF (3 n), we discuss solving the DLP over GF (3 6n) by using the function field sieve (FFS), which is the asymptotically fastest algorithm for solving a DLP over finite fields of small characteristics. We chose the extension degree n = 97 because it has been intensively used in benchmarking tests for the implementation of the ηT pairing, and the order (923bit) of GF (3 6·97) is substantially larger than the previous world record (676bit) of solving the DLP by using the FFS. We implemented the FFS for the medium prime case (JL06FFS), and propose several improvements of the FFS, for example, the lattice sieve for JL06FFS and the filtering adjusted to the Galois action. Finally, we succeeded in solving the DLP over GF (3 6·97). The entire computational time of our improved FFS requires about 148.2 days using 252 CPU cores. Our computational results contribute to the secure use of pairingbased cryptosystems with the ηT pairing.
Improvements in the computation of ideal class groups of imaginary quadratic number fields
 Advances in Mathematics of Computation
"... Abstract. We investigate improvements to the algorithm for the computation of ideal class group described by Jacobson in the imaginary quadratic case. These improvements rely on the large prime strategy and a new method for performing the linear algebra phase. We achieve a significant speedup and a ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. We investigate improvements to the algorithm for the computation of ideal class group described by Jacobson in the imaginary quadratic case. These improvements rely on the large prime strategy and a new method for performing the linear algebra phase. We achieve a significant speedup and are able to compute 110decimal digits discriminant ideal class group in less than a week. 1.
Computation of discrete logarithms in F2607
 In Advances in Cryptology (AsiaCrypt 2001), Springer LNCS 2248
"... Abstract. We describe in this article how we have been able to extend the record for computationsof discrete logarithmsin characteristic 2 from the previousrecord over F 2 503 to a newer mark of F 2 607, using Coppersmith’s algorithm. This has been made possible by several practical improvementsto t ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We describe in this article how we have been able to extend the record for computationsof discrete logarithmsin characteristic 2 from the previousrecord over F 2 503 to a newer mark of F 2 607, using Coppersmith’s algorithm. This has been made possible by several practical improvementsto the algorithm. Although the computationshave been carried out on fairly standard hardware, our opinion is that we are nearing the current limitsof the manageable sizesfor thisalgorithm, and that going substantially further will require deeper improvements to the method. 1
The ThreeLargePrimes Variant of the Number Field Sieve
"... The Number Field Sieve (NFS) is the asymptotically fastest known factoring algorithm for large integers. This method was proposed by John Pollard [20] in 1988. Since then several variants have been implemented with the objective of improving the siever which is the most time consuming part of this ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
The Number Field Sieve (NFS) is the asymptotically fastest known factoring algorithm for large integers. This method was proposed by John Pollard [20] in 1988. Since then several variants have been implemented with the objective of improving the siever which is the most time consuming part of this method (but fortunately, also the easiest to parallelise). Pollard's original method allowed one large prime. After that the twolargeprimes variant led to substantial improvements [11]. In this paper we investigate whether the threelargeprimes variant may lead to any further improvement. We present theoretical expectations and experimental results. We assume the reader to be familiar with the NFS.
Abstract Harvesting
"... A new filtering technique tailored to improving the performance of indexcalculus algorithms is described. Its linear complexity allows us to basically ignore its cost, its usage can improve index calculus performance by more than 30%. Keywords: Filtering, Index Calculus. 1 ..."
Abstract
 Add to MetaCart
(Show Context)
A new filtering technique tailored to improving the performance of indexcalculus algorithms is described. Its linear complexity allows us to basically ignore its cost, its usage can improve index calculus performance by more than 30%. Keywords: Filtering, Index Calculus. 1