Results 1  10
of
16
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 41 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.
Building Cyclic Elliptic Curves Modulo Large Primes
 Advances in Cryptology  EUROCRYPT '91, Lecture Notes in Computer Science
, 1987
"... Elliptic curves play an important role in many areas of modern cryptology such as integer factorization and primality proving. Moreover, they can be used in cryptosystems based on discrete logarithms for building oneway permutations. For the latter purpose, it is required to have cyclic elliptic cu ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
Elliptic curves play an important role in many areas of modern cryptology such as integer factorization and primality proving. Moreover, they can be used in cryptosystems based on discrete logarithms for building oneway permutations. For the latter purpose, it is required to have cyclic elliptic curves over finite fields. The aim of this note is to explain how to construct such curves over a finite field of large prime cardinality, using the ECPP primality proving test of Atkin and Morain. 1 Introduction Elliptic curves prove to be a powerful tool in modern cryptology. Following the original work of H. W. Lenstra, Jr. [18] concerning integer factorization, many researchers have used this new idea to work out primality proving algorithms [8, 14, 2, 4, 22] as well as cryptosystems [21, 16] generalizing those of [12, 1, 9]. Recent work on these topics can be found in [20, 19]. More recently, Kaliski [15] has used elliptic curves in the design of oneway permutations. For this, the autho...
Factorization of the tenth and eleventh Fermat numbers
, 1996
"... . We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
. We describe the complete factorization of the tenth and eleventh Fermat numbers. The tenth Fermat number is a product of four prime factors with 8, 10, 40 and 252 decimal digits. The eleventh Fermat number is a product of five prime factors with 6, 6, 21, 22 and 564 decimal digits. We also note a new 27decimal digit factor of the thirteenth Fermat number. This number has four known prime factors and a 2391decimal digit composite factor. All the new factors reported here were found by the elliptic curve method (ECM). The 40digit factor of the tenth Fermat number was found after about 140 Mflopyears of computation. We discuss aspects of the practical implementation of ECM, including the use of specialpurpose hardware, and note several other large factors found recently by ECM. 1. Introduction For a nonnegative integer n, the nth Fermat number is F n = 2 2 n + 1. It is known that F n is prime for 0 n 4, and composite for 5 n 23. Also, for n 2, the factors of F n are of th...
Computing the cardinality of CM elliptic curves using torsion points
, 2008
"... Let E be an elliptic curve having complex multiplication by a given quadratic order of an imaginary quadratic field K. The field of definition of E is the ring class field Ω of the order. If the prime p splits completely in Ω, then we can reduce E modulo one the factors of p and get a curve E define ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Let E be an elliptic curve having complex multiplication by a given quadratic order of an imaginary quadratic field K. The field of definition of E is the ring class field Ω of the order. If the prime p splits completely in Ω, then we can reduce E modulo one the factors of p and get a curve E defined over Fp. The trace of the Frobenius of E is known up to sign and we need a fast way to find this sign. For this, we propose to use the action of the Frobenius on torsion points of small order built with class invariants à la Weber, in a manner reminiscent of the SchoofElkiesAtkin algorithm for computing the cardinality of a given elliptic curve modulo p. We apply our results to the Elliptic Curve Primality Proving algorithm (ECPP).
F.: Four dimensional GallantLambertVanstone scalar multiplication. Journal of Cryptology pp. 1–36 (2013) Quer, J.: Fields of definition of Qcurves. Journal de Théorie des Nombres de Bordeaux 13(1
, 2001
"... Abstract. The GLV method of Gallant, Lambert and Vanstone (CRYPTO 2001) computes any multiple kP of a point P of prime order n lying on an elliptic curve with a lowdegree endomorphism Φ (called GLV curve) over Fp as kP = k1P + k2Φ(P), with max{k1, k2} ≤ C1 n for some explicit constant C1> 0. R ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Abstract. The GLV method of Gallant, Lambert and Vanstone (CRYPTO 2001) computes any multiple kP of a point P of prime order n lying on an elliptic curve with a lowdegree endomorphism Φ (called GLV curve) over Fp as kP = k1P + k2Φ(P), with max{k1, k2} ≤ C1 n for some explicit constant C1> 0. Recently, Galbraith, Lin and Scott (EUROCRYPT 2009) extended this method to all curves over Fp2 which are twists of curves defined over Fp. We show in this work how to merge the two approaches in order to get, for twists of any GLV curve over Fp2, a fourdimensional decomposition together with fast endomorphisms Φ, Ψ over Fp2 acting on the group generated by a point P of prime order n, resulting in a proven decomposition for any scalar k ∈ [1, n] given by kP = k1P + k2Φ(P) + k3Ψ(P) + k4ΨΦ(P), with max(ki) < C2 n i
Primality proving using elliptic curves: An update
 In Proceedings of ANTS III
, 1998
"... Abstract. In 1986, following the work of Schoof on counting points on elliptic curves over finite fields, new algorithms for primality proving emerged, due to Goldwasser and Kilian on the one hand, and Atkin on the other. The latter algorithm uses the theory of complex multiplication. The algorithm, ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Abstract. In 1986, following the work of Schoof on counting points on elliptic curves over finite fields, new algorithms for primality proving emerged, due to Goldwasser and Kilian on the one hand, and Atkin on the other. The latter algorithm uses the theory of complex multiplication. The algorithm, now called ECPP, has been used for nearly ten years. The purpose of this paper is to give an account of the recent theoretical and practical improvements of ECPP, as well as new benchmarks for integers of various sizes and a new primality record. 1
On the Generation of Cryptographically Strong Elliptic Curves
, 1997
"... We discuss two methods for generating cryptographically strong elliptic curves defined over finite prime fields. The advantages and disadvantages of these algorithms are discussed and a practical comparison of the algorithms is given. ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We discuss two methods for generating cryptographically strong elliptic curves defined over finite prime fields. The advantages and disadvantages of these algorithms are discussed and a practical comparison of the algorithms is given.
Cryptanalysis of countermeasures proposed for repairing ISO 97961
 In Proc. of Eurocrypt'2000, LNCS. IACR
, 2000
"... Abstract. ISO 97961, published in 1991, was the first standard specifying a digital signature scheme with message recovery. In [4], Coron, Naccache and Stern described an attack on a slight modification of ISO 97961. Then, Coppersmith, Halevi and Jutla turned it into an attack against the standard ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. ISO 97961, published in 1991, was the first standard specifying a digital signature scheme with message recovery. In [4], Coron, Naccache and Stern described an attack on a slight modification of ISO 97961. Then, Coppersmith, Halevi and Jutla turned it into an attack against the standard in full [2]. They also proposed five countermeasures for repairing it. In this paper, we show that all these countermeasures can be attacked, either by using already existing techniques (including a very recent one), or by introducing new techniques, one of them based on the decomposition of an integer into sums of two squares.
New experimental results concerning the Goldbach conjecture
 Algorithmic Number Theory (Third International Symposium, ANTSIII
, 1998
"... and their applications. SMC is sponsored by the Netherlands Organization for Scientific Research (NWO). CWI is a member of ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
and their applications. SMC is sponsored by the Netherlands Organization for Scientific Research (NWO). CWI is a member of
Factorizations of a^n ± 1, 13 ≤ a < 100: Update 2
, 1996
"... This Report updates the tables of factorizations of a n \Sigma 1 for 13 a ! 100, previously published as CWI Report NMR9212 (June 1992) and updated in CWI Report NMR9419 (September 1994). A total of 760 new entries in the tables are given here. The factorizations are now complete for n ! 67, an ..."
Abstract
 Add to MetaCart
This Report updates the tables of factorizations of a n \Sigma 1 for 13 a ! 100, previously published as CWI Report NMR9212 (June 1992) and updated in CWI Report NMR9419 (September 1994). A total of 760 new entries in the tables are given here. The factorizations are now complete for n ! 67, and there are no composite cofactors smaller than 10 94 . 1991 Mathematics Subject Classification. Primary 11A25; Secondary 1104 Key words and phrases. Factor tables, ECM, MPQS, SNFS To appear as Report NMR96??, Centrum voor Wiskunde en Informatica, Amsterdam, March 1996. Copyright c fl 1996, the authors. Only the front matter is given here. For the tables, see rpb134u2.txt . rpb134u2 typeset using L a T E X 1 Introduction For many years there has been an interest in the prime factors of numbers of the form a n \Sigma 1, where a is a small integer (the base) and n is a positive exponent. Such numbers often arise. For example, if a is prime then there is a finite field F with a n ...