Results 11  20
of
74
Computing Discrete Logarithms In Quadratic Orders
 J. Cryptology
, 2000
"... . We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Dullmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performa ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
. We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Dullmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performance of these algorithms. Computational results are presented which demonstrate that our new techniques yield a significant increase in the sizes of discriminants for which these discrete logarithm problems can be solved. 1. Introduction It is wellknown that finite Abelian groups offer an excellent setting for cryptographic protocols [15], in particular, groups G in which the discrete logarithm problem (DLP) is intractable. That is, given g; a 2 G; it should be beyond the reach of an adversary to recover an integer x such that g x = a; or determine that no such x exists. Several types of finite Abelian groups have been proposed for this purpose, including the original idea of the multipl...
Factoring Large Numbers with Programmable Hardware
 ACM/SIGDA International Symposium on FPGAs
, 2000
"... This paper develops and evaluates an architecture for highspeed number factoring on a configurable computing system based on field programmable gate arrays (FPGA) 1. Currently, the primary interest in factoring large integers is to test the integrity of a number ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
This paper develops and evaluates an architecture for highspeed number factoring on a configurable computing system based on field programmable gate arrays (FPGA) 1. Currently, the primary interest in factoring large integers is to test the integrity of a number
Cryptanalysis of RSA using the ratio of the primes
 In: B. Preneel (Ed.) Africacrypt 2009, LNCS 5580
, 2009
"... Abstract. Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bitsize. In the X9.311997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Abstract. Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bitsize. In the X9.311997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes shall not be close to the ratio of small integers. In this paper, we show that if the public exponent e satisfies an equation eX − (N − (ap + bq))Y = Z with suitably small integers X, Y, Z, where a q is an unknown convergent of the continued fraction expansion of b p, then N can be factored efficiently. In addition, we show that the number of such exponents is at least N 3 4 −ε where ε is arbitrarily small for large N.
On Quadratic Polynomials for the Number Field Sieve
 Australian Computer Science Communications
, 1997
"... . The newest, and asymptotically the fastest known integer factorisation algorithm is the number field sieve. The area in which the number field sieve has the greatest capacity for improvement is polynomial selection. The best known polynomial selection method finds quadratic polynomials. In this pa ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
. The newest, and asymptotically the fastest known integer factorisation algorithm is the number field sieve. The area in which the number field sieve has the greatest capacity for improvement is polynomial selection. The best known polynomial selection method finds quadratic polynomials. In this paper we examine the smoothness properties of integer values taken by these polynomials. Given a quadratic NFS polynomial f , let \Delta be its discriminant. We show that a prime p can divide values taken by f only if (\Delta=p) = 1. We measure the effect of this residuosity property on the smoothness of fvalues by adapting a parameter ff, developed for analysis of MPQS, to quadratic NFS polynomials. We estimate the yield of smooth values for these polynomials as a function of ff, and conclude that practical changes in ff might bring significant changes in the yield of smooth and almost smooth polynomial values. Keywords: integer factorisation, number field sieve 1
Integer Factoring
, 2000
"... Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization.
Sieving Methods for Class Group Computation
 PROCEEDINGS OF ALGORITHMIC ALGEBRA AND NUMBER THEORY
, 1997
"... ..."
The Magic Words Are Squeamish Ossifrage (Extended Abstract)
"... We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic siev ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic sieve integer factoring algorithm can more effectively be approximated by a quartic function of the time spent, than by the more familiar quadratic function. We also present, as an update to [15], some of our experiences with the management of a large computation distributed over the Internet. Based on this experience, we give some realistic estimates of the current readily available computational power of the Internet. We conclude that commonlyused 512bit RSA moduli are vulnerable to any organization prepared to spend a few million dollars and to wait a few months.
Sieving Using Bucket Sort ⋆
"... Abstract. This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatical ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatically reduces the number of cache hit misses when the size of the sieving region is roughly less than the square of the cache size, and the memory updates are several times faster than the straightforward implementation. 1
Block Sieving Algorithms
, 1995
"... Quite similiar to the Sieve of Erastosthenes, the bestknown general algorithms for factoring large numbers today are memorybounded processes. We develop three variations of the sieving phase and discuss them in detail. The fastest modification is tailored to RISC processors and therefore especiall ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Quite similiar to the Sieve of Erastosthenes, the bestknown general algorithms for factoring large numbers today are memorybounded processes. We develop three variations of the sieving phase and discuss them in detail. The fastest modification is tailored to RISC processors and therefore especially suited for modern workstations and massively parallel supercomputers. For a 116 decimal digit composite number we achieved a speedup greater than two on an IBM RS/6000 250 workstation.