. We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Dullmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performance of these algorithms. Computational results are presented which demonstrate that our new techniques yield a significant increase in the sizes of discriminants for which these discrete logarithm problems can be solved. 1. Introduction It is well-known that finite Abelian groups offer an excellent setting for cryptographic protocols [15], in particular, groups G in which the discrete logarithm problem (DLP) is intractable. That is, given g; a 2 G; it should be beyond the reach of an adversary to recover an integer x such that g x = a; or determine that no such x exists. Several types of finite Abelian groups have been proposed for this purpose, including the original idea of the multipl...

This paper develops and evaluates an architecture for high-speed number factoring on a configurable computing system based on field programmable gate arrays (FPGA) 1. Currently, the primary interest in factoring large integers is to test the integrity of a number

Abstract not found

. The newest, and asymptotically the fastest known integer factorisation algorithm is the number field sieve. The area in which the number field sieve has the greatest capacity for improvement is polynomial selection. The best known polynomial selection method finds quadratic polynomials. In this paper we examine the smoothness properties of integer values taken by these polynomials. Given a quadratic NFS polynomial f , let \Delta be its discriminant. We show that a prime p can divide values taken by f only if (\Delta=p) = 1. We measure the effect of this residuosity property on the smoothness of f-values by adapting a parameter ff, developed for analysis of MPQS, to quadratic NFS polynomials. We estimate the yield of smooth values for these polynomials as a function of ff, and conclude that practical changes in ff might bring significant changes in the yield of smooth and almost smooth polynomial values. Keywords: integer factorisation, number field sieve 1

Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization.

The subject of our study is the single large prime variation of the quadratic sieve algorithm. We derive a formula for the average numbers of complete and incomplete relations per polynomial, directly generated by the algorithm. The number of additional complete relations from the incomplete relations is then computed by a known formula. Hence practical hints for the optimal choice of the parameter values can be derived. We further compare theoretical estimates for the total number of smooth integers in an interval with countings in practice. AMS Subject Classification (1991): 11A51, 11Y05 CR Subject Classification (1991): F.2.1 Keywords & Phrases: Factorization, Multiple Polynomial Quadratic Sieve, Vector supercomputer, Cluster of work stations 1. Introduction We assume that the reader is familiar with the multiple polynomial quadratic sieve algorithm [Bre89, Pom85, PST88, Sil87, RLW89]. We consider the single large prime variation of the algorithm and write MPQS for short. If we ...

We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an n-dimensional cube. Since changing polynomials on the hypercube is cheap, the optimal value for the size of the sieving interval is much smaller than in other implementations of the Multiple Polynomial Quadratic Sieve (MPQS). This makes HMPQS substantially faster than MPQS. We also describe a relatively fast way to find good parameters for the single large prime variation of the algorithm. Finally, we report on the performance of our implementation on factoring several large numbers for the Cunningham Project. Supported by National Science Foundation grant No. CCR-9207204 1 Introduction Integer factorization algorithms are usually cate...

For the first time a number of more than 100 decimal digits has been factorized on a single computer by means of the Multiple Polynomial Quadratic Sieve method of Kraïtchik and Pomerance (with improvements by Montgomery and Silverman). This method (MPQS) is the best one known to handle numbers which are the product of two large, approximately equal prime factors. These numbers are being used in cryptography as keys in public-key cryptosystems. The safety of such cryptosystems depends on our ability to factorize these keys. The computer used is the four-processor Cray Y-MP4/464 which was installed

Abstract not found

We describe the computation which resulted in the title of this paper. Furthermore, we give an analysis of the data collected during this computation. From these data, we derive the important observation that in the final stages, the progress of the double large prime variation of the quadratic sieve integer factoring algorithm can more effectively be approximated by a quartic function of the time spent, than by the more familiar quadratic function. We also present, as an update to [15], some of our experiences with the management of a large computation distributed over the Internet. Based on this experience, we give some realistic estimates of the current readily available computational power of the Internet. We conclude that commonly-used 512-bit RSA moduli are vulnerable to any organization prepared to spend a few million dollars and to wait a few months.