Results 11  20
of
34
AreaTime Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method
 IEE Proceedings Information Security
, 2005
"... Abstract: Since the introduction of public key cryptography, the problem of factoring large composites has been of increased interest. The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for factoring large in ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
Abstract: Since the introduction of public key cryptography, the problem of factoring large composites has been of increased interest. The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for factoring large integers is the general number field sieve (GNFS). One important step within the GNFS is the factorization of midsize numbers for smoothness testing, an efficient algorithm for which is the elliptic curve method (ECM). Since smoothness testing is also suitable for parallelization, the implementation of ECM in hardware is promising. We show that massive parallel and costefficient ECM hardware engines can improve the area–time product of the RSA moduli factorization via the GNFS considerably. The computation of ECM is a classic example of an algorithm that can be significantly accelerated through specialpurpose hardware. We thoroughly analyse the prerequisites for an area–time efficient hardware architecture for ECM. We present an implementation of ECM to factor numbers up to 200 bits, which is also scalable to other bit lengths. ECM is realized as a software–hardware codesign on a fieldprogrammable gate array (FPGA) and an embedded microcontroller (systemonchip). Furthermore, we provide estimates for stateoftheart CMOS implementation of the design and for the application of massive parallel ECM engines to the GNFS. This appears to be the first publication of a realized hardware implementation of ECM, and the first description of GNFS acceleration through hardwarebased ECM. 1
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 Rapport de Recherche 911, INRIA, Octobre
, 1988
"... . We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual impl ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
. We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number. IMPLEMENTATION DU TEST DE PRIMALITE D' ATKIN, GOLDWASSER, ET KILIAN R'esum'e. Nous d'ecrivons un algorithme de primalit'e, principalement du `a Atkin, qui utilise les propri'et'es des courbes elliptiques sur les corps finis et la th'eorie de la multiplication complexe. En particulier, nous expliquons comment l'utilisation du corps de classe et du corps de genre permet d'acc'el'erer les calculs. Nous esquissons l'impl'ementati...
Hardware factorization based elliptic curve method
 IEEE Symposium on FieldProgrammable Custom Computing Machines  FCCM’05
, 2005
"... The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for factorization large integers is the General Number Field Sieve (GNFS). Recently, architectures for special purpose hardware for the GNFS have been propos ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for factorization large integers is the General Number Field Sieve (GNFS). Recently, architectures for special purpose hardware for the GNFS have been proposed [5, 12]. One important step within the GNFS is the factorization of midsize numbers for smoothness testing, an efficient algorithm for which is the Elliptic Curve Method (ECM). Since the smoothness testing is also suitable for parallelization, it is promising to improve ECM via specialpurpose hardware. We show that massive parallel and cost efficient ECM hardware engines can improve the costtime product of the RSA moduli factorization via the GNFS considerably. The computation of ECM is a classical example for an algorithm that can be significantly accelerated through specialpurpose hardware. In this work, we present an efficient hardware implementation of ECM to factor numbers up to 200 bits, which is also scalable to other bit lengths. For proofofconcept purposes, ECM is realized as a softwarehardware codesign on an FPGA and an embedded microcontroller. This appears to be the first pub
An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method, in: SpecialPurpose Hardware for Attacking Cryptographic Systems – SHARCS 2005
 In: SHARCS
, 2005
"... The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for this integer factorization is the General Number Field Sieve (GNFS). One important step within the GNFS is the factorization of midsize numbers without ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for this integer factorization is the General Number Field Sieve (GNFS). One important step within the GNFS is the factorization of midsize numbers without small prime divisors. This can be done efficiently by the Elliptic Curve Method (ECM), e.g. in special hardware. In this work, we present an efficient hardware implementation of ECM to factor numbers up to 200 bit, which is also scalable to other bit lengths. For proofofconcept purposes, ECM is realized as a softwarehardware codesign on an FPGA and an embedded microcontroller. This appears to be the first publication of a realized hardware implementation of ECM. We adapted ECM for the requirements of efficient special hardware and provide estimates for a stateoftheart CMOS implementation of the design and for the application of massive parallel ECM engines to the GNFS. The factorization of large integers such as RSA moduli can be improved considerably by using the ECM hardware presented.
Two new factors of Fermat numbers
, 1997
"... Abstract. We report the discovery of new 27decimal digit factors of the thirteenth and sixteenth Fermat numbers. Each of the new factors was found by the elliptic curve method. After division by the new factors and other known factors, the quotients are seen to be composite numbers with 2391 and 19 ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Abstract. We report the discovery of new 27decimal digit factors of the thirteenth and sixteenth Fermat numbers. Each of the new factors was found by the elliptic curve method. After division by the new factors and other known factors, the quotients are seen to be composite numbers with 2391 and 19694 decimal digits respectively. 1.
An efficient semantically secure elliptic curve cryptosystem based on KMOV scheme
, 2002
"... We propose an elliptic curve scheme over the ring Z n 2, which is efficient and semantically secure in the standard model. There appears to be no previous elliptic curve cryptosystem based on factoring that enjoys both of these properties. KMOV scheme has been used as an underlying primitive to obta ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
We propose an elliptic curve scheme over the ring Z n 2, which is efficient and semantically secure in the standard model. There appears to be no previous elliptic curve cryptosystem based on factoring that enjoys both of these properties. KMOV scheme has been used as an underlying primitive to obtain efficiency and probabilistic encryption. Semantic security of the scheme is based on a new decisional assumption, namely, the Decisional Smallx eMultiples Assumption. Confidence on this assumption is also discussed.
Cryptanalysis of RSA using the ratio of the primes
 In: B. Preneel (Ed.) Africacrypt 2009, LNCS 5580
, 2009
"... Abstract. Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bitsize. In the X9.311997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Abstract. Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bitsize. In the X9.311997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes shall not be close to the ratio of small integers. In this paper, we show that if the public exponent e satisfies an equation eX − (N − (ap + bq))Y = Z with suitably small integers X, Y, Z, where a q is an unknown convergent of the continued fraction expansion of b p, then N can be factored efficiently. In addition, we show that the number of such exponents is at least N 3 4 −ε where ε is arbitrarily small for large N.
Three New Factors of Fermat Numbers
 Math. Comp
, 2000
"... We report the discovery of a new factor for each of the Fermat numbers F 13 ,F 15 ,F 16 . These new factors have 27, 33 and 27 decimal digits respectively. Each factor was found by the elliptic curve method. After division by the new factors and previously known factors, the remaining cofactors are ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We report the discovery of a new factor for each of the Fermat numbers F 13 ,F 15 ,F 16 . These new factors have 27, 33 and 27 decimal digits respectively. Each factor was found by the elliptic curve method. After division by the new factors and previously known factors, the remaining cofactors are seen to be composite numbers with 2391, 9808 and 19694 decimal digits respectively. 1.
Another generalization of Wiener’s attack on RSA
 Africacrypt 2008. LNCS
, 2008
"... Abstract. A wellknown attack on RSA with low secretexponent d was given by Wiener in 1990. Wiener showed that using the equation ed − (p − 1)(q − 1)k = 1 and continued fractions, one can efficiently recover the secretexponent d and factor N = pq from the public key (N, e) as long as d < 1 3 N 1 4 ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. A wellknown attack on RSA with low secretexponent d was given by Wiener in 1990. Wiener showed that using the equation ed − (p − 1)(q − 1)k = 1 and continued fractions, one can efficiently recover the secretexponent d and factor N = pq from the public key (N, e) as long as d < 1 3 N 1 4. In this paper, we present a generalization of Wiener’s attack. We show that every public exponent e that satisfies eX − (p − u)(q − v)Y = 1 with 1 ≤ Y < X < 2 − 1 4 N 1 4, u  < N 1 [ 4, v = − qu p − u and all prime factors of p − u or q − v are less than 10 50 yields the factorization of N = pq. We show that the number of these exponents is at least N 1 2 −ε.
ECM using Edwards curves
"... Abstract. This paper introduces GMPEECM, a fast implementation of the ellipticcurve method of factoring integers. GMPEECM is based on, but faster than, the wellknown GMPECM software. The main changes are as follows: (1) use Edwards curves instead of Montgomery curves; (2) use twisted inverted E ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. This paper introduces GMPEECM, a fast implementation of the ellipticcurve method of factoring integers. GMPEECM is based on, but faster than, the wellknown GMPECM software. The main changes are as follows: (1) use Edwards curves instead of Montgomery curves; (2) use twisted inverted Edwards coordinates; (3) use signedslidingwindow addition chains; (4) batch primes to increase the window size; (5) choose curves with small parameters a, d, X1, Y1, Z1; (6) choose curves with larger torsion.