Results 11 
16 of
16
On The Oracle Complexity Of Factoring Integers
 COMPUTATIONAL COMPLEXITY
, 1996
"... The problem of factoring integers in polynomial time with the help of an (infinitely powerful) oracle who answers arbitrary questions with yes or no is considered. The goal is to minimize the number of oracle questions. Let N be a given composite nbit integer to be factored, where n = dlog 2 ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
The problem of factoring integers in polynomial time with the help of an (infinitely powerful) oracle who answers arbitrary questions with yes or no is considered. The goal is to minimize the number of oracle questions. Let N be a given composite nbit integer to be factored, where n = dlog 2 Ne. The trivial method of asking for the bits of the smallest prime factor of N requires n/2 questions in the worst case. A nontrivial algorithm of Rivest and Shamir requires only n/3 questions for the special case where N is the product of two n/2bit primes. In this paper, a polynomialtime oracle factoring algorithm for general integers is presented which, for any ffl ? 0, asks at most ffln oracle questions for sufficiently large N , thus solving an open problem posed by Rivest and Shamir. Based on a plausible conjecture related to Lenstra's conjecture on the running time of the elliptic curve factoring algorithm it is shown that the algorithm fails with probability at most N ...
Three New Factors of Fermat Numbers
 Math. Comp
, 2000
"... We report the discovery of a new factor for each of the Fermat numbers F 13 ,F 15 ,F 16 . These new factors have 27, 33 and 27 decimal digits respectively. Each factor was found by the elliptic curve method. After division by the new factors and previously known factors, the remaining cofactors are ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We report the discovery of a new factor for each of the Fermat numbers F 13 ,F 15 ,F 16 . These new factors have 27, 33 and 27 decimal digits respectively. Each factor was found by the elliptic curve method. After division by the new factors and previously known factors, the remaining cofactors are seen to be composite numbers with 2391, 9808 and 19694 decimal digits respectively. 1.
ECM at Work
"... Abstract. The performance of the elliptic curve method (ECM) for integer factorization plays an important role in the security assessment of RSAbased protocols as a cofactorization tool inside the number field sieve. The efficient arithmetic for Edwards curves found an application by speeding up EC ..."
Abstract
 Add to MetaCart
Abstract. The performance of the elliptic curve method (ECM) for integer factorization plays an important role in the security assessment of RSAbased protocols as a cofactorization tool inside the number field sieve. The efficient arithmetic for Edwards curves found an application by speeding up ECM. We propose techniques based on generating and combining addition chains to optimize Edwards ECM in terms of both performance and memory requirements. This makes our approach very suitable for memoryconstrained devices such as graphics processing units. For commonly used ECM parameters we are able to lower the required memory up to a factor 55 compared to the stateoftheart Edwards ECM approach.
Montgomery Multiplication Using Vector Instructions
, 2013
"... Abstract. In this paper we present a parallel approach to compute interleaved Montgomery multiplication. This approach is particularly suitable to be computed on 2way single instruction, multiple data platforms as can be found on most modern computer architectures in the form of vector instruction ..."
Abstract
 Add to MetaCart
Abstract. In this paper we present a parallel approach to compute interleaved Montgomery multiplication. This approach is particularly suitable to be computed on 2way single instruction, multiple data platforms as can be found on most modern computer architectures in the form of vector instruction set extensions. We have implemented this approach for tablet devices which run the x86 architecture (Intel Atom Z2760) using SSE2 instructions as well as devices which run on the ARM platform (Qualcomm MSM8960, NVIDIA Tegra 3 and 4) using NEON instructions. When instantiating modular exponentiation with this parallel version of Montgomery multiplication we observed a performance increase of more than a factor of 1.5 compared to the sequential implementation in OpenSSL for the classical arithmetic logic unit on the Atom platform for 2048bit moduli. Key words: Montgomery multiplication, SIMD, software implementation, vector instructions 1
n, Systolic Montgomery multiplication version 19920225
"... Abstract. Montgomery multiplication is a divisionfree and memoryefficient algorithm for modular multipli cation. We describe a fast systolic version of Montgomery multiplication. Our version is particularly useful to turn a short sequence of moderately fast processing elements, that operate in SIM ..."
Abstract
 Add to MetaCart
Abstract. Montgomery multiplication is a divisionfree and memoryefficient algorithm for modular multipli cation. We describe a fast systolic version of Montgomery multiplication. Our version is particularly useful to turn a short sequence of moderately fast processing elements, that operate in SIMD mode, into a single much faster modular multiplier. We have successfully implemented our method on a 16K processor massively parallel SIMD computer, which effectively reconfigured the machine into a machine that is k times faster, but only has 16K/k processors, where k is a small integer that depends linearly on the logarithm of the modulus. 1. Montgomery arithmetic Fast modular multiplication is crucial for an efficient implementation of many number theoretic algorithms or cryptographic schemes. It is well known that if the modulus remains unchanged throughout the computation, as is often the case, a considerable speedup can be gained by using the socalled Montgomery representation [3]. In this paper we describe how multiplication of numbers in Montgomery representation can be carried out efficiently and in parallel on large ‘Single Instruction Multiple Data ’ (SIMD) arrays of processors. In addition to applications to cryptanalysis [1], our method could prove to be useful for a ‘central facility ’ that has to sign public key certificates, or decrypt RSA messages, for many users simultaneously. Throughout this paper we fix ii as an odd positive integer that will serve as the modulus. For an integer x we define the residue of x modulo n, denoted x mod ii, as the smallest nonnegative integer that is congruent to x modulo n. We will measure the runtime of the algorithms to be presented in number of elementary multiplications, where one elementary multiplication computes the 2bbit product of two bbit integers, for some positive integer b that depends on the type of machine/processor we are using. We will assume that b 2. The case b = 1 is trivial, and can be found in [3]. Let r be the smallest integer with 2” ’> ii, and let R = 2’. The Montgomery representation § of an integer x is the integer (x. R) mod n. Clearly, if s = (x + y) mod n, then is either + or § + so that addition (or subtraction) of numbers in Montgomery representation is not different from ordinary