Results 1  10
of
12
Integer Factorization Based on Elliptic Curve Method: Towards Better Exploitation of Reconfigurable Hardware
"... Currently, the best known algorithm for factorizing modulus of the RSA public key cryptosystem is the Number Field Sieve. One of its important phases usually combines a sieving technique and a method for checking smoothness of midsize numbers. For this factorization, the Elliptic Curve Method (ECM) ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Currently, the best known algorithm for factorizing modulus of the RSA public key cryptosystem is the Number Field Sieve. One of its important phases usually combines a sieving technique and a method for checking smoothness of midsize numbers. For this factorization, the Elliptic Curve Method (ECM) is an attractive solution. As ECM is highly regular and many parallel computations are required, hardwarebased platforms were shown to be more costeffective than software solutions. The few papers dealing with implementation of ECM on FPGA are all based on bitserial architectures. They use only generalpurpose logic and lowcost FPGAs which appear as the best performance/cost solution. This work explores another approach, based on the exploitation of embedded multipliers available in modern FPGAs and the use of highperformances FPGAs. The proposed architecture – based on a fully parallel and pipelined modular multiplier circuit – exhibits a 15fold improvement over throughput/hardware cost ratio of previously published results.
On the Cost of Factoring RSA1024
 RSA CryptoBytes
, 2003
"... As many cryptographic schemes rely on the hardness of integer factorization, exploration of the concrete costs of factoring large integers is of considerable interest. Most research has focused on PCbased implementations of factoring algorithms; these have successfully factored 530bit integers, bu ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
As many cryptographic schemes rely on the hardness of integer factorization, exploration of the concrete costs of factoring large integers is of considerable interest. Most research has focused on PCbased implementations of factoring algorithms; these have successfully factored 530bit integers, but practically cannot scale much further. Recent works have placed the bottleneck at the sieving step of the Number Field Sieve algorithm. We present a new implementation of this step, based on a custombuilt hardware device that achieves a very high level of parallelism "for free". The design combines algorithmic and technological aspects: by devising algorithms that take advantage of certain tradeoffs in chip manufacturing technology, efficiency is increased by many orders of magnitude compared to previous proposals. Using this hypothetical device (and ignoring the initial R&D costs), it appears possible to break a 1024bit RSA key in one year using a device whose cost is about $10M (previous predictions were in the trillions of dollars).
Cryptanalysis of RSA using the ratio of the primes
 In: B. Preneel (Ed.) Africacrypt 2009, LNCS 5580
, 2009
"... Abstract. Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bitsize. In the X9.311997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Abstract. Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bitsize. In the X9.311997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes shall not be close to the ratio of small integers. In this paper, we show that if the public exponent e satisfies an equation eX − (N − (ap + bq))Y = Z with suitably small integers X, Y, Z, where a q is an unknown convergent of the continued fraction expansion of b p, then N can be factored efficiently. In addition, we show that the number of such exponents is at least N 3 4 −ε where ε is arbitrarily small for large N.
Detecting Regular Visit Patterns
"... Abstract. We are given a trajectory T and an area A. T might intersect A several times, and our aim is to detect whether T visits A with some regularity, e.g. what is the longest time span that a GPSGSM equipped elephant visited a specific lake on a daily (weekly or yearly) basis, where the elephan ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. We are given a trajectory T and an area A. T might intersect A several times, and our aim is to detect whether T visits A with some regularity, e.g. what is the longest time span that a GPSGSM equipped elephant visited a specific lake on a daily (weekly or yearly) basis, where the elephant has to visit the lake most of the days (weeks or years), but not necessarily on every day (week or year). During the modelling of such applications, we encounter an elementary problem on bitstrings, that we call LDS (LongestDenseSubstring). The bits of the bitstring correspond to a sequence of regular time points, in which a bit is set to 1 iff the trajectory T intersects the area A at the corresponding time point. For the LDS problem, we are given a string s as input and want to output a longest substring of s, such that the ratio of 1’s in the substring is at least a certain threshold. In our model, LDS is a core problem for many applications that aim at detecting regularity of T intersecting A. We propose an optimal algorithm to solve LDS, and also for related problems that are closer to applications, we provide efficient algorithms for detecting regularity. 1
Another generalization of Wiener’s attack on RSA
 Africacrypt 2008. LNCS
, 2008
"... Abstract. A wellknown attack on RSA with low secretexponent d was given by Wiener in 1990. Wiener showed that using the equation ed − (p − 1)(q − 1)k = 1 and continued fractions, one can efficiently recover the secretexponent d and factor N = pq from the public key (N, e) as long as d < 1 3 N 1 4 ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. A wellknown attack on RSA with low secretexponent d was given by Wiener in 1990. Wiener showed that using the equation ed − (p − 1)(q − 1)k = 1 and continued fractions, one can efficiently recover the secretexponent d and factor N = pq from the public key (N, e) as long as d < 1 3 N 1 4. In this paper, we present a generalization of Wiener’s attack. We show that every public exponent e that satisfies eX − (p − u)(q − v)Y = 1 with 1 ≤ Y < X < 2 − 1 4 N 1 4, u  < N 1 [ 4, v = − qu p − u and all prime factors of p − u or q − v are less than 10 50 yields the factorization of N = pq. We show that the number of these exponents is at least N 1 2 −ε.
C.: Fast memory snapshot for concurrent programming without synchronization
 In: Proc. of the 23rd International Conference on Supercomputing
, 2009
"... The industrywide turn toward chipmultiprocessors (CMPs) provides an increasing amount of parallel resources for commodity systems. However, it is still difficult to harness the available parallelism in user applications and system software code. We propose MShot, a hardwareassisted memory snapsho ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The industrywide turn toward chipmultiprocessors (CMPs) provides an increasing amount of parallel resources for commodity systems. However, it is still difficult to harness the available parallelism in user applications and system software code. We propose MShot, a hardwareassisted memory snapshot for concurrent programming without synchronization code. It supports atomic multiword read operations on a large dataset. Since modern processors support atomic access only to a single word, programmers should add synchronization code to process a multiword dataset concurrently in multithreading environment. With snapshot, programmers read the dataset atomically and process the snapshot image without synchronization code. We implement MShot using hardware resources for transactional memory and reduce the storage overhead from 2.98 % to 0.07%. To demonstrate the usefulness of fast snapshot, we use MShot to implement concurrent versions of garbage collection and callpath profiling. Without the need for synchronization code, MShot allows such system services to run in parallel with user applications on spare cores in CMP systems. As a result, the overhead of these services is minimized, approaching that of an ideal implementation.
Parallel Solution of Sparse Linear Systems Defined over GF(p)
"... Introduction The security of modern publickey cryptography is usually based on the presumed hardness of problems such as factoring integers or computing discrete logarithms. The Number Field Sieve [19] (NFS) and Function Field Sieve [1] (FFS) oer two examples of algorithms that can attack these pr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Introduction The security of modern publickey cryptography is usually based on the presumed hardness of problems such as factoring integers or computing discrete logarithms. The Number Field Sieve [19] (NFS) and Function Field Sieve [1] (FFS) oer two examples of algorithms that can attack these problems. Such algorithms are generally speci ed in two phases. The rst phase, sometimes called the sieving step, aims to collect many relations that represent small items of information about the problem one is trying to solve. This phase is easy to parallelise since one can generate the relations independently. It is therefore attractive for distributed, Internet based collaborative computation [26]. The second phase of processing, sometimes called the matrix step, aims to collect the relations and combine them into a single linear system which, when solved, allows one to eciently compute answers to the original problem. Ecient implementation of the matrix step is challenging since the li
Secure Electronic Voting for Mobile Communications
"... AbstractRecent technological advances in mobile communications have allowed public to take part in noncritical elections (such as deciding the most valuable player in sports events) with lowpower, lowcost and small sized portable communication devices. However, more critical elections (such as po ..."
Abstract
 Add to MetaCart
AbstractRecent technological advances in mobile communications have allowed public to take part in noncritical elections (such as deciding the most valuable player in sports events) with lowpower, lowcost and small sized portable communication devices. However, more critical elections (such as political elections) have not yet held in mobile communication environments, mainly because of security concerns, communication and computation constrains of portable communication devices. In this paper, we come up with a secure electronic election scheme in mobile communication environments, which meets completeness, soundness, privacy, unreusability, eligibility, fairness, and verifiability. Our scheme is based on blind signature and needs low computation complexity in portable communication devices. I.
ffl Some Statistics for NFS Factorizations
, 2002
"... 3 Finite Fields In computational number theory and cryptographic applications, we often have to work over finite fields. A finite field F is a finite set with operations "+ " and "\Theta " which satisfy the usual associative, commutative and distributive laws: ..."
Abstract
 Add to MetaCart
3 Finite Fields In computational number theory and cryptographic applications, we often have to work over finite fields. A finite field F is a finite set with operations "+ " and "\Theta " which satisfy the usual associative, commutative and distributive laws:
A New SpecialPurpose Factorization Algorithm
"... In this paper, a new factorization algorithm is presented, which finds a prime factor p of an integer n in time (D log n) , if 4p 1 = Db where D and b are integers. Hence this algorithm will factor a number efficiently, if it has a prime factor p such that 4p1 is a product of a small in ..."
Abstract
 Add to MetaCart
In this paper, a new factorization algorithm is presented, which finds a prime factor p of an integer n in time (D log n) , if 4p 1 = Db where D and b are integers. Hence this algorithm will factor a number efficiently, if it has a prime factor p such that 4p1 is a product of a small integer and a square. Such primes should be avoided when we select the RSA secret keys. Some generalizations of the algorithm are discussed in the paper as well.