Results 1  10
of
20
Factorization of a 768bit RSA modulus
, 2010
"... This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA. ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
Architectural implications of quantum computing technologies
 ACM Journal on Emerging Technologies in Computing Systems (JETC
, 2006
"... In this article we present a classification scheme for quantum computing technologies that is based on the characteristics most relevant to computer systems architecture. The engineering tradeoffs of execution speed, decoherence of the quantum states, and size of systems are described. Concurrency, ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
In this article we present a classification scheme for quantum computing technologies that is based on the characteristics most relevant to computer systems architecture. The engineering tradeoffs of execution speed, decoherence of the quantum states, and size of systems are described. Concurrency, storage capacity, and interconnection network topology influence algorithmic efficiency, while quantum error correction and necessary quantum state measurement are the ultimate drivers of logical clock speed. We discuss several proposed technologies. Finally, we use our taxonomy to explore architectural implications for common arithmetic circuits, examine the implementation of quantum error correction, and discuss clusterstate quantum computation.
A kilobit special number field sieve factorization
 IN ADVANCES IN CRYPTOLOGY – ASIACRYPT 2007 (2007), LNCS
, 2007
"... We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number 2 1039 − 1. Although this factorization is orders of magnitude ‘easier ’ than a factorization of a 1024bit RSA m ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number 2 1039 − 1. Although this factorization is orders of magnitude ‘easier ’ than a factorization of a 1024bit RSA modulus is believed to be, the methods we used to obtain our result shed new light on the feasibility of the latter computation.
Fast Variants of RSA
 CryptoBytes
, 2002
"... We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can interoperate with systems using standard RSA. ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can interoperate with systems using standard RSA.
Fast computation of linear generators for matrix sequences and application to the block Wiedemann algorithm
 PROC. ISSAC '2001
, 2001
"... In this paper we describe how the halfgcd algorithm can be adapted in order to speed up the sequential stage of Coppersmith's block Wiedemann algorithm for solving large sparse linear systems over any finite field. This very stage solves a subproblem than can be seen as the computation of a linear ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
In this paper we describe how the halfgcd algorithm can be adapted in order to speed up the sequential stage of Coppersmith's block Wiedemann algorithm for solving large sparse linear systems over any finite field. This very stage solves a subproblem than can be seen as the computation of a linear generator for a matrix sequence. Our primary realm of interest is the field $\GF{q}$ for large prime power $q$. For the solution of a $N\times N$ system, the complexity of this sequential part drops from $O(N²)$ to $O(\mathsf{M}(N)\log N)$ where $\mathsf{M}(d)$ is the cost for multiplying two polynomials of degree $d$. We discuss the implications of this improvement for the overall cost of the block Wiedemann algorithm and how its parameters should be chosen for best efficiency.
Strategies in Filtering in the Number Field Sieve
 In preparation
, 2000
"... A critical step when factoring large integers by the Number Field Sieve [8] consists of finding dependencies in a huge sparse matrix over the field F2 , using a Block Lanczos algorithm. Both size and weight (the number of nonzero elements) of the matrix critically affect the running time of Block ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
A critical step when factoring large integers by the Number Field Sieve [8] consists of finding dependencies in a huge sparse matrix over the field F2 , using a Block Lanczos algorithm. Both size and weight (the number of nonzero elements) of the matrix critically affect the running time of Block Lanczos. In order to keep size and weight small the relations coming out of the siever do not flow directly into the matrix, but are filtered first in order to reduce the matrix size. This paper discusses several possible filter strategies and their use in the recent record factorizations of RSA140, R211 and RSA155. 2000 Mathematics Subject Classification: Primary 11Y05. Secondary 11A51. 1999 ACM Computing Classification System: F.2.1. Keywords and Phrases: Number Field Sieve, factoring, filtering, Structured Gaussian elimination, Block Lanczos, RSA. Note: Work carried out under project MAS2.2 "Computational number theory and data security". This report will appear in the proceed...
ECM on Graphics Cards
"... Abstract. This paper reports recordsetting performance for the ellipticcurve method of integer factorization: for example, 604.99 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers on a single PC. The stateoftheart GMPECM software handles 171.42 curves/second for ECM stage 1 with ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
Abstract. This paper reports recordsetting performance for the ellipticcurve method of integer factorization: for example, 604.99 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers on a single PC. The stateoftheart GMPECM software handles 171.42 curves/second for ECM stage 1 with B1 = 8192 for 280bit integers using all four cores of a 2.4GHz Core 2 Quad Q6600. The extra speed takes advantage of extra hardware, specifically two NVIDIA GTX 280 graphics cards, using a new ECM implementation introduced in this paper. Our implementation uses Edwards curves, relies on new parallel addition formulas, and is carefully tuned for the highly parallel GPU architecture. On a single GTX 280 the implementation performs 22.66 million modular multiplications per second for a general 280bit modulus. GMPECM, using all four cores of a Q6600, performs 17.91 million multiplications per second. This paper also reports speeds on other graphics processors: for example,
On the relations between noninteractive key distribution, identitybased encryption and trapdoor discrete log groups. Cryptology ePrint Archive, Report 2007/453
, 2007
"... Abstract. This paper investigates the relationships between identitybased noninteractive key distribution (IDNIKD) and identitybased encryption (IBE). It provides a new security model for IDNIKD, and a generic construction that converts a secure IDNIKD scheme into a secure IBE scheme. This con ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
Abstract. This paper investigates the relationships between identitybased noninteractive key distribution (IDNIKD) and identitybased encryption (IBE). It provides a new security model for IDNIKD, and a generic construction that converts a secure IDNIKD scheme into a secure IBE scheme. This conversion is used to explain the relationship between the IDNIKD scheme of Sakai, Ohgishi and Kasahara and the IBE scheme of Boneh and Franklin. The paper then explores the construction of IDNIKD and IBE schemes from general trapdoor discrete log groups. Two different concrete instantiations for such groups provide new, provably secure IDNIKD and IBE schemes. These schemes are suited to applications in which the Trusted Authority is computationally wellresourced, but clients performing encryption/decryption are highly constrained. Keywords: Identitybased encryption; identitybased noninteractive key distribution; trapdoor discrete logs. 1
On the security of 1024bit RSA and 160bit elliptic curve cryptography: version 2.1. Cryptology ePrint Archive, Report 2009/389
, 2009
"... Abstract. Meeting the requirements of NIST’s new cryptographic standards means phasing out usage of 1024bit RSA and 160bit elliptic curve cryptography (ECC) by the end of the year 2010. This writeup comments on the vulnerability of these systems to an open community attack effort and aims to asse ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. Meeting the requirements of NIST’s new cryptographic standards means phasing out usage of 1024bit RSA and 160bit elliptic curve cryptography (ECC) by the end of the year 2010. This writeup comments on the vulnerability of these systems to an open community attack effort and aims to assess the risk of their unavoidable continued usage beyond 2010 until the migration to the new standards has been completed. We conclude that for 1024bit RSA the risk is small at least until the year 2014, and that 160bit ECC over a prime field may safely be used for much longer – with the current state of the art in cryptanalysis we would be surprised if a public effort can make a dent in 160bit prime field ECC by the year 2020. Our assessment is based on the latest practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts.