Root optimization of polynomials in the number field sieve

The general number field sieve (GNFS) is the most efficient algorithm known for factoring large integers. It consists of several stages, the first one being polynomial selection. The quality of the chosen polynomials in polynomial selection can be modelled in terms of size and root properties. In this paper, we describe some algorithms for selecting polynomials with very good root properties.Comment: 16 pages, 18 reference

Factorization and Malleability of RSA Moduli, and Counting Points on Elliptic Curves Modulo N

In this paper we address two different problems related with the factorization of an RSA (Rivest-Shamir-Adleman cryptosystem) modulus N. First we show that factoring is equivalent, in deterministic polynomial time, to counting points on a pair of twisted Elliptic curves modulo N. The second problem is related with malleability. This notion was introduced in 2006 by Pailler and Villar, and deals with the question of whether or not the factorization of a given number N becomes substantially easier when knowing the factorization of another one N′ relatively prime to N. Despite the efforts done up to now, a complete answer to this question was unknown. Here we settle the problem affirmatively. To construct a particular N′ that helps the factorization of N, we use the number of points of a single elliptic curve modulo N. Coppersmith's algorithm allows us to go from the factors of N′ to the factors of N in polynomial time

Montgomery's method of polynomial selection for the number field sieve

The number field sieve is the most efficient known algorithm for factoring large integers that are free of small prime factors. For the polynomial selection stage of the algorithm, Montgomery proposed a method of generating polynomials which relies on the construction of small modular geometric progressions. Montgomery's method is analysed in this paper and the existence of suitable geometric progressions is considered

On the coefficients of the polynomial in the number field sieve

Polynomial selection is very important in number field sieve. If the yield of a pair of polynomials is closely correlated with the coefficients of the polynomials, we can select polynomials by checking the coefficients first. This can speed up the selection of good polynomials. In this paper, we aim to study the correlation between the polynomial coefficients and the yield of the polynomials. By theoretical analysis and experiments, we find that a polynomial with the ending coefficient containing more small primes is usually better in yield than the one whose ending coefficient contains less. One advantage of the ending coefficient over the leading coefficient is that the ending coefficient is bigger and can contain more small primes in root optimizing stage. Using the complete discrimination system, we also analyze the condition on coefficients to obtain more real roots

Improving NFS for the Discrete Logarithm Problem in Non-prime Finite Fields

International audienceThe aim of this work is to investigate the hardness of the discrete logarithm problem in fields GF$(p^n)$ where $n$ is a small integer greater than 1. Though less studied than the small characteristic case or the prime field case, the difficulty of this problem is at the heart of security evaluations for torus-based and pairing-based cryptography. The best known method for solving this problem is the Number Field Sieve (NFS). A key ingredient in this algorithm is the ability to find good polynomials that define the extension fields used in NFS. We design two new methods for this task, modifying the asymptotic complexity and paving the way for record-breaking computations. We exemplify these results with the computation of discrete logarithms over a field GF$(p^2)$ whose cardinality is 180 digits (595 bits) long

Non-Linear Polynomial Selection for the Number Field Sieve

International audienceWe present an algorithm to find two non-linear polynomials for the Number Field Sieve integer factorization method. This algorithm extends Montgomery's "two quadratics" method; for degree 3, it gives two skewed polynomials with resultant O(N5/4), which improves on Williams O(N4/3) result

A New Ranking Function for Polynomial Selection in the Number Field Sieve

International audienceThis article explains why the classical Murphy-E ranking function might fail to correctly rank polynomial pairs in the Number Field Sieve, and proposes a new ranking function

Root optimization of polynomials in the number field sieve

International audienceThe general number field sieve (GNFS) is the most efficient algorithm known for factoring large integers. It consists of several stages, the first one being polynomial selection. The quality of the chosen polynomials in polynomial selection can be modelled in terms of size and root properties. In this paper, we describe some algorithms for selecting polynomials with very good root properties