Reconfigurable Hardware Implementation of Mesh Routing in Number Field Sieve Factorization

Factorization of large numbers has been a constant source of interest in cryptanalysis as it is the basis of security for the well-known RSA cryptosystem. The fastest known algorithm for factoring large numbers is the Number Field Sieve (NFS). The execution time of this algorithm is determined by the speed of its two most time consuming phases: Sieving and Matrix Step. In this paper, we concentrate on the Matrix Step, and propose an efficient way of implementing this step in reconfigurable hardware. Our solution is based on the Mesh-Routing method proposed by Lenstra et al. This method has been further analyzed by Geiselmann and Steinwandt, but only theoretical performance estimates specific to ASIC technology have been reported to date. We implement the Mesh-Routing method in reconfigurable hardware in order to come up with the concrete performance measures for the implementation of this algorithm in the state-of-the-art FPGA devices. The details of the Mesh Routing hardware architecture are analyzed, designed and implemented. We determine the practical size of a partial mesh that can fit in one FPGA device, Xilinx Virtex II XC2V6000. We report on the speed-up which is in excess of 2600 times with respect to the optimized software implementation based on the MATLAB libraries, running on a Pentium IV machine. Based on the experimental results for a partial mesh implemented on a single FPGA, we calculate the execution time of the Matrix Step for the case of factoring 512-bit and 1024-bit numbers. We further extrapolate the computation time for the case of a square systolic array of FPGAs interconnected among each other. We demonstrate that for practical sizes of numbers used in cryptography, 1024 bits, the Matrix Step of factorization can be performed using 1024 Virtex II FPGAs in less than 40 days