Lattice sieving and trial division

Reports on work in progress on our new implementation of the relation collection stage of the general number field sieve integer factoring algorithm. Our experiments indicate that we have achieved a substantial speed-up compared to other implementations that are reported in the literature. The main improvements are a new lattice sieving technique and a trial division method that is based on lattice sieving in a hash table. This also allows us to collect triple and quadruple large prime relations in an efficient manner. Furthermore, we show how the computation can efficiently be shared among multiple processors in a high-bandwidth environmen

Mersenne Factorization Factory

We present work in progress to completely factor seventeen Mersenne numbers using a variant of the special number field sieve where sieving on the algebraic side is shared among the numbers. It is expected that it reduces the overall factoring effort by more than 50%. As far as we know this is the first practical application of Coppersmith’s “factorization factory” idea. Most factorizations used a new double-product approach that led to additional savings in the matrix step

Analysis and Optimization of the TWINKLE Factoring Device

We describe an enhanced version of the TWINKLE factoring device and analyse to what extent it can be expected to speed up the sieving step of the Quadratic Sieve and Number Field Sieve factoring algorithms. The bottom line of our analysis is that the TWINKLE-assisted factorization of 768-bit numbers is difficult but doable in about 9 months (including the sieving and matrix parts) by a large organization which can use 80,000 standard Pentium II PC’s and 5,000 TWINKLE devices

Factorization of RSA-140 using the Number Field Sieve

Colloque avec actes sans comité de lecture.International audienceOn February 2, 1999, we completed the factorization of the 140--digit number RSA--140 with the help of the Number Field Sieve factoring method (NFS). This is a new general factoring record. The previous record was established on April 10, 1996 by the factorization of the 130--digit number RSA--130, also with the help of NFS. The amount of computing time spent on RSA--140 was roughly twice that needed for RSA--130, about half of what could be expected from a straightforward extrapolation of the computing time spent on factoring RSA--130. The speed-up can be attributed to a new polynomial selection method for NFS which will be sketched in this paper. The implications of the new polynomial selection method for factoring a 512--bit RSA modulus are discussed and it is concluded that 512--bit (= 155--digit) RSA moduli are easily and realistically within reach of factoring efforts similar to the one presented here

Factorization of RSA-140 Using the Number Field Sieve

On February 2, 1999, we completed the factorization of the 140--digit number RSA--140 with the help of the Number Field Sieve factoring method (NFS). This is a new general factoring record. The previous record was established on April 10, 1996 by the factorization of the 130--digit number RSA--130, also with the help of NFS. The amount of computing time spent on RSA--140 was roughly twice that needed for RSA--130, about half of what could be expected from a straightforward extrapolation of the computing time spent on factoring RSA--130. The speed-up can be attributed to a new polynomial selection method for NFS which will be sketched in this paper

The Function Field Sieve is quite special

International audienceIn this paper, we describe improvements to the function field sieve (FFS) for the discrete logarithm problem in $GF(p^n)$, when $p$ is small. Our main contribution is a new way to build the algebraic function fields needed in the algorithm. With this new construction, the heuristic complexity is as good as the complexity of the construction proposed by Adleman and Huang~\cite{AdHu99}, i.e $L_{p^n}[{1}/{3},c] = \exp( (c+o(1)) \log(p^n)^{\frac{1}{3}} \log(\log(p^n))^{\frac{2}{3}})$ where $c=(32/9)^{\frac{1}{3}}$. With either of these constructions the FFS becomes an equivalent of the special number field sieve used to factor integers of the form $A^N\pm B$. From an asymptotic point of view, this is faster than older algorithm such as Coppersmith's algorithm and Adleman's original FFS. From a practical viewpoint, we argue that our construction has better properties than the construction of Adleman and Huang. We demonstrate the efficiency of the algorithm by successfully computing discrete logarithms in a large finite field of characteristic two, namely $GF(2^{521})$

Runnemede: An Architecture for Ubiquitous High-Performance Computing

DARPA’s Ubiquitous High-Performance Computing (UHPC) program asked researchers to develop computing systems capable of achieving energy efficiencies of 50 GOPS/Watt, assuming 2018-era fabrication technologies. This paper describes Runnemede, the research architecture developed by the Intel-led UHPC team. Runnemede is being developed through a co-design process that considers the hardware, the runtime/OS, and applications simultaneously. Near-threshold voltage operation, fine-grained power and clock management, and separate execution units for runtime and application code are used to reduce energy consumption. Memory energy is minimized through application-managed on-chip memory and direct physical addressing. A hierarchical on-chip network reduces communication energy, and a codelet-based execution model supports extreme parallelism and fine-grained tasks. We present an initial evaluation of Runnemede that shows the design process for our on-chip network, demonstrates 2-4x improvements in memory energy from explicit control of on-chip memory, and illustrates the impact of hardware-software co-design on the energy consumption of a synthetic aperture radar algorithm on our architecture. 1

Factorization of a 512-bit RSA Modulus

Colloque avec actes et comité de lecture. internationale.International audienceOn August 22, 1999, we completed the factorization of the 512--bit 155--digit number RSA--155 with the help of the Number Field Sieve factoring method (NFS). This is a new record for factoring general numbers. Moreover, 512--bit RSA keys are frequently used for the protection of electronic commerce---at least outside the USA---so this factorization represents a breakthrough in research on RSA--based systems. The previous record, factoring the 140--digit number RSA--140, was established on February 2, 1999, also with the help of NFS, by a subset of the team which factored RSA--155. The amount of computing time spent on RSA--155 was about 8400 MIPS years, roughly four times that needed for RSA--140; this is about half of what could be expected from a straightforward extrapolation of the computing time spent on factoring RSA--140 and about a quarter of what would be expected from a straightforward extrapolation from the computing time spent on RSA--130. The speed-up is due to a new polynomial selection method for NFS of Murphy and Montgomery which was applied for the first time to RSA--140 and now, with improvements, to RSA--155