B. Dixon and A.K. Lenstra,."Factoring Integers Using SIMD Sieves", Lecture Notes in Computer Science 765: Advances in Cryptology - Eurocrypt '93, Springer-Verlag, pp. 28-39.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....memory if it is available, clearly something has to give. Some recent results from factoring 100 plus digit numbers are given below. Results from some recent factorizations All results obtained using the quadratic sieve Digits MIPS years Year Reference Remarks 100 1991 [DDLM93] 100 27 1993 [DL93] SIMD Implementation 3 days 110 180 270 1993 [DL93] SIMD 30 days 116 400 1993 [DL93] Distributed over a network 120 825 1993 [DDLM93] Four sites one using SIMD 129 4000 6000 1994 [AGLL94] Massive internet project One company with a large interest in the difficulty of factoring is RSA ....

....Some recent results from factoring 100 plus digit numbers are given below. Results from some recent factorizations All results obtained using the quadratic sieve Digits MIPS years Year Reference Remarks 100 1991 [DDLM93] 100 27 1993 [DL93] SIMD Implementation 3 days 110 180 270 1993 [DL93] SIMD 30 days 116 400 1993 [DL93] Distributed over a network 120 825 1993 [DDLM93] Four sites one using SIMD 129 4000 6000 1994 [AGLL94] Massive internet project One company with a large interest in the difficulty of factoring is RSA Data 2 Security Inc, the patent holders on the RSA ....

[Article contains additional citation context not shown here]

Dixon and Lenstra. Factoring Integers Using SIMD Sieves. in EUROCRYPT '93. pp28--39. Lecture Notes in Computer Science 765. Springer-Verlag.

....with Virtual Processing 13.1 Introduction This chapter continues the discussion of our implementation project on the massively parallel computer MasPar MP 1. There has been a fair amount of prior work for implementing parallel algorithms on massively parallel machines [AS92, BLM 91, DL92a, DL92b, HPR92, NT92, PS90] since the completion of the first phase of our project reported in Chapter 11. However, most of this work has been targeted towards solving problems that are highly structured and are not very difficult to scale up. The focus of our work is on solving graph theoretical ....

B. Dixon and A. K. Lenstra. Factoring integers using SIMD sieves. Manuscript, 1992.

....factor of z t , then n is a quadratic residue modulo p. 3) When t is in the range GammaA 1 t A, then z t is small. A couple of different approaches have been proposed. The one we describe here was suggested by Peter Montgomery, and was implemented in the program used to factor RSA 129. [DL, Si] This approach requires n j 1 mod 4. If n j 3 mod 4, use a multiplier m j 3 mod 4 as discussed in x10. Suppose that a and b are integers satisfying b 2 j n mod 4a 2 . Since gcf(2a; n) 1, then we can use the Euclidean algorithm to obtain a number, denoted (2a) Gamma1 , such that 2a(2a) ....

B. Dodson, A. K. Lenstra, Factoring integers using SIMD sieves, Advances in Cryptology, Eurocrypt `93, Lecture Notes in Comput. Sci. 765 (1994), 28--39.

....publication in Theoretical Computer Science 1 Introduction This paper describes an on going project for implementing parallel algorithms on the massively parallel SIMD machine MasPar MP 1. There are important problems that can be solved on massively parallel SIMD machines with virtual processing [4,5,15,13,22,27,28,39,40]. In [19] we reported the implementation of several parallel graph algorithms on the MasPar MP 1 using the parallel language MPL [30,31] which is an extension of the C language [25] The MPL language provides an efficient way of using the MasPar MP 1. However, it requires the user to specify the ....

A. K. Lenstra. Factoring integers using simd sieves. Technical Report TRMP /PA-28.94, MasPar Computer Corporation, 1993.

....we implemented several different parallel algorithms for the connected components problem, including one randomized algorithm, and tested our code with respect to various fine tuning techniques. Related work on implementing combinatorial algorithms on massively parallel machines can be found in [1, 3, 4, 8, 9, 10, 11, 15, 16, 18, 19, 30, 38, 39, 41, 48]. Also there has been work reported on implementing combinatorial algorithms on a vector super computer [16, 45, 49] and on a distributed memory machine [29] The rest of the paper is organized as follows. Section 2 describes the algorithms implemented which includes an algorithm that we devised ....

B. Dixon and A. K. Lenstra, Factoring integers using SIMD sieves, Manuscript, 1992.

....by an IBM graduate fellowship. 1 Introduction This paper describes an on going project for implementing parallel graph algorithms on the massively parallel machine MasPar MP 1. There has been a fair amount of prior work on implementing parallel algorithms on massively parallel machines [1, 5, 9, 10, 11, 25, 29] since the completion of the first phase of our project reported in [13] However, most of this work has been targeted towards solving problems that are highly structured and are not very difficult to scale up. The focus of our work is on solving graph theoretical problems for which the algorithms ....

B. Dixon and A. K. Lenstra. Factoring integers using SIMD sieves. Manuscript, 1992.

....program and to store the relations. We give more details of the resource management in Section 5. We estimate that we had approximately 600 contributors using more than 1600 machines and producing about 80 of the relations. The other 20 was contributed by several MasPars running the program from [4]. On March 21 1994 we had about 8:25 million relations, with more than 108 000 fulls and 417 000 cycles. Because 108 000 417 000 524 339 = #P , the cease and desist message was mailed out on March 22. The final counts, on March 26, were: 112 011 fulls, 1 431 337 partials, and 6 881 138 ....

....corresponds to a set W = f(w; e p ) p2P ) w 2 j Q p2P p ep mod rg for which P W (e p ) p2P = 2w p ) p2P for integers w p . Consequently, x j Q W w mod r and y j Q p2P p wp mod r satisfy x 2 j y 2 mod r. 7 Because #P j 51 mod 2 14 we could use the QS implementation from [4] on a 16K MasPar massively parallel computer. The choice is on the high side for this implementation, which performed noticeably worse than expected based on the experience from [2] To find dependencies among the rows of the 569 466 Theta 524 339 bit matrix with, on average, 47 bits per row, ....

B. Dixon, A. K. Lenstra, Factoring integers using SIMD sieves, Advances in Cryptology, Eurocrypt '93, Lecture Notes in Comput. Sci. 765 (1994) 28--39.

....this step requires negligible memory without incurring, in theory, a runtime penalty in practice, however, it is substantially slower than sieving. Intermediate solutions that exchange sieving memory for many tightly coupled processors with small memories could prove valuable too; see [6] for an early example of this approach and [1] for various other interesting proposals that may turn out to be practically relevant. For the asymptotic argument, ECM suces. In improved NFS from [4] it was necessary to use a memory free method when searching for B a smooth numbers (cf. 2.2) in ....

B. Dixon, A.K. Lenstra, Factoring integers using SIMD sieves, Proceedings Eurocrypt 1993, LNCS 765, Springer-Verlag 1994, 28-39

....it imprudent to ignore the possibility altogether, and warn against too strong reliance on the belief that specialpurpose attacks on RSA are impossible. To illustrate this, the quadratic sieve factoring method was implemented successfully on a Single Instruction Multiple Data architecture (cf. [11]) A SIMD machine is by no means special purpose hardware, but it could be relatively cheap compared to ordinary PCs. Effectiveness of guessing. Obviously, key sizes for classical asymmetric systems have to be larger than 512 to obtain any security at all (where 512 is the size of the broken RSA ....

....from the computationally equivalent ones. Note that the factor 26 P should be taken with a large grain of salt. Its scientific merit is in our opinion questionable because it is based on the presumed infeasibility of special purpose hardware attacks on RSA (cf. 2.3. 1) and the pipelined design in [11]) 3.7. Memory considerations The processors contributing to a parallelized exhaustive key search do not require a substantial amount of memory. This is also the case for the processors involved in a parallelized attack using Pollards rho method against SDL or EC systems. Although for the ....

B. Dixon, A.K. Lenstra, Factoring integers using SIMD sieves, Proceedings Eurocrypt93, LNCS 765, 28-39.

....nd it imprudent to ignore the possibility altogether, and warn against too strong a reliance on the belief that special purpose attacks on RSA are impossible. To illustrate this, the quadratic sieve factoring method was implemented successfully on a Single Instruction Multiple Data architecture [12]. A SIMD machine is by no means special purpose hardware, but it could be relatively cheap compared to ordinary PCs. 2.4.8 E ectiveness of guessing. Obviously, key sizes for classical asymmetric systems have to be larger than 512 to obtain any security at all (where 512 is the size of the ....

....the computationally equivalent ones. 25 Note that the factor 26 # P should be taken with a large grain of salt. Its scienti c merit is in our opinion questionable because it is based on the presumed infeasibility of special purpose hardware attacks on RSA (cf. 2.4. 7 and the pipelined design in [12]) 3.3 Memory considerations The processors contributing to a parallelized exhaustive key search do not require a substantial amount of memory. This is also the case for the processors involved in a parallelized attack using Pollard s rho method against SDL or EC systems. Although for the ....

B. Dixon, A.K. Lenstra, Factoring integers using SIMD sieves, Proceedings Eurocrypt '93, LNCS 765, 28-39, Springer 1993.

....it imprudent to ignore the possibility altogether, and warn against too strong reliance on the belief that specialpurpose attacks on RSA are impossible. To illustrate this, the quadratic sieve factoring method was implemented successfully on a Single Instruction Multiple Data architecture 9 (cf. [11]) A SIMD machine is by no means special purpose hardware, but it could be relatively cheap compared to ordinary PCs. Effectiveness of guessing. Obviously, key sizes for classical asymmetric systems have to be larger than 512 to obtain any security at all (where 512 is the size of the broken ....

....the factor 2500 should be taken with a large grain of salt. Its scientific merit is in our opinion questionable because it is based 19 on a guess for the price of stripped down PCs and the presumed infeasibility of specialpurpose hardware attacks on RSA (cf. 2.3. 1) and the pipelined design in [11]) 3.7. Memory considerations The processors contributing to a parallelized exhaustive key search do not require a substantial amount of memory. This is also the case for the processors involved in a parallelized attack using Pollard s rho method against SDL or EC systems. Although for ....

B. Dixon, A.K. Lenstra, Factoring integers using SIMD sieves, Proceedings Eurocrypt'93, LNCS 765, 28-39.

....the primes were discarded, so no one not even the employees of RSA Data Security knows any product s factors. RSA 100 was factored in April 1991 by the third and fourth author into two 50 digit primes, and RSA 110 was factored in April 1992 by the third author into two 55 digit primes [4]. Here we discuss some of the data that we gathered during our QS factorization of RSA 120, and we present its two 60 digit prime factors. This factorization is a new general purpose factoring record, breaking the old record by 4 digits. A reader who wished to argue that the 116 digit record has ....

.... on workstations at the university of Saarbrucken [3] the other authors used the program from [10; 11] on workstations at Lehigh University, Bellcore, and DEC SRC, and the third author used his SIMD QS implementation on Bellcore s massively parallel machine (MasPar) as described in [4]. 5 Secondly, we did not impose artificial restrictions on any of the parameters that have to be chosen, as the authors of [11] readily admit to have done (for the reasons mentioned above) As a consequence, the memory demands of our programs, as well as the further storage requirements, vastly ....

Dixon, B., Lenstra, A. K.: Factoring integers using SIMD sieves. Advances in Cryptology, Eurocrypt '93, Lecture Notes in Comput. Sci. (to appear)

No context found.

B. Dixon and A.K. Lenstra,."Factoring Integers Using SIMD Sieves", Lecture Notes in Computer Science 765: Advances in Cryptology - Eurocrypt '93, Springer-Verlag, pp. 28-39.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC