This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.

References

[1]

Adleman, L.M.: Factoring numbers using singular integers. In: STOC, pp. 64-71. ACM, New York (1991).

Digital Library

Google Scholar

[2]

Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A kilobit special number field sieve factorization. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 1-12. Springer, Heidelberg (2007).

Digital Library

Google Scholar

[3]

Bahr, F.: Liniensieben und Quadratwurzelberechnung für das Zahlkörpersieb, Diplomarbeit, University of Bonn (2005).

Google Scholar

[4]

Bahr, F., Böhm, M., Franke, J., Kleinjung, T.: Factorization of RSA-200 (May 2005), http://www.loria.fr/~zimmerma/records/rsa200

Google Scholar

[5]

Buhler, J., Montgomery, P., Robson, R., Ruby, R.: Implementing the number field sieve. Technical report, Oregon State University (1994).

Google Scholar

[6]

Cavallar, S.: Strategies in filtering in the number field sieve. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 209-232. Springer, Heidelberg (2000).

Digital Library

Google Scholar

[7]

Cavallar, S., Dodson, B., Lenstra, A.K., Lioen, W.M., Montgomery, P.L., Murphy, B., te Riele, H.J.J., Aardal, K., Gilchrist, J., Guillerm, G., Leyland, P.C., Marchand, J., Morain, F., Muffett, A., Putnam, C., Putnam, C., Zimmermann, P.: Factorization of a 512-bit RSA modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1-18. Springer, Heidelberg (2000).

Digital Library

Google Scholar

[8]

Coppersmith, D.: Solving linear equations over GF(2): block Lanczos algorithm. Linear Algebra and its Applications 192, 33-60 (1993).

Crossref

Google Scholar

[9]

Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Math. Comput. 62(205), 333-350 (1994).

Digital Library

Google Scholar

[10]

Cowie, J., Dodson, B., Elkenbracht-Huizing, R.M., Lenstra, A.K., Montgomery, P.L., Zayer, J.: A world wide number field sieve factoring record: On to 512 bits. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 382-394. Springer, Heidelberg (1996).

Digital Library

Google Scholar

[11]

Dixon, J.D.: Asymptotically fast factorization of integers. Math. Comp. 36, 255- 260 (1981).

Crossref

Google Scholar

[12]

Franke, J., Kleinjung, T.: Continued fractions and lattice sieving. In: Workshop record of SHARCS (2005), http://www.ruhr-uni-bochum.de/itsc/tanja/ SHARCS/talks/FrankeKleinjung.pdf

Google Scholar

[13]

Golliver, R.A., Lenstra, A.K., McCurley, K.S.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18-27. Springer, Heidelberg (1994).

Digital Library

Google Scholar

[14]

Kleinjung, T.: Cofactorisation strategies for the number field sieve and an estimate for the sieving step for factoring 1024 bit integers. In: Workshop record of SHARCS (2005), http://www.hyperelliptic.org/tanja/SHARCS/talks06/thorsten.pdf

Google Scholar

[15]

Kleinjung, T.: On polynomial selection for the general number field sieve. Math. Comp. 75, 2037-2047 (2006).

Crossref

Google Scholar

[16]

Kleinjung, T.: Polynomial selection. Presented at the CADO Workshop on Integer Factorization (2008), http://cado.gforge.inria.fr/workshop/slides/kleinjung.pdf

Google Scholar

[17]

Lenstra, A.K.: Computational methods in public key cryptology. In: Coding theory and cryptology. Lecture Notes Series, pp. 175-238. Institute for Mathematical Sciences, National University of Singapore (2002).

Google Scholar

[18]

Lenstra, A.K., Lenstra Jr., H.W.: Algorithms in number theory. In: Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity, pp. 673- 716. Elsevier, Amsterdam (1990).

Digital Library

Google Scholar

[19]

Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. LNM, vol. 1554. Springer, Heidelberg (1993).

Crossref

Google Scholar

[20]

Lenstra, A.K., Lenstra Jr., H.W., Manasse, M.S., Pollard, J.M.: The factorization of the ninth Fermat number. Math. of Comp. 61(203), 319-349 (1993).

Crossref

Google Scholar

[21]

Lenstra, A.K., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.C.: Factoring estimates for a 1024-bit RSA modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55-74. Springer, Heidelberg (2003).

Google Scholar

[22]

Massey, J.: Shift-register synthesis and BCH decoding. IEEE Trans Information Theory 15, 122-127 (1969).

Digital Library

Google Scholar

[23]

Montgomery, P.: Square roots of products of algebraic numbers, http://ftp.cwi.nl/pub/pmontgom/sqrt.ps.gz

Google Scholar

[24]

Montgomery, P., Murphy, B.: Improved polynomial selection for the number field sieve. Technical report, the Fields institute, Toronto, Ontario, Canada (June 1999).

Google Scholar

[25]

Morrison, M.A., Brillhart, J.: A method of factoring and the factorization of F ₇. Math. of Comp. 29(129), 183-205 (1975).

Google Scholar

[26]

Murphy, B.: Modelling the yield of number field sieve polynominals. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 137-150. Springer, Heidelberg (1998).

Digital Library

Google Scholar

[27]

National Institute of Standards and Technology. Discussion paper: the transitioning of cryptographic algorithms and key sizes, http://csrc.nist.gov/groups/ST/key_mgmt/documents/ Transitioning_CryptoAlgos_070209.pdf

Google Scholar

[28]

National Institute of Standards and Technology. Special publication 800-57: Recommendation for key management part 1: General (revised), http://csrc.nist.gov/publications/nistpubs/800-57/ sp800-57-Part1-revised2_Mar08-2007.pdf

Google Scholar

[29]

Nguyen, P.Q.: A Montgomery-like square root for the number field sieve. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 151-168. Springer, Heidelberg (1998).

Digital Library

Google Scholar

[30]

Pollard, J.M.: The lattice sieve. In: {19}, pp. 43-49.

Google Scholar

[31]

Pomerance, C.: Analysis and comparison of some integer factoring algorithms. In: Lenstra Jr., H.W., Tijdeman, R. (eds.) Computational Methods in Number Theory, Math. Centrum Tract, Amsterdam, vol. 154, pp. 89-139 (1982).

Google Scholar

[32]

Pomerance, C.: The quadratic sieve factoring algorithm. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 169-182. Springer, Heidelberg (1985).

Digital Library

Google Scholar

[33]

Pomerance, C.: A tale of two sieves (1996), http://www.ams.org/notices/199612/pomerance.pdf

Google Scholar

[34]

Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21, 120-126 (1978).

Digital Library

Google Scholar

[35]

RSA the security division of EMC. The RSA challenge numbers. formerly on http://www.rsa.com/rsalabs/node.asp?id=2093, now on http://en.wikipedia.org/wiki/RSA_numbers

Google Scholar

[36]

RSA the security division of EMC. The RSA factoring challenge FAQ, http://www.rsa.com/rsalabs/node.asp?id=2094

Google Scholar

[37]

Tarantino, Q.: That's a bingo! http://www.youtube.com/watch?v=WtHTc8wIo4Q, http://www.imdb.com/title/tt0361748/quotes

Google Scholar

[38]

Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm. Journal of Symbolic Computation 33(5), 757-775 (2002).

Digital Library

Google Scholar

Cited By

View all

Adrian DBhargavan KDurumeric ZGaudry PGreen MHalderman JHeninger NSpringall DThomé EValenta LVanderSloot BWustrow EZanella-Béguelin SZimmermann P(2018)Imperfect forward secrecyCommunications of the ACM10.1145/329203562:1(106-114)Online publication date: 19-Dec-2018
https://dl.acm.org/doi/10.1145/3292035
Thirumalai CViswanathan P(2018)Hybrid IT architecture by gene-based cryptomata (HITAGC) for lightweight security servicesService Oriented Computing and Applications10.1007/s11761-018-0237-112:3-4(285-294)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s11761-018-0237-1
Faugère JWallet A(2018)The point decomposition problem over hyperelliptic curvesDesigns, Codes and Cryptography10.1007/s10623-017-0449-y86:10(2279-2314)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10623-017-0449-y
Show More Cited By

Recommendations

RSA-OAEP Is Secure under the RSA Assumption

Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor ...
Efficient identity-based RSA multisignatures

A digital multisignature is a digital signature of a message generated by multiple signers with knowledge of multiple private keys. In this paper, an efficient RSA multisignature scheme based on Shamir's identity-based signature (IBS) scheme is ...
Identity-based ring signatures from RSA

Shamir proposed in 1984 the first identity-based signature scheme, whose security relies on the RSA problem. A similar scheme was proposed by Guillou and Quisquater in 1988. Formal security of these schemes was not argued and/or proved until many years ...

Comments

Information & Contributors

Information

Published In

CRYPTO'10: Proceedings of the 30th annual conference on Advances in cryptology

August 2010

743 pages

ISBN:3642146228

Editor:
Tal Rabin
IBM T.J. Watson Research Center, Hawthorne, NY

In-Cooperation

University of California, Santa Barbara

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 15 August 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Adrian DBhargavan KDurumeric ZGaudry PGreen MHalderman JHeninger NSpringall DThomé EValenta LVanderSloot BWustrow EZanella-Béguelin SZimmermann P(2018)Imperfect forward secrecyCommunications of the ACM10.1145/329203562:1(106-114)Online publication date: 19-Dec-2018
https://dl.acm.org/doi/10.1145/3292035
Thirumalai CViswanathan P(2018)Hybrid IT architecture by gene-based cryptomata (HITAGC) for lightweight security servicesService Oriented Computing and Applications10.1007/s11761-018-0237-112:3-4(285-294)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s11761-018-0237-1
Faugère JWallet A(2018)The point decomposition problem over hyperelliptic curvesDesigns, Codes and Cryptography10.1007/s10623-017-0449-y86:10(2279-2314)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10623-017-0449-y
Herold GKirshanova EMay A(2018)On the asymptotic complexity of solving LWEDesigns, Codes and Cryptography10.1007/s10623-016-0326-086:1(55-83)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s10623-016-0326-0
Kumar ALauradoux CLafourcade PGu TKotagiri RLiu H(2017)Duck Attack on Accountable Distributed SystemsProceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services10.1145/3144457.3144480(303-312)Online publication date: 7-Nov-2017
https://dl.acm.org/doi/10.1145/3144457.3144480
Martins PSousa LMariano A(2017)A Survey on Fully Homomorphic EncryptionACM Computing Surveys10.1145/312444150:6(1-33)Online publication date: 6-Dec-2017
https://dl.acm.org/doi/10.1145/3124441
Hastings MFried JHeninger NGill PHeidemann JByers JGovindan R(2016)Weak Keys Remain Widespread in Network DevicesProceedings of the 2016 Internet Measurement Conference10.1145/2987443.2987486(49-63)Online publication date: 14-Nov-2016
https://dl.acm.org/doi/10.1145/2987443.2987486
Martin PRushanan MTantillo TLehmann CRubin A(2016)Applications of Secure Location Sensing in HealthcareProceedings of the 7th ACM International Conference on Bioinformatics, Computational Biology, and Health Informatics10.1145/2975167.2975173(58-67)Online publication date: 2-Oct-2016
https://dl.acm.org/doi/10.1145/2975167.2975173
Wang QFan XZang HWang Y(2016)The Space Complexity Analysis in the General Number Field Sieve Integer FactorizationTheoretical Computer Science10.1016/j.tcs.2016.03.028630:C(76-94)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1016/j.tcs.2016.03.028
Yasuda MShimoyama TKogure JIzu T(2016)Computational hardness of IFP and ECDLPApplicable Algebra in Engineering, Communication and Computing10.1007/s00200-016-0291-x27:6(493-521)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s00200-016-0291-x
Show More Cited By

Abstract

References

Cited By

Recommendations

RSA-OAEP Is Secure under the RSA Assumption

Efficient identity-based RSA multisignatures

Identity-based ring signatures from RSA

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations