Abstract
We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number 21039− 1. Although this factorization is orders of magnitude ‘easier’ than a factorization of a 1024-bit RSA modulus is believed to be, the methods we used to obtain our result shed new light on the feasibility of the latter computation.
Chapter PDF
Similar content being viewed by others
References
Aoki, K., Kida, Y., Shimoyama, T., Ueda, H.: http://www.crypto-world.com/announcements/SNFS274.txt
Aoki, K., Shimoyama, T.: R311 is factored by ECM, Proceedings of SCIS 2004, no.2E1-1, Hiroshima, Japan, Technical Group on Information Security (IEICE) (in Japanese)
Bahr, F.: Liniensieben und Quadratwurzelberechnung für das Zahlkörpersieb, University of Bonn (2005)
Cavallar, S.: Strategies for filtering in the number field sieve. In: Bosma, W. (ed.) ANTS IV. LNCS, vol. 1838, pp. 209–231. Springer, Heidelberg (2000)
Cavallar, S., Dodson, B., Lenstra, A.K., Leyland, P., Montgomery, P.L., Murphy, B., te Riele, H., Zimmermann, P., et al.: Factoring a 512-bit RSA modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1–18. Springer, Heidelberg (2000)
Coppersmith, D.: Solving linear equations over GF(2): block Lanczos algorithm. Linear algebra and its applications 192, 33–60 (1993)
Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Math. of Comp. 62, 333–350 (1994)
Franke, J., Kleinjung, T.: Continued fractions and lattice sieving. In: Proceedings SHARCS 2005, http://www.ruhr-uni-bochum.de/itsc/tanja/SHARCS/talks/FrankeKleinjung.pdf
Kleinjung, T.: Cofactorisation strategies for the number field sieve and an estimate for the sieving step for factoring 1024-bit integers. In: Proceedings SHARCS 2006, http://www.hyperelliptic.org/tanja/SHARCS/talks06/thorsten.pdf .
Lenstra, A.K., Lenstra, H.W.: The development of the number field sieve. LNM, vol. 1554. Springer, Heidelberg (1993)
Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes, J. of Cryptology 14, 255–293 (2001)
Lenstra, H.W.: Factoring integers with elliptic curves, Ann. of Math. 126, 649–673 (1987)
Montgomery, P.L.: A block Lanczos algorithm for finding dependencies over GF(2). In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 106–120. Springer, Heidelberg (1995)
Montgomery, P.L.: Square roots of products of algebraic numbers, http://ftp.cwi.nl/pub/pmontgom/sqrt.ps.gz
Nguyen, P.: A Montgomery-like square root for the number field sieve. In: Buhler, J.P. (ed.) ANTS III. LNCS, vol. 1423, pp. 151–168. Springer, Heidelberg (1998)
Pomerance, C.: A tale of two sieves, http://www.ams.org/notices/199612/pomerance.pdf
Prime95, http://www.mersenne.org/freesoft.htm
Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm. Journal of symbolic computation 33, 757–775 (2002)
Zimmermann, P.: http://gforge.inria.fr/projects/ecm/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A. (2007). A Kilobit Special Number Field Sieve Factorization. In: Kurosawa, K. (eds) Advances in Cryptology – ASIACRYPT 2007. ASIACRYPT 2007. Lecture Notes in Computer Science, vol 4833. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76900-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-76900-2_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76899-9
Online ISBN: 978-3-540-76900-2
eBook Packages: Computer ScienceComputer Science (R0)