CAIRN 3: An FPGA Implementation of the Sieving Step with the Lattice Sieving
نویسندگان
چکیده
The hardness of the integer factorization problem assures the security of some public-key cryptosystems including RSA, and the number field sieve method (NFS), the most efficient algorithm for factoring large integers currently, is a threat for such cryptosystems. Recently, Izu et al. developed a dedicated sieving device “CAIRN 2” with Xilinx’s FPGA which is designed to handle up to 768-bit integers. However, since CAIRN 2 uses the line sieving, it is not optimized from the viewpoint of the efficiency. In this paper, we report some results of an FPGA-based sieving hardware “CAIRN 3” with the lattice sieving. In the experimental sieving for a 768-bit integer (RSA768), CAIRN 3 is about 38 times faster than CAIRN 2. It is estimated that the full sieving for RSA768 requires about 270 years with single CAIRN 3.
منابع مشابه
CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method
The hardness of the integer factorization problem assures the security of some public-key cryptosystems including RSA, and the number field sieve method (NFS), the most efficient algorithm for factoring large integers currently, is a threat for such cryptosystems. Recently, dedicated factoring devices attract much attention since it might reduce the computing cost of the number field sieve meth...
متن کاملSieving Using Bucket Sort
This paper proposes a new sieving algorithm that employs a bucket sort as a part of a factoring algorithm such as the number field sieve. The sieving step requires an enormous number of memory updates; however, these updates usually cause cache hit misses. The proposed algorithm dramatically reduces the number of cache hit misses when the size of the sieving region is roughly less than the squa...
متن کاملTuning GaussSieve for Speed
The area of lattice-based cryptography is growing ever-more prominent as a paradigm for quantum-resistant cryptography. One of the most important hard problem underpinning the security of latticebased cryptosystems is the shortest vector problem (SVP). At present, two approaches dominate methods for solving instances of this problem in practice: enumeration and sieving. In 2010, Micciancio and ...
متن کاملNotes in Computer Science 2729
The security of the RSA cryptosystem depends on the difficulty of factoring large integers. The best current factoring algorithm is the Number Field Sieve (NFS), and its most difficult part is the sieving step. In 1999 a large distributed computation involving hundreds of workstations working for many months managed to factor a 512-bit RSA key, but 1024-bit keys were believed to be safe for the...
متن کاملFactoring Large Numbers with the TWIRL Device
The security of the RSA cryptosystem depends on the difficulty of factoring large integers. The best current factoring algorithm is the Number Field Sieve (NFS), and its most difficult part is the sieving step. In 1999 a large distributed computation involving hundreds of workstations working for many months managed to factor a 512-bit RSA key, but 1024-bit keys were believed to be safe for the...
متن کامل