Factorisation of RSA-704 with CADO-NFS

We give details of the factorization of RSA-704 with CADO-NFS. This is a record computation with publicly available software tools. The aim of this experiment was to stress CADO-NFS — which was originally designed for 512-bit factorizations — for larger inputs, and to identify possible rooms of improvement. We report on the factorization of RSA-704 (212 decimal digits), which is the 2nd largest integer factorization with the General Number Field Sieve (GNFS), after the factorization of RSA-768 (232 digits) in December 2009 [3]. 1. Polynomial Selection Polynomial selection started end of April 2011. We used the following degree-6 polynomial: f(x) = 10614120x + 62813641710611x + 1938361239259842311964x + 931957113890545875115664715x − 11187228497714282733145127980606483x + 275791344247583495761263211927712634450x + 631618785519411550157074523461307229101210175 with 4 real roots, skewness 2159616.00, Murphy’s α = −9.46, and Murphy E-value 9.55 · 10−16, together with the linear polynomial g(x) = 1701314346829200310007393599x− 10040119372014939875708192394943108. This polynomial pair was found using the CADO-NFS implementation of Kleinjung’s 2008 algorithm [2], and can be reproduced as follows: $ ./polyselect2l -nq 800 -lq 7 -degree 6 -incr 60 -maxnorm 70 -admin 10614120 -admax 10614120 -N 740...359 -seed 1331320045 2000000 ... Y1: 1701314346829200310007393599 Y0: -10040119372014939875708192394943108 c6: 10614120 c5: 62813641710611 c4: 1938361239259842311964 c3: 931957113890545875115664715 c2: -11187228497714282733145127980606483 c1: 275791344247583495761263211927712634450 c0: 631618785519411550157074523461307229101210175 Date: July 1st, 2012. 1 The command-line above says that we are searching the leading coefficient of the linear polynomial g(x) of the form g1 = p1p2 · · · p7q1q2 with P < q1, q2 < 2P , P = 2000000, and p1, ..., p7 are seven small primes. We also looked for degree-5 polynomials, but we prefered to use a degree-6 polynomial since CADO-NFS had been less used — if any at all — with such a degree. The total time spent in polynomial selection was about 12 core years (about 2.2 for degree 5, and 9.9 for degree 6), using about 100 cores at ANU.