Space Complexity Analysis of Sieving in the Number Field Sieve Integer Factorization
نویسندگان
چکیده
The general number sieve is the most efficient algorithm known integer factorization, it consists of polynomial selection, sieving, solving equations and finding square roots. In this paper, the p adic − evaluation provided by each root and the expected p − value are given, then we get the space complexity of sieving over the ring / 2 � � . Introduction In 1976, Diffie and Hellman published their paper "New direction in cryptography"[1]. It is regarded as a milestone for the research and development of cryptography. In their paper they first introduced public-key cryptography, also named asymmetric cryptography. Since then, public-key cryptography has been widely applied in encryption, digital signature, key exchange, and so on. In 1977, Rivest, Shamir and Adleman proposed a public-key cryptographic algorithm suitable for both signing and encryption, known as RSA [2]. The RSA algorithm depends on assumed difficulty of the large integer factorization problem. Pollard described a new method for factoring integers of a special form , the manuscript was enclosed with a letter to Odlyzko, dated 31 August 1988. This method is called the special number field sieve (SNFS)[3]. The general number field sieve (GNFS) was developed from the special number field sieve (SNFS) . It is the most efficient algorithm known integer factorization. GNFS has been used in many (current and previous) record factorization such as RSA-768[4]. In this paper, the term "number field sieve" refers to the general number field sieve unless otherwise mentioned. It consists of several stages as follows: Step1: polynomial selection [5][6][7]. Let n be the integer to be factored. The number field sieve starts by choosing two irreducible and coprime polynomials ( ) f x and ( ) g x over� which share a common root m modulo n . It is desirable that the polynomial pair can produce many smooth integer across the sieve region. We assume ( ) , f g be the chosen polynomial pair. For convenience, ( ) f x is referred to as the algebraic polynomial and ( ) g x is referred to as the rational polynomial. Setp2: sieving [8]. Given a polynomial pair ( ) , f g , we want to find many coprime pairs such that ( ) N a ba − and a bm − are both smooth with respect to some integers f B , g B , where f B is algebraic boundary, and g B is the rational boundary. In practice, the notations ( ) , F x y and ( ) , G x y for the homogenized polynomials corresponding to ( ) f x and ( ) g x are often used. Step 3: solving equations [9][10]. 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) © 2015. The authors Published by Atlantis Press 335 Solving equations can be divided into structured Gaussian elimination, solving equations. Structured Gaussian elimination contains: removing duplicates, discarding singletons and so on. We used Block Lanczos algorithm and Block Wiedemann algorithm to solve the huge sparse equations over the field 2 F . Step 4: finding square roots [11][12]. In the final step, we want to find the square roots ( ) ( ) , a b S a ba ∈ − ∏ . The algorithms for finding square roots consist of UFD method, method of Couveignes, Montgomery-Nguyen, and Emmanuel Thome methods. They are based on the Chinese Remainder Theorem. Through the above four steps, according to the homomorphism mapping, get ( ) 2 , x y ∈� , satisfy ( ) 2 2 mod , x y n ≡ which may give a factor of n with probability at least 1 2 . The space complexity analysis of sieving have important significance for the number field sieve. p − value of every root If | h p ∆ / , the evaluation of a root ( ) 1 / e p ξ ∈ � � P is given in[7]:
منابع مشابه
Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms
Many cryptographic protocols derive their security from the apparent computational intractability of the integer factorization problem. Currently, the best known integer-factoring algorithms run in subexponential time. Efficient parallel implementations of these algorithms constitute an important area of practical research. Most reported implementations use multi-core and/or distributed paralle...
متن کاملCAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method
The hardness of the integer factorization problem assures the security of some public-key cryptosystems including RSA, and the number field sieve method (NFS), the most efficient algorithm for factoring large integers currently, is a threat for such cryptosystems. Recently, dedicated factoring devices attract much attention since it might reduce the computing cost of the number field sieve meth...
متن کاملA Dedicated Sieving Hardware
We describe a hardware device for supporting the sieving step in integer factoring algorithms like the quadratic sieve or the number field sieve. In analogy to Bernstein’s proposal for speeding up the linear algebra step, we rely on a mesh of very simple processing units. Manufacturing the device at moderate cost with current hardware technology on standard wafers with 200 mm or 300 mm diameter...
متن کاملAnalysis and Optimization of the TWINKLE Factoring Device
We describe an enhanced version of the TWINKLE factoring device and analyse to what extent it can be expected to speed up the sieving step of the Quadratic Sieve and Number Field Sieve factoring algorithms. The bottom line of our analysis is that the TWINKLE-assisted factorization of 768-bit numbers is difficult but doable in about 9 months (including the sieving and matrix parts) by a large or...
متن کاملCAIRN 3: An FPGA Implementation of the Sieving Step with the Lattice Sieving
The hardness of the integer factorization problem assures the security of some public-key cryptosystems including RSA, and the number field sieve method (NFS), the most efficient algorithm for factoring large integers currently, is a threat for such cryptosystems. Recently, Izu et al. developed a dedicated sieving device “CAIRN 2” with Xilinx’s FPGA which is designed to handle up to 768-bit int...
متن کامل