Space Complexity Analysis of Sieving in the Number Field Sieve Integer Factorization

The general number sieve is the most efficient algorithm known integer factorization, it consists of polynomial selection, sieving, solving equations and finding square roots. In this paper, the p adic − evaluation provided by each root and the expected p − value are given, then we get the space complexity of sieving over the ring / 2 � � . Introduction In 1976, Diffie and Hellman published their paper "New direction in cryptography"[1]. It is regarded as a milestone for the research and development of cryptography. In their paper they first introduced public-key cryptography, also named asymmetric cryptography. Since then, public-key cryptography has been widely applied in encryption, digital signature, key exchange, and so on. In 1977, Rivest, Shamir and Adleman proposed a public-key cryptographic algorithm suitable for both signing and encryption, known as RSA [2]. The RSA algorithm depends on assumed difficulty of the large integer factorization problem. Pollard described a new method for factoring integers of a special form , the manuscript was enclosed with a letter to Odlyzko, dated 31 August 1988. This method is called the special number field sieve (SNFS)[3]. The general number field sieve (GNFS) was developed from the special number field sieve (SNFS) . It is the most efficient algorithm known integer factorization. GNFS has been used in many (current and previous) record factorization such as RSA-768[4]. In this paper, the term "number field sieve" refers to the general number field sieve unless otherwise mentioned. It consists of several stages as follows: Step1: polynomial selection [5][6][7]. Let n be the integer to be factored. The number field sieve starts by choosing two irreducible and coprime polynomials ( ) f x and ( ) g x over� which share a common root m modulo n . It is desirable that the polynomial pair can produce many smooth integer across the sieve region. We assume ( ) , f g be the chosen polynomial pair. For convenience, ( ) f x is referred to as the algebraic polynomial and ( ) g x is referred to as the rational polynomial. Setp2: sieving [8]. Given a polynomial pair ( ) , f g , we want to find many coprime pairs such that ( ) N a ba − and a bm − are both smooth with respect to some integers f B , g B , where f B is algebraic boundary, and g B is the rational boundary. In practice, the notations ( ) , F x y and ( ) , G x y for the homogenized polynomials corresponding to ( ) f x and ( ) g x are often used. Step 3: solving equations [9][10]. 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) © 2015. The authors Published by Atlantis Press 335 Solving equations can be divided into structured Gaussian elimination, solving equations. Structured Gaussian elimination contains: removing duplicates, discarding singletons and so on. We used Block Lanczos algorithm and Block Wiedemann algorithm to solve the huge sparse equations over the field 2 F . Step 4: finding square roots [11][12]. In the final step, we want to find the square roots ( ) ( ) , a b S a ba ∈ − ∏ . The algorithms for finding square roots consist of UFD method, method of Couveignes, Montgomery-Nguyen, and Emmanuel Thome methods. They are based on the Chinese Remainder Theorem. Through the above four steps, according to the homomorphism mapping, get ( ) 2 , x y ∈� , satisfy ( ) 2 2 mod , x y n ≡ which may give a factor of n with probability at least 1 2 . The space complexity analysis of sieving have important significance for the number field sieve. p − value of every root If | h p ∆ / , the evaluation of a root ( ) 1 / e p ξ ∈ � � P is given in[7]: