Abstract
Significant progress in the design of special purpose hardware for supporting the Number Field Sieve (NFS) has been made. From a practical cryptanalytic point of view, however, none of the published proposals for coping with the sieving step is satisfying. Even for the best known designs, the technological obstacles faced for the parameters expected for a 1024-bit RSA modulus are significant.
Below we present a new hardware design for implementing the sieving step. The suggested chips are of moderate size and the inter-chip communication does not seem unrealistic. According to our preliminary analysis of the 1024-bit case, we expect the new design to be about 2 to 3.5 times slower than TWIRL (a wafer-scale design). Due to the more moderate technological requirements, however, from a practical cryptanalytic point of view the new design seems to be no less attractive than TWIRL.
Chapter PDF
Similar content being viewed by others
References
Bernstein, D.J.: Circuits for Integer Factorization: a Proposal (2001), At the time of writing available electronically at: http://cr.yp.to/papers/nfscircuit.pdf
Bosma, W., Cannon, J.J., Playoust, C.: The Magma Algebra System I: The User Language. Journal of Symbolic Computation 24, 235–265 (1997)
Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 119–130. Springer, Heidelberg (2005)
Geiselmann, W., Januszewski, F., Köpfer, H., Pelzl, J., Steinwandt, R.: A Simpler Sieving Device: Combining ECM and TWIRL. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 118–135. Springer, Heidelberg (2006)
Geiselmann, W., Köpfer, H., Steinwandt, R., Tromer, E.: Improved Routing-Based Linear Algebra for the Number Field Sieve. In: Proceedings of ITCC ’05 – Track on Embedded Cryptographic Systems, IEEE Computer Society Press, Los Alamitos (2005)
Geiselmann, W., Shamir, A., Steinwandt, R., Tromer, E.: Scalable Hardware for Sparse Systems of Linear Equations, with Applications to Integer Factorization. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 131–146. Springer, Heidelberg (2005)
Geiselmann, W., Steinwandt, R.: A Dedicated Sieving Hardware. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 254–266. Springer, Heidelberg (2002)
Geiselmann, W., Steinwandt, R.: Hardware to Solve Sparse Systems of Linear Equations over GF(2). In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 51–61. Springer, Heidelberg (2003)
Geiselmann, W., Steinwandt, R.: Yet Another Sieving Device. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 278–291. Springer, Heidelberg (2004)
Izu, T., Kunihiro, N., Ohta, K., Shimoyama, T.: Analysis on the Clockwise Transposition Routing for Dedicated Factoring Devices. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 232–242. Springer, Heidelberg (2006)
Lenstraand, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Heidelberg (1993)
Lenstra, A.K., Shamir, A.: Analysis and Optimization of the TWINKLE Factoring Device. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 35–52. Springer, Heidelberg (2000)
Lenstra, A.K., Shamir, A., Tomlinson, J., Tromer, E.: Analysis of Bernstein’s Factorization Circuit. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 1–26. Springer, Heidelberg (2002)
Lenstra, A.K., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.C.: Factoring Estimates for a 1024-Bit RSA Modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)
Shamir, A.: Factoring Large Numbers with the TWINKLE Device. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 2–12. Springer, Heidelberg (1999)
Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Geiselmann, W., Steinwandt, R. (2007). Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-Bit. In: Naor, M. (eds) Advances in Cryptology - EUROCRYPT 2007. EUROCRYPT 2007. Lecture Notes in Computer Science, vol 4515. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72540-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-72540-4_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72539-8
Online ISBN: 978-3-540-72540-4
eBook Packages: Computer ScienceComputer Science (R0)