Abstract
Since 1999 specialized hardware architectures for factoring numbers of 1024 bit size with the General Number Field Sieve (GNFS) have attracted a lot of attention ([Ber], [ST]). Concerns about the feasibility of giant monolytic ASIC architectures such as TWIRL have been raised. Therefore, we propose a parallelized lattice sieving device called SHARK, which completes the sieving step of the GNFS for a 1024-bit number in one year. Its architecture is modular and consists of small ASICs connected by a specialized butterfly transport system. We estimate the costs of such a device to be less than US$ 200 million. Because of the modular architecture based on small ASICs, we claim that this device can be built with today’s technology.
Chapter PDF
Similar content being viewed by others
References
Bernstein, D.J.: Circuits for Integer Factorization: A Proposal. Manuscript (November 2001), http://cr.yp.to/papers.html#nfscircuit
Franke, J., Kleinjung, T.: Continued Fractions and Lattice Sieving. In: Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2005, Paris (2005), http://www.ruhr-uni-bochum.de/itsc/tanja/SHARCS/talks/FrankeKleinjung.pdf
Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Šimka, M., Stahlke, C.: An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method. In: Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2005, Paris (2005), http://www.ruhr-uni-bochum.de/itsc/tanja/SHARCS/talks/ecm_paper.pdf
Geiselmann, W., Steinwandt, R.: Yet another sieving device. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 278–291. Springer, Heidelberg (2004)
Golliver, R.A., Lenstra, A.K., McCurley, K.S.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18–27. Springer, Heidelberg (1994)
Lenstra, A.K., Lenstra Jr., H.W. (eds.): The Development of the Number Field Sieve. Lecture Notes in Math., vol. 1554. Springer, Heidelberg (1993)
Lenstra, A.K., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.: Factoring Estimates for a 1024-bit RSA Modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)
Franke, J., Kleinjung, T., et al.: RSA-576. Email announcement (2003), http://www.crypto-world.com/announcements/rsa576.txt
Franke, J., Kleinjung, T., et al.: RSA-200. Email announcement (May 2005), http://www.crypto-world.com/announcements/rsa200.txt
Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003), http://www.wisdom.weizmann.ac.il/~tromer/papers/twirl.ps.gz
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C. (2005). SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers. In: Rao, J.R., Sunar, B. (eds) Cryptographic Hardware and Embedded Systems – CHES 2005. CHES 2005. Lecture Notes in Computer Science, vol 3659. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11545262_9
Download citation
DOI: https://doi.org/10.1007/11545262_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28474-1
Online ISBN: 978-3-540-31940-5
eBook Packages: Computer ScienceComputer Science (R0)