Advertisement

NFS with Four Large Primes: An Explosive Experiment

  • Bruce Dodson
  • Arjen K. Lenstra
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 963)

Abstract

The purpose of this paper is to report the unexpected results that we obtained while experimenting with the multi-large prime variation of the general number field sieve integer factoring algorithm (NFS, cf. [8]). For traditional factoring algorithms that make use of at most two large primes, the completion time can quite accurately be predicted by extrapolating an almost quartic and entirely ‘smooth’ function that counts the number of useful combinations among the large primes [1]. For NFS such extrapolations seem to be impossible—the number of useful combinations suddenly ‘explodes’ in an as yet unpredictable way, that we have not yet been able to understand completely. The consequence of this explosion is that NFS is substantially faster than expected, which implies that factoring is somewhat easier than we thought.

Keywords

Completion Time Partial Relation Partition Number Collision Resolution Independent Cycle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    D. Atkins, M. Graff, A.K. Lenstra, and P.C. Leyland, THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE, Asiacrypt’94, to appear.Google Scholar
  2. 2.
    J. Buchmann, J. Loho, and J. Zayer, Triple-large-prime variation, manuscript, 1993.Google Scholar
  3. 3.
    J. Buchmann, J. Loho, and J. Zayer, An implementation of the general number field sieve, Advances in Cryptology, Crypto’93, Lecture Notes in Comput. Sci. 773 (1994), 159–165.Google Scholar
  4. 4.
    S. Contini and A. K. Lenstra, Implementations of blocked Lanczos and Wiedemann algorithms, in preparation.Google Scholar
  5. 5.
    T. Denny, B. Dodson, A. K. Lenstra, and M. S. Manasse, On the factorization of RSA-120, Advances in Cryptology, Crypto’93, Lecture Notes in Comput. Sci. 773 (1994), 166–174.Google Scholar
  6. 6.
    R. Golliver, A. K. Lenstra, and K. McCurley, Lattice sieving and trial division, ANTS’94, Lecture Notes in Comput. Sci. 877 (1994), 18–27.Google Scholar
  7. 7.
    B. A. LaMacchia and A. M. Odlyzko, Solving Large Sparse Linear Systems over Finite Fields, Advances in Cryptology, Crypto’90, Lecture Notes in Comput. Sci. 537 (1991), 109–133.Google Scholar
  8. 8.
    A. K. Lenstra and H. W. Lenstra, Jr. (eds), The development of the number field sieve, Lecture Notes in Math. 1554, Springer-Verlag, Berlin, 1993.zbMATHGoogle Scholar
  9. 9.
    A. K. Lenstra and M. S. Manasse, Factoring with two large primes, Math. Comp 63 (1994), 785–798.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    P. L. Montgomery, Square roots of products of algebraic numbers, Proceedings of Symposia in Applied Mathematics, Mathematics of Computation 1943–1993, Vancouver, 1993, Walter Gautschi, ed.Google Scholar
  11. 11.
    P. L. Montgomery, A block Lanczos algorithm for finding dependencies over GF(2), Advances in Cryptology, Eurocrypt’95, Lecture Notes in Comput. Sci. 921 (1995), 106–120.Google Scholar
  12. 12.
    A. M. Odlyzko, Discrete Logarithms in Finite Fields and their Cryptographic Significance, Advances in Cryptology, Eurocrypt’84, Lecture Notes in Comput. Sci. 209, 224–314.Google Scholar
  13. 13.
    C. Pomerance, The quadratic sieve factoring algorithm, Advances in Cryptology, Eurocrypt’84, Springer, Lecture Notes in Comput. Sci. 209, 169–182.Google Scholar
  14. 14.
    C. Pomerance and J. W. Smith, Reduction of huge, sparse matrices over finite fields via created catastrophes, Experiment. Math. 1 (1992) 89–94.zbMATHMathSciNetGoogle Scholar
  15. 15.
    B. Silverman, The multiple polynomial quadratic sieve, Math. Comp. 48 (1987), 329–339.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Bruce Dodson
    • 1
  • Arjen K. Lenstra
    • 2
  1. 1.Department of MathematicsLehigh UniversityBethlehemUSA
  2. 2.MRE-2Q330, BellcoreMorristownUSA

Personalised recommendations