Factorization of a 512-Bit RSA Modulus

  • Stefania Cavallar
  • Bruce Dodson
  • Arjen K. Lenstra
  • Walter Lioen
  • Peter L. Montgomery
  • Brian Murphy
  • Herman te Riele
  • Karen Aardal
  • Jeff Gilchrist
  • Gérard Guillerm
  • Paul Leyland
  • Jöel Marchand
  • François Morain
  • Alec Muffett
  • Chris and Craig Putnam
  • Paul Zimmermann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1807)

Abstract

This paper reports on the factorization of the 512-bit number RSA-155 by the Number Field Sieve factoring method (NFS) and discusses the implications for RSA.

References

  1. 1.
    L.M. Adleman. Factoring numbers using singular integers. In Proc. 23rd Annual ACM Symp. on Theory of Computing (STOC), pages 64–71, ACM, New York, 1991.Google Scholar
  2. 2.
    D. Atkins, M. Graff, A.K. Lenstra, and P.C. Leyland. THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology — Asiacrypt’ 94, volume 917 of Lecture Notes in Computer Science, pages 265–277, Springer-Verlag, Berlin, 1995.CrossRefGoogle Scholar
  3. 3.
    Th. Beth, M. Frisch, and G.J. Simmons, editors. Public-Key Cryptography: State of the Art and Future Directions, volume 578 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 1992. Report on workshop at Oberwolfach, Germany, July, 1991.MATHGoogle Scholar
  4. 4.
    Wieb Bosma and Marc-Paul van der Hulst. Primality proving with cyclotomy. PhD thesis, University of Amsterdam, December 1990.Google Scholar
  5. 5.
    Richard P. Brent. Some parallel algorithms for integer factorisation. Proc. Europar’99 (Toulouse, Sept. 1999), volume 1685 of Lecture Notes in Computer Science, pages 1–22, Springer-Verlag, Berlin, 1999.Google Scholar
  6. 6.
    J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman, and S.S. Wagstaff, Jr. Factorizations of b n ± 1, b = 2, 3, 5, 6, 7, 10, 11,12 up to high powers, volume 22 of Contemporary Mathematics. American Mathematical Society, second edition, 1988.Google Scholar
  7. 7.
    J.P. Buhler, H.W. Lenstra, Jr., and Carl Pomerance. Factoring integers with the number field sieve. Pages 50–94 in H.W. Lenstra, Jr., editors. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, 1993 [19].CrossRefGoogle Scholar
  8. 8.
    S. Cavallar, B. Dodson, A. Lenstra, P. Leyland, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, and P. Zimmermann. Factorization of RSA-140 using the number field sieve. In Lam Kwok Yan, Eiji Okamoto, and Xing Chaoping, editors, Advances in Cryptology — Asiacrypt’ 99 (Singapore, November 14–18), volume 1716 of Lecture Notes in Computer Science, pages 195–207, Springer-Verlag, Berlin, 1999.Google Scholar
  9. 9.
    S. Cavallar. Strategies for filtering in the Number Field Sieve. Preprint, to appear in the Proceedings of ANTS-IV (Algorithmic Number Theory Symposium IV, Leiden, The Netherlands, July 2–7, 2000), Lecture Notes in Computer Science, Springer-Verlag, Berlin, 2000.Google Scholar
  10. 10.
    H. Cohen and A.K. Lenstra. Implementation of a new primality test. Mathematics of Computation, 48:103–121, 1987.CrossRefMathSciNetGoogle Scholar
  11. 11.
    James Cowie, Bruce Dodson, R.-Marije Elkenbracht-Huizing, Arjen K. Lenstra, Peter L. Montgomery, and Jörg Zayer. A world wide number field sieve factoring record: on to 512 bits. In Kwangjo Kim and Tsutomu Matsumoto, editors, Advances in Cryptology — Asiacrypt’ 96, volume 1163 of Lecture Notes in Computer Science, pages 382–394, Springer-Verlag, Berlin, 1996.CrossRefGoogle Scholar
  12. 12.
    J.A. Davis, D.B. Holdridge, and G.J. Simmons. Status report on factoring (at the Sandia National Laboratories). In T. Beth, N. Cot, and I. Ingemarsson, editors, Advances in Cryptology, Eurocrypt’ 84, volume 209 of Lecture Notes in Computer. Science, pages 183–215, Springer-Verlag, Berlin, 1985..Google Scholar
  13. 13.
    T. Denny, B. Dodson, A.K. Lenstra, and M.S. Manasse, On the factorization of RSA-120. In D.R. Stinson, editor, Advances in Cryptology — Crypto’ 93, volume 773 of Lecture Notes in Computer Science, pages 166–174, Springer-Verlag, Berlin, 1994.Google Scholar
  14. 14.
    B. Dixon and A.K. Lenstra. Factoring using SIMD Sieves. In Tor Helleseth, editor, Advances in Cryptology, Eurocrypt’ 93, volume 765 of Lecture Notes in Computer. Science, pages 28–39, Springer-Verlag, Berlin, 1994.Google Scholar
  15. 15.
    Marije Elkenbracht-Huizing. Factoring integers with the number field sieve. PhD thesis, Leiden University, May 1997.Google Scholar
  16. 16.
    R.-M. Elkenbracht-Huizing. An implementation of the number field sieve. Experimental Mathematics, 5:231–253, 1996.MATHMathSciNetGoogle Scholar
  17. 17.
    Frequently Asked Questions about today’s Cryptography 4.0. Question 3.1.9, see http://www.rsa.com/rsalabs/faq/html/3-1-9.html.
  18. 18.
    R. Golliver, A.K. Lenstra, and K.S. McCurley. Lattice sieving and trial division. In Leonard M. Adleman and Ming-Deh Huang, editors, Algorithmic Number Theory, (ANTS-I, Ithaca, NY, USA, May 1994), volume 877 of Lecture Notes in Computer Science, pages 18–27, Springer-Verlag, Berlin, 1994.Google Scholar
  19. 19.
    A.K. Lenstra and H.W. Lenstra, Jr., editors. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, 1993MATHGoogle Scholar
  20. 20.
    A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard. The factorization of the Ninth Fermat number. Mathematics of Computation, 61(203):319–349, July 1993.MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    A.K. Lenstra and M.S. Manasse. Factoring by Electronic Mail. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology — Eurocrypt’ 89, volume 434 of Lecture Notes in Computer Science, pages 355–371, Springer-Verlag, Berlin, 1990.Google Scholar
  22. 22.
    A.K. Lenstra and M.S. Manasse. Factoring with two large primes. In I.B. Dåmgard, editor, Advances in Cryptology — Eurocrypt’ 90, volume 473 of Lecture Notes in Computer Science, pages 72–82, Springer-Verlag, Berlin, 1991.Google Scholar
  23. 23.
    Arjen K. Lenstra and Eric R. Verheul. Selecting Cryptographic Key Sizes. In H. Imai and Y. Zheng, editors, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 446–465, Springer-Verlag, Berlin, 2000.Google Scholar
  24. 24.
    Peter L. Montgomery. Square roots of products of algebraic numbers. In Walter Gautschi, editor, Mathematics of Computation 1943–1993: a Half-Century of Computational Mathematics, pages 567–571. Proceedings of Symposia in Applied Mathematics, American Mathematical Society, 1994.Google Scholar
  25. 25.
    Peter L. Montgomery. A block Lanczos algorithm for finding dependencies over GF(2). In Louis C. Guillou and Jean-Jacques Quisquater, editors, Advances in Cryptology — Eurocrypt’ 95, volume 921 of Lecture Notes in Computer Science, pages 106–120, Springer-Verlag, Berlin, 1995.Google Scholar
  26. 26.
    Peter L. Montgomery and Brian Murphy. Improved Polynomial Selection for the Number Field Sieve. Extended Abstract for the Conference on the Mathematics of Public-Key Cryptography, June 13–17, 1999, The Fields Institute, Toronto, Ontario, Canada.Google Scholar
  27. 27.
    Michael A. Morrison and John Brillhart. The factorization of F 7. Bull. Amer. Math. Soc., 77(2):264, 1971.CrossRefMathSciNetGoogle Scholar
  28. 28.
    Michael A. Morrison and John Brillhart. A method of factoring and the factorization of F 7. Mathematics of Computation, 29:183–205, January 1975.MATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    B. Murphy. Modelling the Yield of Number Field Sieve Polynomials. J. Buhler, editor, Algorithmic Number Theory, (Third International Symposium, ANTS-III, Portland, Oregon, USA, June 1998), volume 1423 of Lecture Notes in Computer Science, pages 137–151, Springer-Verlag, Berlin, 1998.Google Scholar
  30. 30.
    Brian Antony Murphy. Polynomial Selection for the Number Field Sieve Integer Factorisation Algorithm. PhD thesis, The Australian National University, July 1999.Google Scholar
  31. 31.
    J.M. Pollard. The lattice sieve. Pages 43–49 in H.W. Lenstra, Jr., editors. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, 1993 [19].CrossRefGoogle Scholar
  32. 32.
    Herman te Riele, Walter Lioen, and Dik Winter. Factoring with the quadratic sieve on large vector computers. J. Comp. Appl. Math., 27:267–278, 1989.CrossRefMATHGoogle Scholar
  33. 33.
    R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM, 21:120–126, 1978.MATHCrossRefMathSciNetGoogle Scholar
  34. 34.
    RSA Challenge Administrator. In order to obtain information about the RSA Factoring Challenge, send electronic mail to challenge-info@rsa.com. The status of the factored numbers on the RSA Challenge List can be obtained by sending electronic mail to challenge-honor-rolls@majordomo.rsasecurity.com. Also visit http://www.rsa.com/rsalabs/html/factoring.html.
  35. 35.
    A. Shamir. Factoring large numbers with the TWINKLE device. In C.K. Koc and C. Paar, editors, Cryptographic Hardware and Embedded Systems (CHES), volume 1717 of Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1999.CrossRefGoogle Scholar
  36. 36.
    Robert D. Silverman. The multiple polynomial quadratic sieve. Mathematics of Computation, 48:329–339, 1987.MATHCrossRefMathSciNetGoogle Scholar
  37. 37.
    Robert D. Silverman. Private communication.Google Scholar
  38. 38.

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Stefania Cavallar
    • 3
  • Bruce Dodson
    • 8
  • Arjen K. Lenstra
    • 1
  • Walter Lioen
    • 3
  • Peter L. Montgomery
    • 10
  • Brian Murphy
    • 2
  • Herman te Riele
    • 3
  • Karen Aardal
    • 13
  • Jeff Gilchrist
    • 4
  • Gérard Guillerm
    • 11
  • Paul Leyland
    • 9
  • Jöel Marchand
    • 5
  • François Morain
    • 6
  • Alec Muffett
    • 12
  • Chris and Craig Putnam
    • 14
  • Paul Zimmermann
    • 7
  1. 1.CitibankMendhamUSA
  2. 2.Computer Sciences LaboratoryANUCanberraAustralia
  3. 3.CWIAmsterdamThe Netherlands
  4. 4.Entrust Technologies Ltd.OttawaCanada
  5. 5.Laboratoire GageÉcole Polytechnique/CNRSPalaiseauFrance
  6. 6.Laboratoire d’InformatiqueÉcole PolytechniquePalaiseauFrance
  7. 7.Inria Lorraine and LoriaNancyFrance
  8. 8.Lehigh UniversityBethlehemUSA
  9. 9.Microsoft Research LtdCambridgeUK
  10. 10.Microsoft Research and CWISan RafaelUSA
  11. 11.SITX (Centre of IT resources)École PolytechniquePalaiseauFrance
  12. 12.Sun MicrosystemsCamberleyUK
  13. 13.Dept. of Computer ScienceUtrecht UniversityUtrechtThe Netherlands
  14. 14.HudsonUSA

Personalised recommendations