# Factoring by electronic mail

- First Online:

## Abstract

In this paper we describe our distributed implementation of two factoring algorithms, the elliptic curve method (ecm) and the multiple polynomial quadratic sieve algorithm (mpqs).

Since the summer of 1987, our ecm-implementation on a network of MicroVAX processors at DEC’s Systems Research Center has factored several most and more wanted numbers from the Cunningham project. In the summer of 1988, we implemented the multiple polynomial quadratic sieve algorithm on the same network. On this network alone, we are now able to factor any 100 digit integer, or to find 35 digit factors of numbers up to 150 digits long within one month.

To allow an even wider distribution of our programs we made use of electronic mail networks for the distribution of the programs and for inter-processor communication. Even during the initial stage of this experiment, machines all over the United States and at various places in Europe and Australia contributed 15 percent of the total factorization effort.

At all the sites where our program is running we only use cycles that would otherwise have been idle. This shows that the enormous computational task of factoring 100 digit integers with the current algorithms can be completed almost for free. Since we use a negligible fraction of the idle cycles of all the machines on the worldwide electronic mail networks, we could factor 100 digit integers within a few days with a little more help.

### References

- 1.L. Adleman, “The theory of computer viruses,” Proceedings Crypto 88, 1988.Google Scholar
- 2.E. Bach. J. Shallit. “Factoring with cyclotomic polynomials,”
*Proceedings 26th FOCS*, 1985, pp 443–450.Google Scholar - 3.G. Brassard,
*Modern Cryptology*, Lecture Notes in Computer Science, vol. 325, 1988, Springer Verlag.MATHGoogle Scholar - 4.R.P. Brent, “Some integer factorization algorithms using elliptic curves,” Australian Computer Science Communications v. 8, 1986, pp 149–163.Google Scholar
- 5.R.P. Brent, G.L. Cohen, “A new lower bound for odd perfect numbers,” Math. Comp.,
*to appear*.Google Scholar - 6.J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman, S.S. Wagstaff, Jr.,
*Factorizations of b*^{n}± 1,*b*=*2, 3, 5, 6, 7, 10, 11, 12 up to high powers*,*second edition*, Contemporary Mathematics, vol. 22, Providence: A.M.S., 1988.Google Scholar - 7.T.R. Caron, R.D. Silverman, “Parallel implementation of the quadratic sieve,” J. Supercomputing, v. 1, 1988, pp 273–290.CrossRefGoogle Scholar
- 8.A.J.C. Cunningham, H.J. Woodall,
*Factorisation of*(*y*^{n}∓1).*y*=*2, 3, 5, 6, 7, 10, 11, 12 up to high powers (n)*, London: Hodgson (1925).Google Scholar - 9.J.A. Davis, D.B. Holdridge. “Factorization using the quadratic sieve algorithm,” Sandia National Laboratories Tech Rpt. SAND 83-1346, December 1983.Google Scholar
- 10.P.J. Denning, “The Science of Computing: Computer Viruses,”
*American Scientist*, v. 76, May–June 1988.Google Scholar - 11.A.K. Lenstra, H.W. Lenstra, Jr, “Algorithms in number theory,” in: J. van Leeuwen, A. Meyer, M. Nivat, M. Paterson, D. Perrin (eds.),
*Handbook of theoretical computer science*, to appear; report 87-8, The University of Chicago, Department of Computer Science, May 1987.Google Scholar - 12.A.K. Lenstra, M.S. Manasse, “Compact incremental Gaussian elimination over Z/2Z,” report 88-16, The University of Chicago, Department of Computer Science, October 1988.Google Scholar
- 13.H.W. Lenstra, Jr., “Factoring integers with elliptic curves,”
*Ann. of Math.*, v. 126, 1987, pp. 649–673.CrossRefMathSciNetGoogle Scholar - 14.P.L. Montgomery, “Modular multiplication without trial division,”
*Math. Comp.*, v. 44, 1985, pp 519–521.MATHCrossRefMathSciNetGoogle Scholar - 15.P.L. Montgomery, “Speeding the Pollard and elliptic curve methods of factorization,”
*Math. Comp.*, v. 48, 1987, pp 243–264.MATHCrossRefMathSciNetGoogle Scholar - 16.P.L. Montgomery, R.D. Silverman, “An FFT extension to the
*p*-1 factoring algorithm,” manuscript, 1988.Google Scholar - 17.A.M. Odlyzko, “Discrete logarithms and their cryptographic significance,” pp. 224–314; in: T. Beth, N. Cot, I. Ingemarsson (eds),
*Advances in cryptology*, Springer Lecture Notes in Computer Science, vol. 209, 1985.CrossRefGoogle Scholar - 18.J.M. Pollard, “A Monte Carlo method for factorization,”
*BIT*, v. 15, 1975, pp 331–334.MATHCrossRefMathSciNetGoogle Scholar - 19.C. Pomerance, “Analysis and comparison of some integer factoring algorithms,” pp. 89–139; in: H.W. Lenstra, Jr., R. Tijdeman (eds),
*Computational methods in number theory*, Mathematical Centre Tracts 154, 155, Mathematisch Centrum, Amsterdam, 1982.Google Scholar - 20.C. Pomerance, J.W. Smith, R. Tuler, “A pipeline architecture for factoring large integers with the quadratic sieve algorithm,”
*SIAM J. Comput.*, v. 17, 1988, pp. 387–403.MATHCrossRefMathSciNetGoogle Scholar - 21.H.J.J. te Riele, W.M. Lioen, D.T. Winter, “Factoring with the quadratic sieve on large vector computers,” report NM-R8805, 1988, Centrum voor Wiskunde en Informatica, Amsterdam.Google Scholar
- 22.R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,”
*Commun. ACM.*, v. 21, 1978, pp. 120–126.MATHCrossRefMathSciNetGoogle Scholar - 23.E. Roberts, J. Ellis, “parmake and dp: Experience with a distributed, parallel implementation of make,” Proceedings from the Second Workshop on Large-Grained Parallelism, Software Engineering Institute, Carnegie-Mellon University, Report CMU/SEI-87-SR-5, November 1987.Google Scholar
- 24.R.D. Silverman, “The multiple polynomial quadratic sieve,”
*Math. Comp.*, v. 48, 1987, pp. 329–339.MATHCrossRefMathSciNetGoogle Scholar - 25.K. Thompson, “Reflections on Trusting Trust,”
*Commun. ACM*, v. 27, 1984, pp. 172–80.CrossRefGoogle Scholar - 26.D.H. Wiedemann, “Solving sparse linear equations over finite fields,”
*IEEE Transactions on Information Theory*, v. 32, 1986, pp. 54–62.MATHCrossRefMathSciNetGoogle Scholar