Advertisement

Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-Bit

  • Willi Geiselmann
  • Rainer Steinwandt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4515)

Abstract

Significant progress in the design of special purpose hardware for supporting the Number Field Sieve (NFS) has been made. From a practical cryptanalytic point of view, however, none of the published proposals for coping with the sieving step is satisfying. Even for the best known designs, the technological obstacles faced for the parameters expected for a 1024-bit RSA modulus are significant.

Below we present a new hardware design for implementing the sieving step. The suggested chips are of moderate size and the inter-chip communication does not seem unrealistic. According to our preliminary analysis of the 1024-bit case, we expect the new design to be about 2 to 3.5 times slower than TWIRL (a wafer-scale design). Due to the more moderate technological requirements, however, from a practical cryptanalytic point of view the new design seems to be no less attractive than TWIRL.

Keywords

RSA cryptanalytic hardware factoring integers NFS 

References

  1. 1.
    Bernstein, D.J.: Circuits for Integer Factorization: a Proposal (2001), At the time of writing available electronically at: http://cr.yp.to/papers/nfscircuit.pdf
  2. 2.
    Bosma, W., Cannon, J.J., Playoust, C.: The Magma Algebra System I: The User Language. Journal of Symbolic Computation 24, 235–265 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 119–130. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Geiselmann, W., Januszewski, F., Köpfer, H., Pelzl, J., Steinwandt, R.: A Simpler Sieving Device: Combining ECM and TWIRL. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 118–135. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Geiselmann, W., Köpfer, H., Steinwandt, R., Tromer, E.: Improved Routing-Based Linear Algebra for the Number Field Sieve. In: Proceedings of ITCC ’05 – Track on Embedded Cryptographic Systems, IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  6. 6.
    Geiselmann, W., Shamir, A., Steinwandt, R., Tromer, E.: Scalable Hardware for Sparse Systems of Linear Equations, with Applications to Integer Factorization. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 131–146. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Geiselmann, W., Steinwandt, R.: A Dedicated Sieving Hardware. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 254–266. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Geiselmann, W., Steinwandt, R.: Hardware to Solve Sparse Systems of Linear Equations over GF(2). In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 51–61. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Geiselmann, W., Steinwandt, R.: Yet Another Sieving Device. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 278–291. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Izu, T., Kunihiro, N., Ohta, K., Shimoyama, T.: Analysis on the Clockwise Transposition Routing for Dedicated Factoring Devices. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 232–242. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Lenstraand, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Heidelberg (1993)Google Scholar
  12. 12.
    Lenstra, A.K., Shamir, A.: Analysis and Optimization of the TWINKLE Factoring Device. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 35–52. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Lenstra, A.K., Shamir, A., Tomlinson, J., Tromer, E.: Analysis of Bernstein’s Factorization Circuit. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 1–26. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Lenstra, A.K., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.C.: Factoring Estimates for a 1024-Bit RSA Modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Shamir, A.: Factoring Large Numbers with the TWINKLE Device. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 2–12. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Willi Geiselmann
    • 1
  • Rainer Steinwandt
    • 2
  1. 1.IAKS, Fakultät für InformatikUniversität Karlsruhe (TH)KarlsruheGermany
  2. 2.Department of Mathematical SciencesFlorida Atlantic UniversityBoca RatonUSA

Personalised recommendations