Factorization of a 768-Bit RSA Modulus

  • Thorsten Kleinjung
  • Kazumaro Aoki
  • Jens Franke
  • Arjen K. Lenstra
  • Emmanuel Thomé
  • Joppe W. Bos
  • Pierrick Gaudry
  • Alexander Kruppa
  • Peter L. Montgomery
  • Dag Arne Osvik
  • Herman te Riele
  • Andrey Timofeev
  • Paul Zimmermann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6223)

Abstract

This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.

Keywords

RSA number field sieve 

References

  1. 1.
    Adleman, L.M.: Factoring numbers using singular integers. In: STOC, pp. 64–71. ACM, New York (1991)Google Scholar
  2. 2.
    Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A kilobit special number field sieve factorization. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bahr, F.: Liniensieben und Quadratwurzelberechnung für das Zahlkörpersieb, Diplomarbeit, University of Bonn (2005)Google Scholar
  4. 4.
    Bahr, F., Böhm, M., Franke, J., Kleinjung, T.: Factorization of RSA-200 (May 2005), http://www.loria.fr/~zimmerma/records/rsa200
  5. 5.
    Buhler, J., Montgomery, P., Robson, R., Ruby, R.: Implementing the number field sieve. Technical report, Oregon State University (1994)Google Scholar
  6. 6.
    Cavallar, S.: Strategies in filtering in the number field sieve. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 209–232. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Cavallar, S., Dodson, B., Lenstra, A.K., Lioen, W.M., Montgomery, P.L., Murphy, B., te Riele, H.J.J., Aardal, K., Gilchrist, J., Guillerm, G., Leyland, P.C., Marchand, J., Morain, F., Muffett, A., Putnam, C., Putnam, C., Zimmermann, P.: Factorization of a 512-bit RSA modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1–18. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Coppersmith, D.: Solving linear equations over GF(2): block Lanczos algorithm. Linear Algebra and its Applications 192, 33–60 (1993)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Math. Comput. 62(205), 333–350 (1994)MATHMathSciNetGoogle Scholar
  10. 10.
    Cowie, J., Dodson, B., Elkenbracht-Huizing, R.M., Lenstra, A.K., Montgomery, P.L., Zayer, J.: A world wide number field sieve factoring record: On to 512 bits. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 382–394. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  11. 11.
    Dixon, J.D.: Asymptotically fast factorization of integers. Math. Comp. 36, 255–260 (1981)MATHMathSciNetGoogle Scholar
  12. 12.
    Franke, J., Kleinjung, T.: Continued fractions and lattice sieving. In: Workshop record of SHARCS (2005), http://www.ruhr-uni-bochum.de/itsc/tanja/SHARCS/talks/FrankeKleinjung.pdf
  13. 13.
    Golliver, R.A., Lenstra, A.K., McCurley, K.S.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18–27. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Kleinjung, T.: Cofactorisation strategies for the number field sieve and an estimate for the sieving step for factoring 1024 bit integers. In: Workshop record of SHARCS (2005), http://www.hyperelliptic.org/tanja/SHARCS/talks06/thorsten.pdf
  15. 15.
    Kleinjung, T.: On polynomial selection for the general number field sieve. Math. Comp. 75, 2037–2047 (2006)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Kleinjung, T.: Polynomial selection. Presented at the CADO Workshop on Integer Factorization (2008), http://cado.gforge.inria.fr/workshop/slides/kleinjung.pdf
  17. 17.
    Lenstra, A.K.: Computational methods in public key cryptology. In: Coding theory and cryptology. Lecture Notes Series, pp. 175–238. Institute for Mathematical Sciences, National University of Singapore (2002)Google Scholar
  18. 18.
    Lenstra, A.K., Lenstra Jr., H.W.: Algorithms in number theory. In: Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity, pp. 673–716. Elsevier, Amsterdam (1990)Google Scholar
  19. 19.
    Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. LNM, vol. 1554. Springer, Heidelberg (1993)MATHGoogle Scholar
  20. 20.
    Lenstra, A.K., Lenstra Jr., H.W., Manasse, M.S., Pollard, J.M.: The factorization of the ninth Fermat number. Math. of Comp. 61(203), 319–349 (1993)MATHMathSciNetGoogle Scholar
  21. 21.
    Lenstra, A.K., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.C.: Factoring estimates for a 1024-bit RSA modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)Google Scholar
  22. 22.
    Massey, J.: Shift-register synthesis and BCH decoding. IEEE Trans Information Theory 15, 122–127 (1969)MATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Montgomery, P.: Square roots of products of algebraic numbers, http://ftp.cwi.nl/pub/pmontgom/sqrt.ps.gz
  24. 24.
    Montgomery, P., Murphy, B.: Improved polynomial selection for the number field sieve. Technical report, the Fields institute, Toronto, Ontario, Canada (June 1999)Google Scholar
  25. 25.
    Morrison, M.A., Brillhart, J.: A method of factoring and the factorization of F 7. Math. of Comp. 29(129), 183–205 (1975)MATHMathSciNetGoogle Scholar
  26. 26.
    Murphy, B.: Modelling the yield of number field sieve polynominals. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 137–150. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  27. 27.
    National Institute of Standards and Technology. Discussion paper: the transitioning of cryptographic algorithms and key sizes, http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf
  28. 28.
    National Institute of Standards and Technology. Special publication 800-57: Recommendation for key management part 1: General (revised), http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
  29. 29.
    Nguyen, P.Q.: A Montgomery-like square root for the number field sieve. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 151–168. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  30. 30.
    Pollard, J.M.: The lattice sieve. In: [19], pp. 43–49Google Scholar
  31. 31.
    Pomerance, C.: Analysis and comparison of some integer factoring algorithms. In: Lenstra Jr., H.W., Tijdeman, R. (eds.) Computational Methods in Number Theory, Math. Centrum Tract, Amsterdam, vol. 154, pp. 89–139 (1982)Google Scholar
  32. 32.
    Pomerance, C.: The quadratic sieve factoring algorithm. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 169–182. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  33. 33.
    Pomerance, C.: A tale of two sieves (1996), http://www.ams.org/notices/199612/pomerance.pdf
  34. 34.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21, 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    RSA the security division of EMC. The RSA challenge numbers. formerly on http://www.rsa.com/rsalabs/node.asp?id=2093, now on http://en.wikipedia.org/wiki/RSA_numbers
  36. 36.
    RSA the security division of EMC. The RSA factoring challenge FAQ, http://www.rsa.com/rsalabs/node.asp?id=2094
  37. 37.
  38. 38.
    Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm. Journal of Symbolic Computation 33(5), 757–775 (2002)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Thorsten Kleinjung
    • 1
  • Kazumaro Aoki
    • 2
  • Jens Franke
    • 3
  • Arjen K. Lenstra
    • 1
  • Emmanuel Thomé
    • 4
  • Joppe W. Bos
    • 1
  • Pierrick Gaudry
    • 4
  • Alexander Kruppa
    • 4
  • Peter L. Montgomery
    • 5
    • 6
  • Dag Arne Osvik
    • 1
  • Herman te Riele
    • 6
  • Andrey Timofeev
    • 6
  • Paul Zimmermann
    • 4
  1. 1.EPFL IC LACALLausanneSwitzerland
  2. 2.NTTTokyoJapan
  3. 3.Dept. of Math.University of BonnBonnGermany
  4. 4.INRIA CNRS LORIA, Équipe CARAMEL - bâtiment AVillers-lès-Nancy CedexFrance
  5. 5.Microsoft Research, One Microsoft WayRedmondUSA
  6. 6.CWIAmsterdamThe Netherlands

Personalised recommendations