A Tutorial on High Performance Computing Applied to Cryptanalysis

(Invited Talk Abstract)
  • Antoine Joux
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7237)


Cryptology and computers have a long common history; in fact, some of the early computers were created as cryptanalytic tools. The development of faster and widely deployed computers also had a great impact on cryptology, allowing modern cryptography to become a practical tool. Today, both computers and cryptology are not only practical, but they have became ubiquitous tools. In truth, computing devices incorporating cryptography features range from very small low-end devices to supercomputer, going through all possible intermediate sizes; these devices include both general purpose computing devices and specific, often embedded, processors which enable computing and security features in hundreds of technological objects.

In this invited talk, we mostly consider the cryptanalytic side of things, where it is fair to use very large amounts of computing power to break cryptographic primitives or protocols. As a consequence, demonstrating the feasibility of new cryptanalytic methods often requires large scale computations. Most articles describing such cryptanalyses usually focus on the mathematical or algorithmic advances and gloss over the implementation details, giving only sufficient data to show that the computations are feasible. The goal of the present abstract is to give an idea of the difficulty facing implementers of large scale cryptanalytic attacks.


Record Computation Large Scale Computation High Performance Computing Apply Lattice Basis Reduction Hardware Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A Kilobit Special Number Field Sieve Factorization. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Backes, W., Wetzel, S.: Parallel lattice basis reduction - the road to many-core. In: Thulasiraman, P., Yang, L.T., Pan, Q., Liu, X., Chen, Y.-C., Huang, Y.-P., Chang, L.H., Hung, C.-L., Lee, C.-R., Shi, J.Y., Zhang, Y. (eds.) 13th IEEE International Conference on High Performance Computing & Communication, pp. 417–424. IEEE (2011)Google Scholar
  3. 3.
    Bernstein, D.J.: Better price-performance ratios for generalized birthday attacks (2007),
  4. 4.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Brent, R.P.: Recent Progress and Prospects for Integer Factorisation Algorithms. In: Du, D.-Z., Eades, P., Sharma, A.K., Lin, X., Estivill-Castro, V. (eds.) COCOON 2000. LNCS, vol. 1858, pp. 3–22. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Coppersmith, D.: Solving linear equations over GF(2) via block Wiedemann algorithm. Mathematics of Computation 62, 333–350 (1994)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Hamadi, Y. (ed.). Special issue on parallel SAT solving. Journal on Satisfiability, Boolean Modeling and Computation 6, 203–262 (2009)Google Scholar
  8. 8.
    Faugère, J.-C., Lachartre, S.: Parallel Gaussian elimination for Gröbner bases computations in finite fields. In: Maza, M.M., Roch, J.-L. (eds.) Proceedings of the 4th International Workshop on Parallel Symbolic Computation, pp. 89–97. ACM (2010)Google Scholar
  9. 9.
    Electronic Frontier Foundation. Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design. O’Reilly & Associates, Inc. (1998)Google Scholar
  10. 10.
    Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 119–130. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Hayashi, T., et al.: Solving a 676-Bit Discrete Logarithm Problem in GF(36n). In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 351–367. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Joux, A., Lercier, R.: The Function Field Sieve in the Medium Prime Case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Joux, A., Lercier, R., Smart, N.P., Vercauteren, F.: The Number Field Sieve in the Medium Prime Case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Joux, A., Lucks, S.: Improved Generic Algorithms for 3-Collisions. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 347–363. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)Google Scholar
  16. 16.
    Kleinjung, T., Lenstra, A.K., Page, D., Smart, N.P.: Using the cloud to determine key strengths. IACR Cryptology ePrint Archive, p. 254 (2011)Google Scholar
  17. 17.
    Kleinjung, T., Nussbaum, L., Thomé, E.: Using a grid platform for solving large sparse linear systems over gf(2). In: Proceedings of the 2010 11th IEEE/ACM International Conference on Grid Computing, pp. 161–168. IEEE (2010)Google Scholar
  18. 18.
    Lenstra, A.K., Shamir, A.: Analysis and Optimization of the TWINKLE Factoring Device. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 35–52. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block wiedemann algorithm. J. Symb. Comput. 33(5), 757–775 (2002)zbMATHCrossRefGoogle Scholar
  21. 21.
    van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. Journal of Cryptology 12(1), 1–28 (1999)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Antoine Joux
    • 1
  1. 1.Laboratoire PRISMDGA and Université de Versailles Saint-Quentin-en-YvelinesVersailles CedexFrance

Personalised recommendations