Abstract

The performance of the elliptic curve method (ECM) for integer factorization plays an important role in the security assessment of RSA-based protocols as a cofactorization tool inside the number field sieve. The efficient arithmetic for Edwards curves found an application by speeding up ECM. We propose techniques based on generating and combining addition-subtracting chains to optimize Edwards ECM in terms of both performance and memory requirements. This makes our approach very suitable for memory-constrained devices such as graphics processing units (GPU). For commonly used ECM parameters we are able to lower the required memory up to a factor 55 compared to the state-of-the-art Edwards ECM approach. Our ECM implementation on a GTX 580 GPU sets a new throughput record, outperforming the best GPU, CPU and FPGA results reported in literature.

Keywords

Elliptic curve factorization cofactorization addition-subtraction chains twisted Edwards curves parallel architectures 

References

  1. 1.
    Bernstein, D.J., Birkner, P., Lange, T.: Starfish on Strike. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 61–80. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: EECM: ECM using Edwards curves (2010), Software, http://eecm.cr.yp.to/
  3. 3.
    Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: ECM using Edwards curves. Mathematics of Computation (to appear, 2012)Google Scholar
  4. 4.
    Bernstein, D.J., Chen, H.-C., Chen, M.-S., Cheng, C.-M., Hsiao, C.-H., Lange, T., Lin, Z.-C., Yang, B.-Y.: The billion-mulmod-per-second PC. In: Special-purpose Hardware for Attacking Cryptographic Systems, SHARCS 2009, pp. 131–144 (2009)Google Scholar
  5. 5.
    Bernstein, D.J., Chen, T.-R., Cheng, C.-M., Lange, T., Yang, B.-Y.: ECM on Graphics Cards. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 483–501. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., Lange, T.: Analysis and Optimization of Elliptic-Curve Single-Scalar Multiplication. In: Mullen, G.L., Panario, D., Shparlinski, I.E. (eds.) Finite Fields and Applications. Contemporary Mathematics Series, vol. 461, pp. 1–19. American Mathematical Society (2008)Google Scholar
  7. 7.
    Bos, J.W., Kleinjung, T.: ECM at work, project page (2012), http://research.microsoft.com/ecmatwork/
  8. 8.
    Bos, J.W., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Efficient SIMD arithmetic modulo a Mersenne number. In: IEEE Symposium on Computer Arithmetic, ARITH-20, pp. 213–221. IEEE Computer Society (2011)Google Scholar
  9. 9.
    Brauer, A.: On addition chains. Bulletin of the American Mathematical Society 45, 736–739 (1939)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Brent, R.P.: Some integer factorization algorithms using elliptic curves. Australian Computer Science Communications 8, 149–163 (1986)Google Scholar
  11. 11.
    de Meulenaer, G., Gosset, F., de Dormale, G.M., Quisquater, J.-J.: Integer factorization based on elliptic curve method: Towards better exploitation of reconfigurable hardware. In: Field-Programmable Custom Computing Machines, FCCM 2007, pp. 197–206. IEEE Computer Society (2007)Google Scholar
  12. 12.
    Dixon, B., Lenstra, A.K.: Massively Parallel Elliptic Curve Factoring. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 183–193. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  13. 13.
    Edwards, H.M.: A normal form for elliptic curves. Bulletin of the American Mathematical Society 44, 393–422 (2007)MATHCrossRefGoogle Scholar
  14. 14.
    Franke, J., Kleinjung, T.: GNFS for linux. Software (2012)Google Scholar
  15. 15.
    Franke, J., Kleinjung, T., Morain, F., Wirth, T.: Proving the Primality of Very Large Numbers with fastECPP. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 194–207. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Gaj, K., Kwon, S., Baier, P., Kohlbrenner, P., Le, H., Khaleeluddin, M., Bachimanchi, R.: Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 119–133. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Güneysu, T., Kasper, T., Novotny, M., Paar, C., Rupp, A.: Cryptanalysis with COPACOBANA. IEEE Transactions on Computers 57, 1498–1513 (2008)CrossRefGoogle Scholar
  18. 18.
    Guy, R.: Unsolved problems in number theory, 3rd edn., vol. 1. Springer (2004)Google Scholar
  19. 19.
    Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted Edwards Curves Revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)Google Scholar
  21. 21.
    Kruppa, A.: A software implementation of ECM for NFS. Research Report RR-7041, INRIA (2009), http://hal.inria.fr/inria-00419094/PDF/RR-7041.pdf
  22. 22.
    Lenstra, A.K., Lenstra Jr., H.W.: Algorithms in number theory. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science (vol. A: Algorithms and Complexity), pp. 673–715. Elsevier and MIT Press (1990)Google Scholar
  23. 23.
    Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554. Springer (1993)Google Scholar
  24. 24.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126(3), 649–673 (1987)MathSciNetMATHCrossRefGoogle Scholar
  25. 25.
    Loebenberger, D., Putzka, J.: Optimization Strategies for Hardware-Based Cofactorization. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 170–181. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)MathSciNetMATHCrossRefGoogle Scholar
  27. 27.
    Montgomery, P.L.: An FFT extension of the elliptic curve method of factorization. PhD thesis, University of California (1992)Google Scholar
  28. 28.
    Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. Informatique Théorique et Applications/Theoretical Informatics and Applications 24, 531–544 (1990)MathSciNetMATHGoogle Scholar
  29. 29.
    NVIDIA. NVIDIA’s next generation CUDA compute architecture: Fermi (2009)Google Scholar
  30. 30.
    NVIDIA. NVIDIA CUDA Programming Guide 3.2 (2010)Google Scholar
  31. 31.
    Pisinger, D.: A minimal algorithm for the multiple-choice knapsack problem. European Journal of Operational Research 83(2), 394–410 (1995)MATHCrossRefGoogle Scholar
  32. 32.
    Pollard, J.M.: The lattice sieve. In: [23], pp. 43–49Google Scholar
  33. 33.
    Pollard, J.M.: Theorems on factorization and primality testing. Proceedings of the Cambridge Philosophical Society 76, 521–528 (1974)MathSciNetMATHCrossRefGoogle Scholar
  34. 34.
    Pomerance, C.: The Quadratic Sieve Factoring Algorithm. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 169–182. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  35. 35.
    Scholz, A.: Aufgabe 253. Jahresbericht der deutschen Mathematiker-Vereingung 47, 41–42 (1937)Google Scholar
  36. 36.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. Gradute Texts in Mathematics, vol. 106. Springer (1986)Google Scholar
  37. 37.
    Šimka, M., Pelzl, J., Kleinjung, T., Franke, J., Priplata, C., Stahlke, C., Drutarovský, M., Fischer, V.: Hardware factorization based on elliptic curve method. In: Field-Programmable Custom Computing Machines, FCCM 2005, pp. 107–116. IEEE Computer Society (2005)Google Scholar
  38. 38.
    Thurber, E.G.: On addition chains l(mn) ≤ l(n) − b and lower bounds for c(r). Duke Mathematical Journal 40, 907–913 (1973)MathSciNetMATHCrossRefGoogle Scholar
  39. 39.
    Zimmermann, P., Dodson, B.: 20 Years of ECM. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 525–542. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  40. 40.
    Zimmermann, R., Güneysu, T., Paar, C.: High-performance integer factoring with reconfigurable devices. In: Field Programmable Logic and Applications, FPL 2010, pp. 83–88. IEEE (2010)Google Scholar
  41. 41.
    Zimmermann, P., et al.: GMP-ECM (elliptic curve method for integer factorization) (2012), Software, https://gforge.inria.fr/projects/ecm/

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Joppe W. Bos
    • 1
  • Thorsten Kleinjung
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Laboratory for Cryptologic AlgorithmsEPFLLausanneSwitzerland

Personalised recommendations