Mersenne Factorization Factory

  • Thorsten Kleinjung
  • Joppe W. Bos
  • Arjen K. Lenstra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8873)

Abstract

We present work in progress to completely factor seventeen Mersenne numbers using a variant of the special number field sieve where sieving on the algebraic side is shared among the numbers. It is expected that it reduces the overall factoring effort by more than 50%. As far as we know this is the first practical application of Coppersmith’s “factorization factory” idea. Most factorizations used a new double-product approach that led to additional savings in the matrix step.

Keywords

Mersenne numbers factorization factory special number field sieve block Wiedemann algorithm 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A kilobit special number field sieve factorization. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bahr, F.: Liniensieben und Quadratwurzelberechnung für das Zahlkörpersieb, Diplomarbeit, University of Bonn (2005)Google Scholar
  3. 3.
    Bernstein, D.J.: How to find small factors of integers (June 2002), http://cr.yp.to/papers.html
  4. 4.
    Bos, J.W., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Efficient SIMD arithmetic modulo a Mersenne number. In: IEEE Symposium on Computer Arithmetic – ARITH-20, pp. 213–221. IEEE Computer Society (2011)Google Scholar
  5. 5.
    Brillhart, J., Lehmer, D.H., Selfridge, J.L., Tuckerman, B., Wagstaff Jr., S.S.: Factorizations of b n ±1, b = 2,3,5,6,7,10,11,12 Up to High Powers, 1st edn. Contemporary Mathematics, vol. 22. American Mathematical Society (1983) (2nd edn. 1988), (3rd edn. 2002), Electronic book available at: http://homes.cerias.purdue.edu/~ssw/cun/index.html
  6. 6.
    Childers, G.: Factorization of a 1061-bit number by the special number field sieve. Cryptology ePrint Archive, Report 2012/444 (2012), http://eprint.iacr.org/
  7. 7.
    Coppersmith, D.: Modifications to the number field sieve. Journal of Cryptology 6(3), 169–180 (1993)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Mathematics of Computation 62(205), 333–350 (1994)MATHMathSciNetGoogle Scholar
  9. 9.
    Cunningham, A.J.C., Western, A.E.: On Fermat’s numbers. Proceedings of the London Mathematical Society 2(1), 175 (1904)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Cunningham, A.J.C., Woodall, H.J.: Factorizations of yn ±1, y = 2,3,5,6,7,10,11,12 up to high powers. Frances Hodgson, London (1925)Google Scholar
  11. 11.
    Dodson, B., Lenstra, A.K.: NFS with four large primes: An explosive experiment. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 372–385. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Franke, J., Kleinjung, T.: Continued fractions and lattice sieving. In: Special-purpose Hardware for Attacking Cryptographic Systems – SHARCS (2005), http://www.hyperelliptic.org/tanja/SHARCS/talks/FrankeKleinjung.pdf
  13. 13.
    Franke, J., Kleinjung, T.: GNFS for linux. Software (2012)Google Scholar
  14. 14.
    Franke, J., Kleinjung, T., Morain, F., Wirth, T.: Proving the primality of very large numbers with fastECPP. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 194–207. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Golliver, R., Lenstra, A.K., McCurley, K.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18–27. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  16. 16.
    Harrison, J.: Isolating critical cases for reciprocals using integer factorization. In: IEEE Symposium on Computer Arithmetic – ARITH-16, pp. 148–157. IEEE Computer Society Press (2003)Google Scholar
  17. 17.
    Kleinjung, T.: On polynomial selection for the general number field sieve. Mathematics of Computation 75, 2037–2047 (2006)CrossRefMATHMathSciNetGoogle Scholar
  18. 18.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Kleinjung, T., Bos, J.W., Lenstra, A.K.: Mersenne factorization factory. Cryptology ePrint Archive, Report 2014/653 (2014), http://eprint.iacr.org/
  20. 20.
    Lenstra, A.K., Kleinjung, T., Thomé, E.: Universal security. In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 121–124. Springer, Heidelberg (2013), http://eprint.iacr.org/2013/635 Google Scholar
  21. 21.
    Lenstra, A.K., Lenstra Jr., H.W.: Algorithms in number theory. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science (Volume A: Algorithms and Complexity), pp. 673–715. Elsevier and MIT Press (1990)Google Scholar
  22. 22.
    Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. LNM, vol. 1554. Springer (1993)Google Scholar
  23. 23.
    Lenstra, A.K., Lenstra Jr., H.W., Manasse, M.S., Pollard, J.M.: The number field sieve, pp. 11–42 in [22]Google Scholar
  24. 24.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126(3), 649–673 (1987)CrossRefMATHMathSciNetGoogle Scholar
  25. 25.
    Massey, J.: Shift-register synthesis and BCH decoding. IEEE Transactions on Information Theory 15, 122–127 (1969)CrossRefMATHMathSciNetGoogle Scholar
  26. 26.
    Montgomery, P.: Square roots of products of algebraic numbers. In: Gautschi, W. (ed.) Mathematics of Computation 1943–1993: a Half-Century of Computational Mathematics, Proceedings of Symposia in Applied Mathematics, pp. 567–571. American Mathematical Society (1994)Google Scholar
  27. 27.
    Nguyen, P.Q.: A Montgomery-like square root for the number field sieve. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 151–168. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Pollard, J.M.: The lattice sieve, pp. 43–49 in [22]Google Scholar
  29. 29.
    Radford, B.: Why do people see guardian angels? (August 2013), http://news.discovery.com/human/psychology/why-people-see-guardian-angels-130813.htm
  30. 30.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)CrossRefMATHMathSciNetGoogle Scholar
  31. 31.
    Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm. Journal of Symbolic Computation 33(5), 757–775 (2002)CrossRefMATHMathSciNetGoogle Scholar
  32. 32.
    Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Transactions on Information Theory 32, 54–62 (1986)CrossRefMATHMathSciNetGoogle Scholar
  33. 33.
    Zimmermann, P.: 50 large factors found by ECM, http://www.loria.fr/~zimmerma/records/top50.html
  34. 34.
    Zimmermann, P.: Input file for Cunningham cofactors, http://www.loria.fr/~zimmerma/records/c120-355

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Thorsten Kleinjung
    • 1
  • Joppe W. Bos
    • 2
  • Arjen K. Lenstra
    • 1
  1. 1.EPFL IC LACALLausanneSwitzerland
  2. 2.NXP SemiconductorsLeuvenBelgium

Personalised recommendations