Mersenne Factorization Factory

  • Thorsten Kleinjung
  • Joppe W. Bos
  • Arjen K. Lenstra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8873)


We present work in progress to completely factor seventeen Mersenne numbers using a variant of the special number field sieve where sieving on the algebraic side is shared among the numbers. It is expected that it reduces the overall factoring effort by more than 50%. As far as we know this is the first practical application of Coppersmith’s “factorization factory” idea. Most factorizations used a new double-product approach that led to additional savings in the matrix step.


Mersenne numbers factorization factory special number field sieve block Wiedemann algorithm 


  1. 1.
    Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A kilobit special number field sieve factorization. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bahr, F.: Liniensieben und Quadratwurzelberechnung für das Zahlkörpersieb, Diplomarbeit, University of Bonn (2005)Google Scholar
  3. 3.
    Bernstein, D.J.: How to find small factors of integers (June 2002),
  4. 4.
    Bos, J.W., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Efficient SIMD arithmetic modulo a Mersenne number. In: IEEE Symposium on Computer Arithmetic – ARITH-20, pp. 213–221. IEEE Computer Society (2011)Google Scholar
  5. 5.
    Brillhart, J., Lehmer, D.H., Selfridge, J.L., Tuckerman, B., Wagstaff Jr., S.S.: Factorizations of b n ±1, b = 2,3,5,6,7,10,11,12 Up to High Powers, 1st edn. Contemporary Mathematics, vol. 22. American Mathematical Society (1983) (2nd edn. 1988), (3rd edn. 2002), Electronic book available at:
  6. 6.
    Childers, G.: Factorization of a 1061-bit number by the special number field sieve. Cryptology ePrint Archive, Report 2012/444 (2012),
  7. 7.
    Coppersmith, D.: Modifications to the number field sieve. Journal of Cryptology 6(3), 169–180 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Mathematics of Computation 62(205), 333–350 (1994)zbMATHMathSciNetGoogle Scholar
  9. 9.
    Cunningham, A.J.C., Western, A.E.: On Fermat’s numbers. Proceedings of the London Mathematical Society 2(1), 175 (1904)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Cunningham, A.J.C., Woodall, H.J.: Factorizations of yn ±1, y = 2,3,5,6,7,10,11,12 up to high powers. Frances Hodgson, London (1925)Google Scholar
  11. 11.
    Dodson, B., Lenstra, A.K.: NFS with four large primes: An explosive experiment. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 372–385. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Franke, J., Kleinjung, T.: Continued fractions and lattice sieving. In: Special-purpose Hardware for Attacking Cryptographic Systems – SHARCS (2005),
  13. 13.
    Franke, J., Kleinjung, T.: GNFS for linux. Software (2012)Google Scholar
  14. 14.
    Franke, J., Kleinjung, T., Morain, F., Wirth, T.: Proving the primality of very large numbers with fastECPP. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 194–207. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Golliver, R., Lenstra, A.K., McCurley, K.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18–27. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  16. 16.
    Harrison, J.: Isolating critical cases for reciprocals using integer factorization. In: IEEE Symposium on Computer Arithmetic – ARITH-16, pp. 148–157. IEEE Computer Society Press (2003)Google Scholar
  17. 17.
    Kleinjung, T.: On polynomial selection for the general number field sieve. Mathematics of Computation 75, 2037–2047 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Kleinjung, T., Bos, J.W., Lenstra, A.K.: Mersenne factorization factory. Cryptology ePrint Archive, Report 2014/653 (2014),
  20. 20.
    Lenstra, A.K., Kleinjung, T., Thomé, E.: Universal security. In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 121–124. Springer, Heidelberg (2013), Google Scholar
  21. 21.
    Lenstra, A.K., Lenstra Jr., H.W.: Algorithms in number theory. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science (Volume A: Algorithms and Complexity), pp. 673–715. Elsevier and MIT Press (1990)Google Scholar
  22. 22.
    Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. LNM, vol. 1554. Springer (1993)Google Scholar
  23. 23.
    Lenstra, A.K., Lenstra Jr., H.W., Manasse, M.S., Pollard, J.M.: The number field sieve, pp. 11–42 in [22]Google Scholar
  24. 24.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126(3), 649–673 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  25. 25.
    Massey, J.: Shift-register synthesis and BCH decoding. IEEE Transactions on Information Theory 15, 122–127 (1969)CrossRefzbMATHMathSciNetGoogle Scholar
  26. 26.
    Montgomery, P.: Square roots of products of algebraic numbers. In: Gautschi, W. (ed.) Mathematics of Computation 1943–1993: a Half-Century of Computational Mathematics, Proceedings of Symposia in Applied Mathematics, pp. 567–571. American Mathematical Society (1994)Google Scholar
  27. 27.
    Nguyen, P.Q.: A Montgomery-like square root for the number field sieve. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 151–168. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Pollard, J.M.: The lattice sieve, pp. 43–49 in [22]Google Scholar
  29. 29.
    Radford, B.: Why do people see guardian angels? (August 2013),
  30. 30.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  31. 31.
    Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm. Journal of Symbolic Computation 33(5), 757–775 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  32. 32.
    Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Transactions on Information Theory 32, 54–62 (1986)CrossRefzbMATHMathSciNetGoogle Scholar
  33. 33.
    Zimmermann, P.: 50 large factors found by ECM,
  34. 34.
    Zimmermann, P.: Input file for Cunningham cofactors,

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Thorsten Kleinjung
    • 1
  • Joppe W. Bos
    • 2
  • Arjen K. Lenstra
    • 1
  1. 1.EPFL IC LACALLausanneSwitzerland
  2. 2.NXP SemiconductorsLeuvenBelgium

Personalised recommendations