A World Wide Number Field Sieve factoring record: On to 512 bits

  • James Cowie
  • Bruce Dodson
  • R. Marije Elkenbracht-Huizing
  • Arjen K. Lenstra
  • Peter L. Montgomery
  • Jörg Zayer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1163)

Abstract

We present data concerning the factorization of the 130-digit number RSA130 which we factored on April 10, 1996, using the Number Field Sieve factoring method. This factorization beats the 129-digit record that was set on April 2, 1994, by the Quadratic Sieve method. The amount of computer time spent on our new record factorization is only a fraction of what was spent on the previous record. We also discuss a World Wide Web interface to our sieving program that we have developed to facilitate contributing to the sieving stage of future large scale factoring efforts. These developments have a serious impact on the security of RSA public key cryptosystems with small moduli. We present a conservative extrapolation to estimate the difficulty of factoring 512-bit numbers.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    D. Atkins, M. Graff, A.K. Lenstra, and P.C. Leyland, THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE, Advances in Cryptology, Asiacrypt'94, Lecture Notes in Comput. Sci. 917 (1995), 265–277.Google Scholar
  2. 2.
    D. J. Bernstein, A. K. Lenstra, A general number field sieve implementation, 103–126 in: [12].Google Scholar
  3. 3.
    J. Buchmann, J. Loho, J. Zayer, An implementation of the general number field sieve, Advances in Cryptology, Crypto '93, Lecture Notes in Comput. Sci. 773 (1994) 159–165.Google Scholar
  4. 4.
    T. Denny, B. Dodson, A. K. Lenstra, M. S. Manasse, On the factorization of RSA-120, Advances in Cryptology, Crypto '93, Lecture Notes in Comput. Sci. 773 (1994) 166–174.Google Scholar
  5. 5.
    B. Dixon, A. K. Lenstra, Factoring integers using SIMD sieves, Advances in Cryptology, Eurocrypt '93, Lecture Notes in Comput. Sci. 765 (1994) 28–39.Google Scholar
  6. 6.
    B. Dodson, A. K. Lenstra, NFS with four large primes: an explosive experiment, Advances in Cryptology, Crypto '95, Lecture Notes in Comput. Sci. 963 (1995) 372–385.Google Scholar
  7. 7.
    R. M. Elkenbracht-Huizing, An implementation of the number field sieve, Technical Report NM-R9511, Centrum voor Wiskunde en Informatica, Amsterdam, 1995; to appear in Experimental Mathematics.Google Scholar
  8. 8.
    R. M. Elkenbracht-Huizing, A multiple polynomial general number field sieve, Proceedings ANTS II, to appear.Google Scholar
  9. 9.
    M. Gardner, Mathematical games, A new kind of cipher that would take millions of years to break, Scientific American, August 1977, 120–124.Google Scholar
  10. 10.
    R. Golliver, A. K. Lenstra, K. McCurley, Lattice sieving and trial division, ANTS '94, Lecture Notes in Comput. Sci. 877 (1994) 18–27.Google Scholar
  11. 11.
    A. K. Lenstra, H. W. Lenstra, Jr., Algorithms in number theory, Chapter 12 in: J. van Leeuwen (ed.), Handbook of theoretical computer science, Volume A, Algorithms and complexity, Elsevier, Amsterdam, 1990.Google Scholar
  12. 12.
    A. K. Lenstra, H. W. Lenstra, Jr. (eds), The development of the number field sieve, Lecture Notes in Math. 1554, Springer-Verlag, Berlin, 1993.Google Scholar
  13. 13.
    A. K. Lenstra, M. S. Manasse, Factoring by electronic mail, Advances in Cryptology, Eurocrypt '89, Lecture Notes in Comput. Sci. 434 (1990) 355–371.Google Scholar
  14. 14.
    A. K. Lenstra, M. S. Manasse, Factoring with two large primes, Advances in Cryptology, Eurocrypt '90, Lecture Notes in Comput. Sci. 473 (1991) 72–82; Math. Comp., 63 (1994) 785–798.Google Scholar
  15. 15.
    P. L. Montgomery, Square roots of products of algebraic numbers, Proceedings of Symposia in Applied Mathematics, Mathematics of Computation 1943–1993, Vancouver, 1993, Walter Gautschi, ed.Google Scholar
  16. 16.
    P. L. Montgomery, A block Lanczos algorithm for finding dependencies over GF(2), Advances in Cryptology, Eurocrypt'95, Lecture Notes in Comput. Sci. 921 (1995) 106–120.Google Scholar
  17. 17.
    J. M. Pollard, The lattice sieve, 43–49 in: [12].Google Scholar
  18. 18.
    RSA Data Security Corporation Inc., sci.crypt, May 18, 1991; information available by sending electronic mail to challenge-rsa-list@rsa.com.Google Scholar

Copyright information

© Springer-Verlag 1996

Authors and Affiliations

  • James Cowie
    • 1
  • Bruce Dodson
    • 2
  • R. Marije Elkenbracht-Huizing
    • 3
  • Arjen K. Lenstra
    • 4
  • Peter L. Montgomery
    • 5
  • Jörg Zayer
    • 6
  1. 1.Cooperating Systems CorporationChestnut HillUSA
  2. 2.Department of MathematicsLehigh UniversityBethlehemUSA
  3. 3.Centrum voor Wiskunde en InformaticaSJ AmsterdamThe Netherlands
  4. 4.Citibank, N.A.ParsippanyUSA
  5. 5.San RafaelUSA
  6. 6.Dorf im WarndtGermany

Personalised recommendations