Scalable Hardware for Sparse Systems of Linear Equations, with Applications to Integer Factorization
Motivated by the goal of factoring large integers using the Number Field Sieve, several special-purpose hardware designs have been recently proposed for solving large sparse systems of linear equations over finite fields using Wiedemann’s algorithm. However, in the context of factoring large (1024-bit) integers, these proposals were marginally practical due to the complexity of a wafer-scale design, or alternatively the difficulty of connecting smaller chips by a huge number of extremely fast interconnects.
In this paper we suggest a new special-purpose hardware device for the (block) Wiedemann algorithm, based on a pipelined systolic architecture reminiscent of the TWIRL device. The new architecture offers simpler chip layout and interconnections, improved efficiency, reduced cost, easy testability and greater flexibility in using the same hardware to solve sparse problems of widely varying sizes and densities. Our analysis indicates that standard fab technologies can be used in practice to carry out the linear algebra step of factoring 1024-bit RSA keys.
As part of our design but also of independent interest, we describe a new error-detection scheme adaptable to any implementation of Wiedemann’s algorithm. The new scheme can be used to detect computational errors with probability arbitrarily close to 1 and at negligible cost.
KeywordsFactorization number field sieve sparse systems of linear equations
- 6.Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK - A Realizable Special Hardware Sieving Device for Factoring 1024-bit Integers. In: SHARCS 2005 (2005)Google Scholar
- 7.Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Simka, M., Stahlke, C.: An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method. In: SHARCS 2005 (2005)Google Scholar
- 8.Bernstein, D.J.: Circuits for Integer Factorization: a Proposal. At the time of writing available electronically (2001), http://cr.yp.to/papers/nfscircuit.pdf
- 11.Geiselmann, W., Köpfer, H., Steinwandt, R., Tromer, E.: Improved Routing-Based Linear Algebra for the Number Field Sieve. In: Proceedings of ITCC 2005 – Track on Embedded Cryptographic Systems, pp. 636–641. IEEE Computer Society, Los Alamitos (2005)Google Scholar
- 12.Frey, G.: A First Step Towards Computations in Brauer Groups and Applications to data Security. Invited talk at WARTACRYPT 2004 (2004)Google Scholar
- 13.Frey, G.: On the Relation between Brauer Groups and Discrete Logarithms (2004) (unpublished manuscript)Google Scholar
- 14.Pomerance, C.: A Tale of Two Sieves. Notices of the ACM, 1473–1485 (1996)Google Scholar