SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers

  • Jens Franke
  • Thorsten Kleinjung
  • Christof Paar
  • Jan Pelzl
  • Christine Priplata
  • Colin Stahlke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)

Abstract

Since 1999 specialized hardware architectures for factoring numbers of 1024 bit size with the General Number Field Sieve (GNFS) have attracted a lot of attention ([Ber], [ST]). Concerns about the feasibility of giant monolytic ASIC architectures such as TWIRL have been raised. Therefore, we propose a parallelized lattice sieving device called SHARK, which completes the sieving step of the GNFS for a 1024-bit number in one year. Its architecture is modular and consists of small ASICs connected by a specialized butterfly transport system. We estimate the costs of such a device to be less than US$ 200 million. Because of the modular architecture based on small ASICs, we claim that this device can be built with today’s technology.

Keywords

Integer factorization GNFS lattice sieving RSA 1024 bit special hardware 

References

  1. [Ber]
    Bernstein, D.J.: Circuits for Integer Factorization: A Proposal. Manuscript (November 2001), http://cr.yp.to/papers.html#nfscircuit
  2. [FK]
    Franke, J., Kleinjung, T.: Continued Fractions and Lattice Sieving. In: Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2005, Paris (2005), http://www.ruhr-uni-bochum.de/itsc/tanja/SHARCS/talks/FrankeKleinjung.pdf
  3. [FKPPPSS]
    Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Šimka, M., Stahlke, C.: An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method. In: Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2005, Paris (2005), http://www.ruhr-uni-bochum.de/itsc/tanja/SHARCS/talks/ecm_paper.pdf
  4. [GS]
    Geiselmann, W., Steinwandt, R.: Yet another sieving device. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 278–291. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. [GLM]
    Golliver, R.A., Lenstra, A.K., McCurley, K.S.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18–27. Springer, Heidelberg (1994)Google Scholar
  6. [LL]
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The Development of the Number Field Sieve. Lecture Notes in Math., vol. 1554. Springer, Heidelberg (1993)MATHGoogle Scholar
  7. [LTSKDHL]
    Lenstra, A.K., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.: Factoring Estimates for a 1024-bit RSA Modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. [RSA576]
    Franke, J., Kleinjung, T., et al.: RSA-576. Email announcement (2003), http://www.crypto-world.com/announcements/rsa576.txt
  9. [RSA200]
    Franke, J., Kleinjung, T., et al.: RSA-200. Email announcement (May 2005), http://www.crypto-world.com/announcements/rsa200.txt
  10. [ST]
    Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003), http://www.wisdom.weizmann.ac.il/~tromer/papers/twirl.ps.gz CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Jens Franke
    • 1
  • Thorsten Kleinjung
    • 1
  • Christof Paar
    • 2
  • Jan Pelzl
    • 2
  • Christine Priplata
    • 3
  • Colin Stahlke
    • 3
  1. 1.Department of MathematicsUniversity of BonnBonnGermany
  2. 2.Horst Görtz Institute for IT SecurityRuhr UniversityBochumGermany
  3. 3.EDIZONE GmbHBonnGermany

Personalised recommendations