Advertisement

Factorization of RSA-140 Using the Number Field Sieve

  • Stefania Cavallar
  • Bruce Dodson
  • Arjen Lenstra
  • Paul Leyland
  • Walter Lioen
  • Peter L. Montgomery
  • Brian Murphy
  • Herman te Riele
  • Paul Zimmermann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1716)

Abstract

On February 2, 1999, we completed the factorization of the 140-digit number RSA-140 with the help of the Number Field Sieve factoring method (NFS). This is a new general factoring record. The previous record was established on April 10, 1996 by the factorization of the 130-digit number RSA-130, also with the help of NFS. The amount of computing time spent on RSA-140 was roughly twice that needed for RSA-130, about half of what could be expected from a straightforward extrapolation of the computing time spent on factoring RSA-130. The speed-up can be attributed to a new polynomial selection method for NFS which will be sketched in this paper.

The implications of the new polynomial selection method for factoring a 512-bit RSA modulus are discussed and it is concluded that 512-bit (= 155-digit) RSA moduli are easily and realistically within reach of factoring efforts similar to the one presented here.

Keywords

Prime Ideal Root Property Algorithmic Number Theory Polynomial Selection Polynomial Pair 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Atkins, D., Graff, M., Lenstra, A.K., Leyland, P.C.: The Magicwords are Squeamish Ossifrage. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 265–277. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  2. 2.
    Bosma, W., van der Hulst, M.-P.: Primality proving with cyclotomy. PhD thesis, University of Amsterdam (December 1990) Google Scholar
  3. 3.
    Buhler, J.P., Lenstra Jr., H.W., Pomerance, C.: Factoring integers with the number field sieve. In: [13], pp. 50–94 Google Scholar
  4. 4.
    Cavallar, S.: Strategies for filtering in the Number Field Sieve. (in preparation) Google Scholar
  5. 5.
    Cohen, H., Lenstra, A.K.: Implementation of a new primality test. Mathematics of Computation 48, 103–121 (1987)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Cowie, J., Dodson, B., Elkenbracht-Huizing, R.-M., Lenstra, A.K., Montgomery, P.L., Zayer, J.: A world wide number field sieve factoring record: on to 512 bits. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 382–394. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  7. 7.
  8. 8.
    Denny, T., Dodson, B., Lenstra, A.K., Manasse, M.S.: On the factorization of RSA–120. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 166–174. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Dodson, B., Lenstra, A.K.: NFS with four large primes: an explosive experiment. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 372–385. Springer, Heidelberg (1995)Google Scholar
  10. 10.
    Elkenbracht-Huizing, M.: Factoring integers with the number field sieve. PhD thesis, Leiden University (May 1997)Google Scholar
  11. 11.
    Elkenbracht-Huizing, R.-M.: An implementation of the number field sieve. Experimental Mathematics 5, 231–253 (1996)zbMATHMathSciNetGoogle Scholar
  12. 12.
    Golliver, R., Lenstra, A.K., McCurley, K.S.: Lattice sieving and trial division. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 18–27. Springer, Heidelberg (1994)Google Scholar
  13. 13.
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554, pp. 196, 197, 206, 207. Springer-Verlag, Berlin (1993)zbMATHGoogle Scholar
  14. 14.
    Lenstra, A.K., Manasse, M.S.: Factoring by electronic mail. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 355–371. Springer, Heidelberg (1990)Google Scholar
  15. 15.
    Lenstra, A.K., Manasse, M.S.: Factoring with two large primes. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 72–82. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    : Square roots of products of algebraic numbers. In: Mathematics of Computation 1943–1993: a Half-Century of Computational Mathematics. Proceedings of Symposia in Applied Mathematics, pp. 567–571. American Mathematical Society (1994)Google Scholar
  17. 17.
    Montgomery, P.L.: A block Lanczos algorithm for finding dependencies over GF(2). In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 106–120. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Montgomery, P.L., Murphy, B.: Improved Polynomial Selection for the Number Field Sieve. In: Extended Abstract for the Conference on the Mathematics of Public-Key Cryptography, The Fields Institute, Toronto, Ontario, Canada, June 13–17 (1999)Google Scholar
  19. 19.
    Murphy, B.: Modelling the Yield of Number Field Sieve Polynomials. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 137–151. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Pollard, J.M.: The lattice sieve. In: [13], pp. 43–49Google Scholar
  21. 21.
    Pomerance, C.: The Quadratic Sieve Factoring algorithm. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 169–182. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21, 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    RSA Challenge Administrator. In order to obtain information about the RSA Factoring Challenge, send electronic mail to challenge-info@rsa.com and visit, http://www.rsa.com/rsalabs/html/factoring.html
  24. 24.
    Shamir, A.: Factoring Large Numbers with the TWINKLE device. (Manuscript) (April 1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Stefania Cavallar
    • 3
  • Bruce Dodson
    • 5
  • Arjen Lenstra
    • 1
  • Paul Leyland
    • 6
  • Walter Lioen
    • 3
  • Peter L. Montgomery
    • 7
  • Brian Murphy
    • 2
  • Herman te Riele
    • 3
  • Paul Zimmermann
    • 4
  1. 1.CitibankParsippanyUSA
  2. 2.Computer Sciences LaboratoryThe Australian National UniversityCanberraAustralia
  3. 3.CWIAmsterdamThe Netherlands
  4. 4.Inria Lorraine and LoriaNancyFrance
  5. 5.Lehigh UniversityBethlehemUSA
  6. 6.Microsoft Research Ltd.CambridgeUK
  7. 7.Microsoft Research and CWISan RafaelUSA

Personalised recommendations