Factorization of a 512-Bit RSA Modulus (original) (raw)

Breakdown of individual contributions to this project: Management: Te Riele; polynomial selection algorithm: Montgomery, Murphy; polynomial selection computations: Dodson, Lenstra, Montgomery, Murphy; sieving codes: Lenstra, Montgomery; sieving: Aardal, Cavallar, Dodson, Gilchrist, Guillerm, Lenstra, Leyland, Lioen, Marchand, Montgomery, Morain, Muffett, Putnam, Zimmermann; filtering: Cavallar, Montgomery; linear algebra: Leyland, Montgomery; square root: Montgomery; data collection, analysis of data and running the NFS code at CWI and SARA: Cavallar, Lioen, Montgomery; technical support: Lioen.

This is a slightly abridged version of the paper which was originally submitted to Eurocrypt 2000: http://www.cwi.nl/\~herman/RSA155/EuCr2000orig.ps.

References

  1. L.M. Adleman. Factoring numbers using singular integers. In Proc. 23rd Annual ACM Symp. on Theory of Computing (STOC), pages 64–71, ACM, New York, 1991.
    Google Scholar
  2. D. Atkins, M. Graff, A.K. Lenstra, and P.C. Leyland. THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology — Asiacrypt’ 94, volume 917 of Lecture Notes in Computer Science, pages 265–277, Springer-Verlag, Berlin, 1995.
    Chapter Google Scholar
  3. Th. Beth, M. Frisch, and G.J. Simmons, editors. Public-Key Cryptography: State of the Art and Future Directions, volume 578 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 1992. Report on workshop at Oberwolfach, Germany, July, 1991.
    MATH Google Scholar
  4. Wieb Bosma and Marc-Paul van der Hulst. Primality proving with cyclotomy. PhD thesis, University of Amsterdam, December 1990.
    Google Scholar
  5. Richard P. Brent. Some parallel algorithms for integer factorisation. Proc. Europar’99 (Toulouse, Sept. 1999), volume 1685 of Lecture Notes in Computer Science, pages 1–22, Springer-Verlag, Berlin, 1999.
    Google Scholar
  6. J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman, and S.S. Wagstaff, Jr. Factorizations of b n ± 1, b = 2, 3, 5, 6, 7, 10, 11,12 up to high powers, volume 22 of Contemporary Mathematics. American Mathematical Society, second edition, 1988.
    Google Scholar
  7. J.P. Buhler, H.W. Lenstra, Jr., and Carl Pomerance. Factoring integers with the number field sieve. Pages 50–94 in H.W. Lenstra, Jr., editors. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, 1993 [19].
    Chapter Google Scholar
  8. S. Cavallar, B. Dodson, A. Lenstra, P. Leyland, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, and P. Zimmermann. Factorization of RSA-140 using the number field sieve. In Lam Kwok Yan, Eiji Okamoto, and Xing Chaoping, editors, Advances in Cryptology — Asiacrypt’ 99 (Singapore, November 14–18), volume 1716 of Lecture Notes in Computer Science, pages 195–207, Springer-Verlag, Berlin, 1999.
    Google Scholar
  9. S. Cavallar. Strategies for filtering in the Number Field Sieve. Preprint, to appear in the Proceedings of ANTS-IV (Algorithmic Number Theory Symposium IV, Leiden, The Netherlands, July 2–7, 2000), Lecture Notes in Computer Science, Springer-Verlag, Berlin, 2000.
    Google Scholar
  10. H. Cohen and A.K. Lenstra. Implementation of a new primality test. Mathematics of Computation, 48:103–121, 1987.
    Article MathSciNet Google Scholar
  11. James Cowie, Bruce Dodson, R.-Marije Elkenbracht-Huizing, Arjen K. Lenstra, Peter L. Montgomery, and Jörg Zayer. A world wide number field sieve factoring record: on to 512 bits. In Kwangjo Kim and Tsutomu Matsumoto, editors, Advances in Cryptology — Asiacrypt’ 96, volume 1163 of Lecture Notes in Computer Science, pages 382–394, Springer-Verlag, Berlin, 1996.
    Chapter Google Scholar
  12. J.A. Davis, D.B. Holdridge, and G.J. Simmons. Status report on factoring (at the Sandia National Laboratories). In T. Beth, N. Cot, and I. Ingemarsson, editors, Advances in Cryptology, Eurocrypt’ 84, volume 209 of Lecture Notes in Computer. Science, pages 183–215, Springer-Verlag, Berlin, 1985..
    Google Scholar
  13. T. Denny, B. Dodson, A.K. Lenstra, and M.S. Manasse, On the factorization of RSA-120. In D.R. Stinson, editor, Advances in Cryptology — Crypto’ 93, volume 773 of Lecture Notes in Computer Science, pages 166–174, Springer-Verlag, Berlin, 1994.
    Google Scholar
  14. B. Dixon and A.K. Lenstra. Factoring using SIMD Sieves. In Tor Helleseth, editor, Advances in Cryptology, Eurocrypt’ 93, volume 765 of Lecture Notes in Computer. Science, pages 28–39, Springer-Verlag, Berlin, 1994.
    Google Scholar
  15. Marije Elkenbracht-Huizing. Factoring integers with the number field sieve. PhD thesis, Leiden University, May 1997.
    Google Scholar
  16. R.-M. Elkenbracht-Huizing. An implementation of the number field sieve. Experimental Mathematics, 5:231–253, 1996.
    MATH MathSciNet Google Scholar
  17. Frequently Asked Questions about today’s Cryptography 4.0. Question 3.1.9, see http://www.rsa.com/rsalabs/faq/html/3-1-9.html.
  18. R. Golliver, A.K. Lenstra, and K.S. McCurley. Lattice sieving and trial division. In Leonard M. Adleman and Ming-Deh Huang, editors, Algorithmic Number Theory, (ANTS-I, Ithaca, NY, USA, May 1994), volume 877 of Lecture Notes in Computer Science, pages 18–27, Springer-Verlag, Berlin, 1994.
    Google Scholar
  19. A.K. Lenstra and H.W. Lenstra, Jr., editors. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, 1993
    MATH Google Scholar
  20. A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard. The factorization of the Ninth Fermat number. Mathematics of Computation, 61(203):319–349, July 1993.
    Article MATH MathSciNet Google Scholar
  21. A.K. Lenstra and M.S. Manasse. Factoring by Electronic Mail. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology — Eurocrypt’ 89, volume 434 of Lecture Notes in Computer Science, pages 355–371, Springer-Verlag, Berlin, 1990.
    Google Scholar
  22. A.K. Lenstra and M.S. Manasse. Factoring with two large primes. In I.B. Dåmgard, editor, Advances in Cryptology — Eurocrypt’ 90, volume 473 of Lecture Notes in Computer Science, pages 72–82, Springer-Verlag, Berlin, 1991.
    Google Scholar
  23. Arjen K. Lenstra and Eric R. Verheul. Selecting Cryptographic Key Sizes. In H. Imai and Y. Zheng, editors, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 446–465, Springer-Verlag, Berlin, 2000.
    Google Scholar
  24. Peter L. Montgomery. Square roots of products of algebraic numbers. In Walter Gautschi, editor, Mathematics of Computation 1943–1993: a Half-Century of Computational Mathematics, pages 567–571. Proceedings of Symposia in Applied Mathematics, American Mathematical Society, 1994.
    Google Scholar
  25. Peter L. Montgomery. A block Lanczos algorithm for finding dependencies over GF(2). In Louis C. Guillou and Jean-Jacques Quisquater, editors, Advances in Cryptology — Eurocrypt’ 95, volume 921 of Lecture Notes in Computer Science, pages 106–120, Springer-Verlag, Berlin, 1995.
    Google Scholar
  26. Peter L. Montgomery and Brian Murphy. Improved Polynomial Selection for the Number Field Sieve. Extended Abstract for the Conference on the Mathematics of Public-Key Cryptography, June 13–17, 1999, The Fields Institute, Toronto, Ontario, Canada.
    Google Scholar
  27. Michael A. Morrison and John Brillhart. The factorization of F 7. Bull. Amer. Math. Soc., 77(2):264, 1971.
    Article MathSciNet Google Scholar
  28. Michael A. Morrison and John Brillhart. A method of factoring and the factorization of F 7. Mathematics of Computation, 29:183–205, January 1975.
    Article MATH MathSciNet Google Scholar
  29. B. Murphy. Modelling the Yield of Number Field Sieve Polynomials. J. Buhler, editor, Algorithmic Number Theory, (Third International Symposium, ANTS-III, Portland, Oregon, USA, June 1998), volume 1423 of Lecture Notes in Computer Science, pages 137–151, Springer-Verlag, Berlin, 1998.
    Google Scholar
  30. Brian Antony Murphy. Polynomial Selection for the Number Field Sieve Integer Factorisation Algorithm. PhD thesis, The Australian National University, July 1999.
    Google Scholar
  31. J.M. Pollard. The lattice sieve. Pages 43–49 in H.W. Lenstra, Jr., editors. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, 1993 [19].
    Chapter Google Scholar
  32. Herman te Riele, Walter Lioen, and Dik Winter. Factoring with the quadratic sieve on large vector computers. J. Comp. Appl. Math., 27:267–278, 1989.
    Article MATH Google Scholar
  33. R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM, 21:120–126, 1978.
    Article MATH MathSciNet Google Scholar
  34. RSA Challenge Administrator. In order to obtain information about the RSA Factoring Challenge, send electronic mail to challenge-info@rsa.com. The status of the factored numbers on the RSA Challenge List can be obtained by sending electronic mail to challenge-honor-rolls@majordomo.rsasecurity.com. Also visit http://www.rsa.com/rsalabs/html/factoring.html.
  35. A. Shamir. Factoring large numbers with the TWINKLE device. In C.K. Koc and C. Paar, editors, Cryptographic Hardware and Embedded Systems (CHES), volume 1717 of Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1999.
    Chapter Google Scholar
  36. Robert D. Silverman. The multiple polynomial quadratic sieve. Mathematics of Computation, 48:329–339, 1987.
    Article MATH MathSciNet Google Scholar
  37. Robert D. Silverman. Private communication.
    Google Scholar
  38. URL: http://www.bxa.doc.gov/Encryption/Default.htm.

Download references