# Optimization of the MPQS-factoring algorithm on the Cyber 205 and the NEC SX-2

Save this PDF as:

Size: px
Start display at page:

Download "Optimization of the MPQS-factoring algorithm on the Cyber 205 and the NEC SX-2"

## Transcription

1 Optimization of the MPQS-factoring algorithm on the Cyber 205 and the NEC SX-2 Walter Lioen, Herman te Riele, Dik Winter CWI P.O. Box 94079, 1090 GB Amsterdam, The Netherlands ABSTRACT This paper describes the optimization of a program for the factorization of large integers on two large vector processors: a CDC Cyber 205 and a NEC SX-2. The factoring method used is the so-called multiple polynomial version of the quadratic sieve algorithm. Several large integers in the decimal digits range have actually been factorized with these two programs. The largest number, the 92-digit composite ( )/( ), was factorized in about 95 CPUhours on the NEC SX-2. This result means a new absolute record for general purpose factoring methods Mathematics Subject Classification (1985) revision: 11Y05, 11A51, 65F05, 65V05, 65W05. Keywords and Phrases: quadratic sieve factorization, vector computer, vectorization. 1. Introduction Factoring large numbers has long been considered a nice, but useless, activity in number theory. However, the discovery, about ten years ago, by Rivest et al [7], that the difficulty of breaking certain cryptographic codes depends on the difficulty of factoring large integers, has considerably stimulated the interest in this problem. In particular, in order to be able to use safe cryptosystems based on factoring, it is of continuous interest to know what can be achieved in factoring with the best method and with the fastest available (super)computer. At present, at least six groups of researchers in the USA, Australia, Japan and The Netherlands are heavily involved in factoring large numbers, some of them aided by very powerful vector an parallel computers. Although many factoring methods are known [6], only two of them are still feasible for numbers of, say, more than 65 decimal digits, viz., the Elliptic Curve Method (ECM, [2]) and the Multiple Polynomial Quadratic Sieve (MPQS, [4]). ECM and MPQS are complementary in the sense that if N is the number to be factorized, then the computing time of ECM depends on the size of the second largest prime divisor of N, whereasthe computing time of MPQS depends on the size of N itself. Usually, ECM is tried first and when it has failed after some time, then MPQS is invoked. In this paper we describe how we have optimized the MPQS-algorithm for the Cyber 205 and the NEC SX-2 vector computers. We assume the reader to be familiar with the basic characteristics of the two machines. We shall restrict our attention to the two most time-critical loops: the so-called sieve loop and the selection loop. These loops consume more than 75% of the total CPU-time. Moreover, we devote a few words to a memory-critical part of the algorithm: the Gaussian elimination step. We have applied our programs to various large composite numbers in the decimal digits range. The results obtained are described in [5]. The largest number we have split into prime factors was a 92-digit composite from the so-called Cunningham project [1]. It took the NEC SX-2 about 95 AP-hours to factorize this number, and at the moment of writing this is the largest difficult composite number ever factorized by means of a general purpose factoring method.

2 2. The MPQS-factorization method 2 2. The MPQS-factorization method It is beyond the scope of this paper to fully describe the Multiple Polynomial Quadratic Sieve algorithm. We describe it here in a simplified form in order to be able to explain the place of the two time-critical loops and the Gaussian elimination step. A complete description of the algorithm may be found in [4] and practical experiences with MPQS are described in [8] and [5]. Suppose that we want to factorize the (large) integer N, which is known to be composite and whose smallest prime divisor is known to be reasonably large (e.g. by Pollard s p 1 method [6], or by ECM). The idea of the Quadratic Sieve Factoring algorithm is to find two integers X and Y satisfying the congruence X 2 Y 2 (mod N), from congruences of the form Ui 2 V i 2W i (mod N), where the latter congruences are generated by means of a quadratic polynomial W (x), and where the numbers W i are easy to factor, or at least much easier than N. If sufficiently many such triples (U i,v i,w i )areknown, where the W i s are completely factorized, then indeed such an (X, Y )-congruence can be found. Next we compute d := gcd(x Y,N) by Euclid s algorithm and if 1 <d<n then d is a proper divisor of N. If not sufficiently many congruences could be generated with one quadratic polynomial, then another is constructed, and so on. The simplified version of the Quadratic Sieve (with one polynomial) now looks as follows. Let U(x) :=x+m,wherem= N 1/2,V := 1 and W (x) :=(U(x)) 2 N, forx=0,±1,±2,... Then we have and (U(x)) 2 W (x) (mod N) W (x) 2xN 1/2 N if x N 1/2. Hence W (x) is easier to factorize than N. Moreover, W(x) has the nice property that if p W (x 0 ) for some x 0 then also p W (x 0 + kp), for all k Z. Such an x 0 may be found for given p as follows: W (x) 0 (mod p) implies that (x+m) 2 N (mod p); this equation has two solutions if N is a so-called quadratic residue of p (shortly denoted by the Legendre symbol notation ( N p ) = 1). These solutions can be computed quite easily (cf. [6, pp ]). We now describe the Quadratic Sieve Algorithm: 1. Choose a factor base FB := {p B p prime and ( N p )=1}for some suitable B (these are the primes allowed in the W s that we want to factorize completely); let F := FB. 2. p FB solve W (x) 0(modp) two solutions r p 1 and rp Initialize a sieving array SI( M : M 1) to 0, where M is suitably chosen. 4. (Sieving) p FB, j [ M,M 1] such that j r p 1 (mod p) orj rp 2 (mod p): SI(j) := SI(j)+logp. 5. (Selection) Select those x [ M,M 1] for which SI(x) log W (x) and store these numbers into x 1,x 2,... Note that log W (x) is very slowly varying and for those x which are selected in this step, there is a very good chance that W (x) is only composed of primes belonging to the factor base! Associate with x i and W (x i ) the vector of exponents of W (x) (mod2): α T = (α 0,α 1,...,α F )where W(x i )=( 1) α0 F j=1 p αj j, and p 1,...,p F are the primes in FB.

3 3. Optimization 3 6. (Gaussian elimination) Collect at least F + 2 completely factorized W s (assume this is possible for the choice of B and M made) and find linear combinations of vectors α which, added (mod 2), yield 0. This is carried out by Gaussian elimination (mod 2). 7. Multiply those W (x)-values whose linear combination of exponent-vectors yield the 0-vector. This implies that we have found a congruence of the form X 2 Y 2 (mod N); compute these X and Y,andgcd(X Y,N) which should be a factor of N. (Usually,instep6morethan one suitable linear combination of exponent-vectors are found and this may help if the first gcd found is 1 or N.) The most time-consuming part in this algorithm is step 4 because in order to factor a very large number N, the parameters B and M have to be chosen very large (and a large M implies a long sievingarrayandalargebimplies many primes in the sieving step 4). Step 5 may also consume a non-trivial portion of the total CPU-time. Finally, the Gaussian elimination step 6 deserves attention, not because of the time, but because of the memory it needs. In the next Section we describe how we have optimized steps 4, 5 and 6 on the Cyber 205 and on the NEC SX Optimization 3.1 The sieve loop The loop in the sieving step 4 may be given in Fortran as DO 30 I = 1, F P = FB(I) LP = ALOG(P) DO 20 J = 1, 2 RJ = SOL(I, J) KF = FIRST(M, P, RJ) KL = LAST (M, P, RJ) DO 10 K = KF, KL, P SI(K) = SI(K) + LP 10 CONTINUE 20 CONTINUE 30 CONTINUE Here, FB(I) is the I-th prime in the factor base, SOL(I,1) and SOL(I,2) are the two precomputed solutions of the equation W (x) 0(modP), and FIRST and LAST are functions which determine the first and the last places in array SI(-M:M-1) to which log P has to be added. Of course, only the 10-loop is vectorizable. On the NEC SX-2 this was done automatically by the compiler, but on the Cyber 205 we had to invoke periodic gather and scatter calls to obtain vector speed. This piece of code looks as follows (LSI is the length of the sieving array SI, i.e., 2*M): LEN = (KL - KF)/P + 1 HELP(1;LEN) = Q8VGATHP(SI(KF;LSI),P,LEN;HELP(1;LEN)) HELP(1;LEN) = HELP(1;LEN)+LP SI(KF;LSI) = Q8VSCATP(HELP(1;LEN),P,LEN;SI(KF;LSI)) The length (LEN) ofthe10-loop is about 2*M/P and this may vary, for the values of B and M involved, roughly between 5 and 170,000 as P runs through the primes in the factor base. Therefore, on the NEC SX-2, this loop is processed much more efficiently than on the Cyber 205, since the NEC SX-2 attains vector speed for much smaller vectors than the Cyber 205. For the complete 30-loop the NEC SX-2 reached an average speed of about 90 million LP-additions per second, against 13 million reached by the Cyber 205.

4 3. Optimization The selection loop The loop in the selection step 5 may be described in Fortran as follows (THRES represents the value of log W (x), approximately constant for x [ M,M 1]): COUNT = 0 DO 10 I = -M, M-1 IF (SI(I).LT. THRES) GOTO 10 COUNT = COUNT CONTINUE Neither the Cyber 205 nor the NEC SX-2 compiler are able to vectorize this loop automatically. On the Cyber 205 we could use (non standard Fortran) bit vectors and obtain reasonable vector speed with the following code: BITV(-M; LSI) = SI(-M; LSI).GE. THRES COUNT = Q8SCNT(BITV(-M; LSI)) X(1;COUNT) = Q8VCMPRS(SI(-M;LSI),BITV(-M;LSI);X(1;COUNT)) The function Q8SCNT counts the number of 1 s in a bit vector. We have not measured precisely the performance of this piece of code (on the Cyber 205) because its CPU-time was dominated by the time needed to perform the sieve step. On the NEC SX-2 we could obtain vector speed (because the number of times that SI(I) THRES was always extremely small compared with the length of the sieving array SI) with the following piece of code: COUNT = 0 IPOINT = -M *VDIR LOOPCNT= DO 20 I = IPOINT, IPOINT+255 IF (SI(I).GE. THRES) GOTO CONTINUE IPOINT = IPOINT IF (IPOINT+255.LE. M-1) THEN GOTO 10 ELSE GOTO 40 END IF 30 COUNT = COUNT + 1 IPOINT = I + 1 IF (IPOINT+255.LE. M-1) GOTO CONTINUE *VDIR LOOPCNT=256 DO 50 I = IPOINT, M-1 IF (SI(I).GE. THRES) THEN COUNT = COUNT + 1 END IF 50 CONTINUE The time to run this piece of code on the SX-2 was about equal to the total sieving time in step 4. The speed was about 90 million comparison per second.

### Factoring with the Quadratic Sieve on Large Vector Computers

Factoring with the Quadratic Sieve on Large Vector Computers Herman te Riele, Walter Lioen and Dik Winter Centre for Mathematics and Computer Science P.O. Box 4079, 1009 AB Amsterdam, The Netherlands The

### Factorizations of a n ± 1, 13 a < 100

Factorizations of a n ± 1, 13 a < 100 Richard P. Brent Computer Sciences Laboratory, Australian National University GPO Box 4, Canberra, ACT 2601, Australia e-mail: rpb@cslab.anu.edu.au and Herman J. J.

### Factoring Algorithms

Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

### Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

### Primality - Factorization

Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

### Notes on Factoring. MA 206 Kurt Bryan

The General Approach Notes on Factoring MA 26 Kurt Bryan Suppose I hand you n, a 2 digit integer and tell you that n is composite, with smallest prime factor around 5 digits. Finding a nontrivial factor

### An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

### The Quadratic Sieve Factoring Algorithm

The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 Introduction Mathematicians have been attempting to find better and faster ways to factor composite

### Factoring. Factoring 1

Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### Factoring Algorithms

Institutionen för Informationsteknologi Lunds Tekniska Högskola Department of Information Technology Lund University Cryptology - Project 1 Factoring Algorithms The purpose of this project is to understand

### RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1

### The number field sieve

The number field sieve A.K. Lenstra Bellcore, 435 South Street, Morristown, NJ 07960 H.W. Lenstra, Jr. Department of Mathematics, University of California, Berkeley, CA 94720 M.S. Manasse DEC SRC, 130

### MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

### Factorization of a 1061-bit number by the Special Number Field Sieve

Factorization of a 1061-bit number by the Special Number Field Sieve Greg Childers California State University Fullerton Fullerton, CA 92831 August 4, 2012 Abstract I provide the details of the factorization

### Primality Testing and Factorization Methods

Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,

### Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer

### On Generalized Fermat Numbers 3 2n +1

Applied Mathematics & Information Sciences 4(3) (010), 307 313 An International Journal c 010 Dixie W Publishing Corporation, U. S. A. On Generalized Fermat Numbers 3 n +1 Amin Witno Department of Basic

### Factorization Methods: Very Quick Overview

Factorization Methods: Very Quick Overview Yuval Filmus October 17, 2012 1 Introduction In this lecture we introduce modern factorization methods. We will assume several facts from analytic number theory.

### Update # 5 to Factorizations of b n ± 1

Update # 5 to Factorizations of b n ± 1 Samuel S. Wagstaff, Jr. The following tables present the updates made to Factorizations of b n ± 1from October 23, 1982, when the first edition went to press, to

### Mathematics of Computation, Vol. 41, No. 163. (Jul., 1983), pp. 287-294.

Factoring Large Numbers with a Quadratic Sieve Joseph L. Gerver Mathematics of Computation, Vol. 41, No. 163. (Jul., 1983), pp. 287-294. Stable URL: http://links.jstor.org/sici?sici=0025-5718%28198307%2941%3a163%3c287%3aflnwaq%3e2.0.co%3b2-4

### Integer Factorization

Integer Factorization Lecture given at the Joh. Gutenberg-Universität, Mainz, July 23, 1992 by ÖYSTEIN J. RÖDSETH University of Bergen, Department of Mathematics, Allégt. 55, N-5007 Bergen, Norway 1 Introduction

### Factoring integers and Producing primes

Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 4, 2014 Factoring integers and Producing primes Francesco

### ' DEC SRC, 130 Lytton Avenue, Palo Alto, CA 94301, U.S.A

On the factorization of RSA-120 T. Denny1, B. Dodson2, A. K. Lenstra3, M. S. Manasse4 * Lehrstuhl Prof. Buchmann, Fachbereich Informatik, Universitit des Saarlandes, Postfach 1150, 66041 Saarbriicken,

### LUC: A New Public Key System

LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of

### Number Theory and Cryptography using PARI/GP

Number Theory and Cryptography using Minh Van Nguyen nguyenminh2@gmail.com 25 November 2008 This article uses to study elementary number theory and the RSA public key cryptosystem. Various commands will

### Library (versus Language) Based Parallelism in Factoring: Experiments in MPI. Dr. Michael Alexander Dr. Sonja Sewera.

Library (versus Language) Based Parallelism in Factoring: Experiments in MPI Dr. Michael Alexander Dr. Sonja Sewera Talk 2007-10-19 Slide 1 of 20 Primes Definitions Prime: A whole number n is a prime number

### Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### Factorization Algorithms for Polynomials over Finite Fields

Degree Project Factorization Algorithms for Polynomials over Finite Fields Sajid Hanif, Muhammad Imran 2011-05-03 Subject: Mathematics Level: Master Course code: 4MA11E Abstract Integer factorization is

### FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this

### Integer roots of quadratic and cubic polynomials with integer coefficients

Integer roots of quadratic and cubic polynomials with integer coefficients Konstantine Zelator Mathematics, Computer Science and Statistics 212 Ben Franklin Hall Bloomsburg University 400 East Second Street

### The Sieve Re-Imagined: Integer Factorization Methods

The Sieve Re-Imagined: Integer Factorization Methods by Jennifer Smith A research paper presented to the University of Waterloo in partial fulfillment of the requirement for the degree of Master of Mathematics

### 8 Primes and Modular Arithmetic

8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.

### Factoring N = p r q for Large r

Factoring N = p r q for Large r Dan Boneh 1,GlennDurfee 1, and Nick Howgrave-Graham 2 1 Computer Science Department, Stanford University, Stanford, CA 94305-9045 {dabo,gdurf}@cs.stanford.edu 2 Mathematical

### I. Introduction. MPRI Cours 2-12-2. Lecture IV: Integer factorization. What is the factorization of a random number? II. Smoothness testing. F.

F. Morain École polytechnique MPRI cours 2-12-2 2013-2014 3/22 F. Morain École polytechnique MPRI cours 2-12-2 2013-2014 4/22 MPRI Cours 2-12-2 I. Introduction Input: an integer N; logox F. Morain logocnrs

### Determining the Optimal Combination of Trial Division and Fermat s Factorization Method

Determining the Optimal Combination of Trial Division and Fermat s Factorization Method Joseph C. Woodson Home School P. O. Box 55005 Tulsa, OK 74155 Abstract The process of finding the prime factorization

### Homework 5 Solutions

Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

### Two Integer Factorization Methods

Two Integer Factorization Methods Christopher Koch April 22, 2014 Abstract Integer factorization methods are algorithms that find the prime divisors of any positive integer. Besides studying trial division

### FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z

FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z DANIEL BIRMAJER, JUAN B GIL, AND MICHAEL WEINER Abstract We consider polynomials with integer coefficients and discuss their factorization

### Two Binary Algorithms for Calculating the Jacobi Symbol and a Fast Systolic Implementation in Hardware

Two Binary Algorithms for Calculating the Jacobi Symbol and a Fast Systolic Implementation in Hardware George Purdy, Carla Purdy, and Kiran Vedantam ECECS Department, University of Cincinnati, Cincinnati,

### SHARK A Realizable Special Hardware Sieving Device for Factoring 1024-bit Integers

SHARK A Realizable Special Hardware Sieving Device for Factoring 1024-bit Integers Jens Franke 1, Thorsten Kleinjung 1, Christof Paar 2, Jan Pelzl 2, Christine Priplata 3, Colin Stahlke 3 1 University

### Mathematics of Cryptography

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

### The Mixed Binary Euclid Algorithm

Electronic Notes in Discrete Mathematics 35 (009) 169 176 www.elsevier.com/locate/endm The Mixed Binary Euclid Algorithm Sidi Mohamed Sedjelmaci LIPN CNRS UMR 7030 Université Paris-Nord Av. J.-B. Clément,

### 2 Primality and Compositeness Tests

Int. J. Contemp. Math. Sciences, Vol. 3, 2008, no. 33, 1635-1642 On Factoring R. A. Mollin Department of Mathematics and Statistics University of Calgary, Calgary, Alberta, Canada, T2N 1N4 http://www.math.ucalgary.ca/

### RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Smooth numbers and the quadratic sieve

Algorithmic Number Theory MSRI Publications Volume 44, 2008 Smooth numbers and the quadratic sieve CARL POMERANCE ABSTRACT. This article gives a gentle introduction to factoring large integers via the

### A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Factoring & Primality

Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

### Factoring a semiprime n by estimating φ(n)

Factoring a semiprime n by estimating φ(n) Kyle Kloster May 7, 2010 Abstract A factoring algorithm, called the Phi-Finder algorithm, is presented that factors a product of two primes, n = pq, by determining

### Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

### An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method

An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method Jens Franke 1, Thorsten Kleinjung 1, Christof Paar 2, Jan Pelzl 2, Christine Priplata 3, Martin Šimka4, Colin Stahlke

### Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Index Calculation Attacks on RSA Signature and Encryption

Index Calculation Attacks on RSA Signature and Encryption Jean-Sébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jean-sebastien.coron,david.naccache}@gemplus.com

### Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

### USING LUCAS SEQUENCES TO FACTOR LARGE INTEGERS NEAR GROUP ORDERS

USING LUCAS SEQUENCES TO FACTOR LARGE INTEGERS NEAR GROUP ORDERS Zhenxiang Zhang* Dept. of Math., Anhui Normal University, 241000 Wuhu, Anhui, P.R. China e-mail: zhangzhx@mail.ahwhptt.net.cn (Submitted

### Computing Cubic Fields in Quasi-Linear Time

Computing Cubic Fields in Quasi-Linear Time K. Belabas Département de mathématiques (A2X) Université Bordeaux I 351, cours de la Libération, 33405 Talence (France) belabas@math.u-bordeaux.fr Cubic fields

### Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

### Solution of Linear Systems

Chapter 3 Solution of Linear Systems In this chapter we study algorithms for possibly the most commonly occurring problem in scientific computing, the solution of linear systems of equations. We start

### NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

### Integer Factorization: Solution via Algorithm for Constrained Discrete Logarithm Problem

Journal of Computer Science 5 (9): 674-679, 009 ISSN 1549-3636 009 Science Publications Integer Factorization: Solution via Algorithm for Constrained Discrete Logarithm Problem Boris S. Verkhovsky Department

### STUDY ON ELLIPTIC AND HYPERELLIPTIC CURVE METHODS FOR INTEGER FACTORIZATION. Takayuki Yato. A Senior Thesis. Submitted to

STUDY ON ELLIPTIC AND HYPERELLIPTIC CURVE METHODS FOR INTEGER FACTORIZATION by Takayuki Yato A Senior Thesis Submitted to Department of Information Science Faculty of Science The University of Tokyo on

### FACTORING WITH TWO LARGE PRIMES

mathematics of computation volume 63, number 208 october 1994, pages 785-798 FACTORING WITH TWO LARGE PRIMES A. K. LENSTRA AND M. S. MANASSE Abstract. We describe a modification to the well-known large

### FACTORING. n = 2 25 + 1. fall in the arithmetic sequence

FACTORING The claim that factorization is harder than primality testing (or primality certification) is not currently substantiated rigorously. As some sort of backward evidence that factoring is hard,

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### Factorization of a 512 bit RSA Modulus

Factorization of a 512 bit RSA Modulus Stefania Cavallar 3, Bruce Dodson 8, Arjen K. Lenstra 1, Walter Lioen 3, Peter L. Montgomery 10, Brian Murphy 2, Herman te Riele 3, Karen Aardal 13, Jeff Gilchrist

### Factoring Report. MEC Consulting (communicated via RSA Security) Dr.Preda Mihailescu

Factoring Report 2001 12 4 MEC Consulting (communicated via RSA Security) Dr.Preda Mihailescu Factoring Report Dr. Preda Mihailescu MEC Consulting Seestr. 78, 8700 Erlenbach Zürich Email: preda@upb.de

### Faster deterministic integer factorisation

David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers

### = 2 + 1 2 2 = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Instructions. Answer each of the questions on your own paper, and be sure to show your work so that partial credit can be adequately assessed. Credit will not be given for answers (even correct ones) without

### JUST THE MATHS UNIT NUMBER 1.8. ALGEBRA 8 (Polynomials) A.J.Hobson

JUST THE MATHS UNIT NUMBER 1.8 ALGEBRA 8 (Polynomials) by A.J.Hobson 1.8.1 The factor theorem 1.8.2 Application to quadratic and cubic expressions 1.8.3 Cubic equations 1.8.4 Long division of polynomials

### HYPERELLIPTIC CURVE METHOD FOR FACTORING INTEGERS. 1. Thoery and Algorithm

HYPERELLIPTIC CURVE METHOD FOR FACTORING INTEGERS WENHAN WANG 1. Thoery and Algorithm The idea of the method using hyperelliptic curves to factor integers is similar to the elliptic curve factoring method.

### The van Hoeij Algorithm for Factoring Polynomials

The van Hoeij Algorithm for Factoring Polynomials Jürgen Klüners Abstract In this survey we report about a new algorithm for factoring polynomials due to Mark van Hoeij. The main idea is that the combinatorial

### it is easy to see that α = a

21. Polynomial rings Let us now turn out attention to determining the prime elements of a polynomial ring, where the coefficient ring is a field. We already know that such a polynomial ring is a UF. Therefore

### Public-Key Cryptanalysis 1: Introduction and Factoring

Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto

### (v) The residue list sieve algorithm of Coppersmith, Odlyzko and Schroeppel 1 ]; (1) L(N) exp { (1 + o(1))x/ln N In In N}

SIAM J. COMPUT. Vol. 17, No. 2, April 1988 (C) 1988 Society for Industrial and Applied Mathematics 012 A PIPELINE ARCHITECTURE FOR FACTORING LARGE INTEGERS WITH THE QUADRATIC SIEVE ALGORITHM* CARL POMERANCE?,

### CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

January 10, 2010 CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY The set of polynomials over a field F is a ring, whose structure shares with the ring of integers many characteristics.

### ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 553-50100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,

### Modern Factoring Algorithms

Modern Factoring Algorithms Kostas Bimpikis and Ragesh Jaiswal University of California, San Diego... both Gauss and lesser mathematicians may be justified in rejoicing that there is one science [number

### CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a

### PROPERTIES OF ELLIPTIC CURVES AND THEIR USE IN FACTORING LARGE NUMBERS

PROPERTIES OF ELLIPTIC CURVES AND THEIR USE IN FACTORING LARGE NUMBERS A ver important set of curves which has received considerabl attention in recent ears in connection with the factoring of large numbers

### http://wrap.warwick.ac.uk/

Original citation: Hart, William B.. (2012) A one line factoring algorithm. Journal of the Australian Mathematical Society, Volume 92 (Number 1). pp. 61-69. ISSN 1446-7887 Permanent WRAP url: http://wrap.warwick.ac.uk/54707/

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### (x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

### The Quadratic Sieve - introduction to theory with regard to implementation issues. RNDr. Marian Kechlibar, Ph.D.

The Quadratic Sieve - introduction to theory with regard to implementation issues RNDr. Marian Kechlibar, Ph.D. April 15, 2005 Contents I The Quadratic Sieve 3 1 Introduction 4 1.1 The Quadratic Sieve

### CSE373: Data Structures and Algorithms Lecture 3: Math Review; Algorithm Analysis. Linda Shapiro Winter 2015

CSE373: Data Structures and Algorithms Lecture 3: Math Review; Algorithm Analysis Linda Shapiro Today Registration should be done. Homework 1 due 11:59 pm next Wednesday, January 14 Review math essential

### SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

### 1.7 Graphs of Functions

64 Relations and Functions 1.7 Graphs of Functions In Section 1.4 we defined a function as a special type of relation; one in which each x-coordinate was matched with only one y-coordinate. We spent most

### PRIME FACTORS OF CONSECUTIVE INTEGERS

PRIME FACTORS OF CONSECUTIVE INTEGERS MARK BAUER AND MICHAEL A. BENNETT Abstract. This note contains a new algorithm for computing a function f(k) introduced by Erdős to measure the minimal gap size in

### ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING

ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING Sonam Mahajan 1 and Maninder Singh 2 1 Department of Computer Science Engineering, Thapar University, Patiala, India 2 Department of Computer Science Engineering,

### Algorithms and Data Structures

Algorithm Analysis Page 1 BFH-TI: Softwareschule Schweiz Algorithm Analysis Dr. CAS SD01 Algorithm Analysis Page 2 Outline Course and Textbook Overview Analysis of Algorithm Pseudo-Code and Primitive Operations

### Lecture 13: Factoring Integers

CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### CONTINUED FRACTIONS AND FACTORING. Niels Lauritzen

CONTINUED FRACTIONS AND FACTORING Niels Lauritzen ii NIELS LAURITZEN DEPARTMENT OF MATHEMATICAL SCIENCES UNIVERSITY OF AARHUS, DENMARK EMAIL: niels@imf.au.dk URL: http://home.imf.au.dk/niels/ Contents

### Integer factorization is in P

Integer factorization is in P Yuly Shipilevsky Toronto, Ontario, Canada E-mail address: yulysh2000@yahoo.ca Abstract A polynomial-time algorithm for integer factorization, wherein integer factorization