Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm
Mathematics of Computation
ISSAC '97 Proceedings of the 1997 international symposium on Symbolic and algebraic computation
Analysis of Bernstein's Factorization Circuit
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Factoring Large Numbers with the Twinkle Device (Extended Abstract)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Improved Routing-Based Linear Algebra for the Number Field Sieve
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
Factorization of a 512-bit RSA modulus
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Analysis and optimization of the TWINKLE factoring device
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Special-Purpose Hardware in Cryptanalysis: The Case of 1,024-Bit RSA
IEEE Security and Privacy
Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-Bit
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Practical Broadcast Authentication Using Short-Lived Signatures in WSNs
Information Security Applications
PET SNAKE: a special purpose architecture to implement an algebraic attack in hardware
Transactions on computational science X
A simpler sieving device: combining ECM and TWIRL
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
Motivated by the goal of factoring large integers using the Number Field Sieve, several special-purpose hardware designs have been recently proposed for solving large sparse systems of linear equations over finite fields using Wiedemann's algorithm. However, in the context of factoring large (1024-bit) integers, these proposals were marginally practical due to the complexity of a wafer-scale design, or alternatively the difficulty of connecting smaller chips by a huge number of extremely fast interconnects. In this paper we suggest a new special-purpose hardware device for the (block) Wiedemann algorithm, based on a pipelined systolic architecture reminiscent of the TWIRL device. The new architecture offers simpler chip layout and interconnections, improved efficiency, reduced cost, easy testability and greater flexibility in using the same hardware to solve sparse problems of widely varying sizes and densities. Our analysis indicates that standard fab technologies can be used in practice to carry out the linear algebra step of factoring 1024-bit RSA keys. As part of our design but also of independent interest, we describe a new error-detection scheme adaptable to any implementation of Wiedemann's algorithm. The new scheme can be used to detect computational errors with probability arbitrarily close to 1 and at negligible cost.