An optimal sorting algorithm for mesh connected computers
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Solving sparse linear equations over finite fields
IEEE Transactions on Information Theory
Handbook of theoretical computer science (vol. A)
Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm
Mathematics of Computation
2d-bubblesorting in average time O(√N lg N)*
SPAA '94 Proceedings of the sixth annual ACM symposium on Parallel algorithms and architectures
Factoring integers using SIMD sieves
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
ISSAC '97 Proceedings of the 1997 international symposium on Symbolic and algebraic computation
Packet routing in fixed-connection networks: a survey
Journal of Parallel and Distributed Computing
Unbelievable Security. Matching AES Security Using Public Key Systems
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Full Cost of Cryptanalytic Attacks
Journal of Cryptology
A block Lanczos algorithm for finding dependencies over GF(2)
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Factorization of a 512-bit RSA modulus
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Special-Purpose Hardware in Cryptanalysis: The Case of 1,024-Bit RSA
IEEE Security and Privacy
Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-Bit
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
PET SNAKE: a special purpose architecture to implement an algebraic attack in hardware
Transactions on computational science X
Scalable hardware for sparse systems of linear equations, with applications to integer factorization
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
A simpler sieving device: combining ECM and TWIRL
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Analysis on the clockwise transposition routing for dedicated factoring devices
WISA'05 Proceedings of the 6th international conference on Information Security Applications
| Hi-index | 0.00 |
In [1], Bernstein proposed a circuit-based implementation of the matrix step of the number field sieve factorization algorithm. These circuits offer an asymptotic cost reduction under the measure "construction cost 脳 run time". We evaluate the cost of these circuits, in agreement with [1], but argue that compared to previously known methods these circuits can factor integers that are 1.17 times larger, rather than 3.01 as claimed (and even this, only under the non-standard cost measure). We also propose an improved circuit design based on a new mesh routing algorithm, and show that for factorization of 1024-bit integers the matrix step can, under an optimistic assumption about the matrix size, be completed within a day by a device that costs a few thousand dollars. We conclude that from a practical standpoint, the security of RSA relies exclusively on the hardness of the relation collection step of the number field sieve.