Early History of the Number Field Sieve Retirement Workshop for - - PowerPoint PPT Presentation

early history of the
SMART_READER_LITE
LIVE PREVIEW

Early History of the Number Field Sieve Retirement Workshop for - - PowerPoint PPT Presentation

Mar 18, 2024 180 likes •353 views

Early History of the Number Field Sieve Retirement Workshop for Herman te Riele Peter L. Montgomery Dec 1, 2011 Early NFS history 1 Early History of the Number Field Sieve Retirement Workshop for Herman te Riele Peter L. Montgomery

slide-1
SLIDE 1

Early History of the Number Field Sieve Retirement Workshop for Herman te Riele Peter L. Montgomery

Dec 1, 2011 Early NFS history 1

slide-2
SLIDE 2

Early History of the Number Field Sieve Retirement Workshop for Herman te Riele Peter L. Montgomery

Dec 1, 2011 Early NFS history 2

slide-3
SLIDE 3

The development of the number field sieve (1993)

  • Pollard factors F7 = 2128 + 1 = (x3 + 2)/2

working in Q(z) , where z3 = −2 and x =243. Homomorphism φ sends z to x (mod F7). Find many (a, b) s.t. a + bx and a + bz smooth.

  • Q(z) is a UFD.
  • Factor both sides of φ(a + bz)  a + bx
  • Multiply to get rational squares on both sides.
  • Take square roots, as in MPQS.
  • New method (NFS) factors 148-digit cofactor
  • f 2512 + 1 in 1990.

Dec 1, 2011 3 Early NFS history

slide-4
SLIDE 4

Worldwide Acclaim

  • Quadratic Sieve record had been

about 100 digits.

  • Would generalize to re ± s

(Cunningham table) if some algorithmic hurdles cleared.

Dec 1, 2011 4 Early NFS history

slide-5
SLIDE 5

I join Oregon State (OSU)

Summer 1992 to Summer 1993

  • Teach one course/term. Research NFS.
  • Start of last year of 3-year NSF grant
  • Renewal application due October
  • My contract won’t be extended

unless grant is renewed.

Dec 1, 2011 5 Early NFS history

slide-6
SLIDE 6

Oregon colleagues

  • Joe Buhler (Reed College)

(General NFS, Block Wiedemann) Robby Robson (OSU, project manager) Russell Ruby (OSU, system administrator)

Dec 1, 2011 6 Early NFS history

slide-7
SLIDE 7

Restatement

  • Want to factor n= (2512 + 1)/2424833.
  • Let m = 2103. This is a root of f1(X) = X−m and

f2(X) = X5+8 (mod n).

  • Let αi be a complex root of fi.
  • Homomorphisms φi map Q(αi) to Z/nZ with

φ i(αi )= m (mod n).

  • Find sets of (aj, bj) pairs (same j’s for both i)

such that both productj (aj – bj αi) are squares. Take sqrt and apply both φi.

Dec 1, 2011 7 Early NFS history

slide-8
SLIDE 8

How to take square roots?

  • If we aim for zero algebraic exponents
  • UFD required
  • Linear algebra over Z, not F2
  • Otherwise
  • Couveignes method (CRT based)
  • Odd-degree extension
  • Possibly huge coefficients

Dec 1, 2011 8 Early NFS history

slide-9
SLIDE 9

New (1992) square root algorithm

  • Intermediate form A*sqrt(B) in Q(α)
  • Principal ideal (B) factored into prime ideals
  • B known at complex embed. and CRT primes
  • Output A partially factored
  • Principal ideal (P) shares factors with (B)
  • Replace output by (A*P) * sqrt(B/P^2)
  • Until B has small coefficients
  • Took two years to implement (w/ PARI)

Dec 1, 2011 9 Early NFS history

slide-10
SLIDE 10

Siever enhancements 1992-1993

  • Original acquired by Russ from Arjen
  • Upgrade supports
  • 2+ polynomials, degree  1, common root

(at least two norms must be smooth).

  • Allow up to two large primes per norm.
  • Special Fibonacci and cyclotomic forms
  • But not lattice sieving – academic tasks

at OSU kept me busy.

Dec 1, 2011 10 Early NFS history

slide-11
SLIDE 11

Sharing the work

  • Sieved many numbers with UFD
  • Sent OSU siever outputs to

Robert Silverman or other third parties

  • Continued past grant non-renewal

Dec 1, 2011 11 Early NFS history

slide-12
SLIDE 12

Move to CWI (start Oct 1993)

  • Henk Boender
  • Stefania Cavallar
  • Willemien Ekelkamp
  • Marije (Elkenbracht-)Huizing
  • Alexander Kruppa
  • Walter Lioen
  • Herman te Riele
  • Rob Tijdeman
  • Andrey Timofeev
  • Dik Winter

Dec 1, 2011 12 Early NFS history

slide-13
SLIDE 13

Between OSU and CWI

  • Spoke on sieving with two quadratic

polynomials , and on 1992 sqrt algorithm,

  • at Univ BC conferences August 1993.
  • Herman was there – hired me.
  • OSU source files passed on to CWI.

Dec 1, 2011 13 Early NFS history

slide-14
SLIDE 14

Two major hurdles

  • 1992 square root implemented April 1994
  • None of us had implemented Coppersmith’s

Block Wiedemann

  • Memory considerations limited Gaussian

elimination to 40K

  • Working from invariants,

I discover Block Lanczos

  • Iterative algorithm

Dec 1, 2011 14 Early NFS history

slide-15
SLIDE 15

Two Spring 94 CWI records

  • SNFS 12,151− C162
  • GNFS 3,367− C105
  • Both sieved at OSU a year earlier
  • 3,367− was first (only?) Cunningham

factorization using two quadratics

  • Linear algebra on CRAY at nearby SARA

Dec 1, 2011 15 Early NFS history

slide-16
SLIDE 16

Later

  • Marije article in Exper. Math.
  • Peter article in CWI Quarterly
  • Stefania presented at ANTS
  • Parallel linear algebra
  • Improved GNFS polynomial selection

– Cabal team sieves RSA140 over holidays

  • Allow large primes over 32 bits

Dec 1, 2011 16 Early NFS history