integer factorization exercise for the reader a progress
play

Integer factorization: Exercise for the reader: a progress report - PowerPoint PPT Presentation

Jan 21, 2024 •43 likes •593 views

Integer factorization: Exercise for the reader: a progress report Find a nontrivial factor of 6366223796340423057152171586. D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS0140542 Alfred P. Sloan Foundation rization:

  1. Integer factorization: Exercise for the reader: a progress report Find a nontrivial factor of 6366223796340423057152171586. D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS–0140542 Alfred P. Sloan Foundation

  2. rization: Exercise for the reader: Exercise for the reader: rt Find a nontrivial factor of Find a nontrivial facto 6366223796340423057152171586. 6366223796340423057152171586. Small prime factors are easy to find. Illinois at Chicago DMS–0140542 Larger primes are ha Foundation “Elliptic-curve metho scales surprisingly (1987 Lenstra) ECM has found a p (2005 Dodson; rather � 10 12 Opteron 3 www.loria.fr/~zimmerma/records

  3. Exercise for the reader: Exercise for the reader: Find a nontrivial factor of Find a nontrivial factor of 6366223796340423057152171586. 6366223796340423057152171586. Small prime factors are easy to find. Larger primes are harder. “Elliptic-curve method” (ECM) scales surprisingly well. (1987 Lenstra) 2 219 . ECM has found a prime (2005 Dodson; rather lucky; � 10 12 Opteron cycles) 3 www.loria.fr/~zimmerma/records/p66

  4. � reader: Exercise for the reader: For worst-case integers nontrivial factor of Find a nontrivial factor of two very large prime 6366223796340423057152171586. 6366223796340423057152171586. ECM does not scale “number-field sieve” Small prime factors (1988 Pollard, et al.) are easy to find. Latest record: NFS Larger primes are harder. two prime factors “Elliptic-curve method” (ECM) of “RSA-200” challenge. scales surprisingly well. Bahr Boehm Frank � 10 18 Opteron (1987 Lenstra) 5 2 219 . ECM has found a prime How much more difficult (2005 Dodson; rather lucky; is it to find prime facto � 10 12 Opteron cycles) 3 of an integer 2 www.loria.fr/~zimmerma/records/p66 www.loria.fr/~zimmerma/records

  5. � Exercise for the reader: For worst-case integers with Find a nontrivial factor of two very large prime factors, 6366223796340423057152171586. ECM does not scale as well as “number-field sieve” (NFS). Small prime factors (1988 Pollard, et al.) are easy to find. Latest record: NFS has found Larger primes are harder. 2 332 two prime factors “Elliptic-curve method” (ECM) of “RSA-200” challenge. (2005 scales surprisingly well. Bahr Boehm Franke Kleinjung; � 10 18 Opteron cycles) (1987 Lenstra) 5 2 219 . ECM has found a prime How much more difficult 2 512 (2005 Dodson; rather lucky; is it to find prime factors � 10 12 Opteron cycles) 3 2 1024 ? of an integer www.loria.fr/~zimmerma/records/p66 www.loria.fr/~zimmerma/records/rsa200

  6. � � � ✁ � � � ✁ ✁ ✂ ✂ ✂ ✁ � � � ✄ � ✁ ✄ ☎ ✄ � � � � � ✄ ☎ ✄ � � � reader: For worst-case integers with NFS step 1: find attractive nontrivial factor of two very large prime factors, NFS tries to factor 6366223796340423057152171586. ECM does not scale as well as inspecting values of “number-field sieve” (NFS). factors Select integer (1988 Pollard, et al.) find integers 5 4 Latest record: NFS has found 5 + re harder. with = 5 2 332 two prime factors for various integers method” (ECM) of “RSA-200” challenge. (2005 ✄ 5 + 4 ( )( 5 risingly well. Bahr Boehm Franke Kleinjung; � 10 18 Opteron cycles) Practically every choice 5 will succeed in facto 2 219 . a prime How much more difficult Better speed from 2 512 rather lucky; is it to find prime factors ✄ 5 + 4 ( )( 5 Opteron cycles) 2 1024 ? of an integer www.loria.fr/~zimmerma/records/p66 www.loria.fr/~zimmerma/records/rsa200

  7. ✂ � ✁ ✁ ✂ ✂ � ✁ � � ✄ � ✁ ✄ ☎ � � ✄ ☎ � � ✁ For worst-case integers with NFS step 1: find attractive ’s two very large prime factors, NFS tries to factor by ECM does not scale as well as inspecting values of a polynomial. “number-field sieve” (NFS). � 6 � 5 ]; � 1 � 1 Select integer [ (1988 Pollard, et al.) find integers 5 4 0 Latest record: NFS has found 5 + 4 + � + with = 0 ; 5 4 2 332 two prime factors for various integers inspect of “RSA-200” challenge. (2005 ✄ 5 + 4 ✄ 4 + � + 0 5 ). ( )( 5 Bahr Boehm Franke Kleinjung; � 10 18 Opteron cycles) Practically every choice of 5 � . will succeed in factoring How much more difficult Better speed from smaller values 2 512 is it to find prime factors ✄ 5 + 4 ✄ 4 + � + 0 5 ). ( )( 5 2 1024 ? of an integer www.loria.fr/~zimmerma/records/rsa200

  8. ✄ ☎ ✂ ✂ ✂ ✁ � � � ✄ ✁ ☎ � � ✄ � ✁ � � � ✄ ☎ � � � ✄ ✁ ✄ ☎ ✄ ✁ ✄ � ✁ � � integers with NFS step 1: find attractive ’s e.g. = 314159265358979323: rime factors, Can choose = 1000, NFS tries to factor by scale as well as 5 = 314, 4 = 159, inspecting values of a polynomial. sieve” (NFS). 2 = 358, 1 = 979, � 6 � 5 ]; � 1 � 1 Select integer [ et al.) NFS succeeds in facto find integers 5 4 0 NFS has found by inspecting values 5 + 4 + � + with = 0 ; 5 4 2 332 ✄ 5 rs ( 1000 )(314 for various integers inspect challenge. (2005 for various integer ✄ 5 + 4 ✄ 4 + � + 0 5 ). ( )( 5 ranke Kleinjung; But NFS succeeds Practically every choice of Opteron cycles) using = 1370, insp � . will succeed in factoring ✄ 5 + difficult ( 1370 )(65 Better speed from smaller values ✄ 3 2 + 377 ✄ 2 3 + 2 512 rime factors 38 ✄ 5 + 4 ✄ 4 + � + 0 5 ). ( )( 5 2 1024 ? www.loria.fr/~zimmerma/records/rsa200

  9. � � � ✄ ✄ ☎ ✄ � � � ✄ � ☎ ✄ ✄ ☎ ☎ ✄ � � � � ✁ ✁ ✂ ✁ � ✁ ✂ ✂ ✁ NFS step 1: find attractive ’s e.g. = 314159265358979323: Can choose = 1000, NFS tries to factor by 5 = 314, 4 = 159, 3 = 265, inspecting values of a polynomial. 2 = 358, 1 = 979, 0 = 323. � 6 � 5 ]; � 1 � 1 Select integer [ NFS succeeds in factoring find integers 5 4 0 by inspecting values 5 + 4 + � + with = 0 ; 5 4 ✄ 5 + � + 323 5 ) ( 1000 )(314 for various integers inspect ✁ ). for various integer pairs ( ✄ 5 + 4 ✄ 4 + � + 0 5 ). ( )( 5 But NFS succeeds more quickly Practically every choice of using = 1370, inspecting � . will succeed in factoring ✄ 5 + 130 ✄ 4 + ( 1370 )(65 Better speed from smaller values ✄ 3 2 + 377 ✄ 2 3 + 127 4 + 33 5 ). 38 ✄ 5 + 4 ✄ 4 + � + 0 5 ). ( )( 5

  10. ✄ � ✂ ☎ ✄ ✂ � � ✂ � � ✂ � ✄ ☎ ✄ � � � ✁ ✂ ☎ � ✄ � � ✁ ✂ ✄ ☎ ✁ ✄ � � � ✂ ✂ ✄ ✂ � ✁ � � � ✁ ✂ ✂ ✂ ✁ ✁ ✁ ✁ � ✄ ✁ ✁ ✄ ☎ ✄ ✂ ✂ � � attractive ’s e.g. = 314159265358979323: NFS step 1: Consider, 2 45 possible choices Can choose = 1000, factor by 5 = 314, 4 = 159, 3 = 265, Quickly identify, e.g., values of a polynomial. 2 25 attractive candidates. 2 = 358, 1 = 979, 0 = 323. � 6 � 5 ]; � 1 � 1 [ NFS succeeds in factoring Will choose one 4 0 by inspecting values 4 + � + + 0 ; If and 4 ✄ 5 + � + 323 5 ) ( 1000 )(314 ✄ 5 + ✂ ( integers inspect )( 5 ✁ ). for various integer pairs ( ✄ 4 + 6 where � + 0 5 ). ( ) 4 ✁ 1 + )( 5 But NFS succeeds more quickly ( 5 choice of using = 1370, inspecting � . factoring Attractive : small ✄ 5 + 130 ✄ 4 + ( 1370 )(65 from smaller values (1999 Murphy) ✄ 3 2 + 377 ✄ 2 3 + 127 4 + 33 5 ). 38 ✄ 4 + � + 0 5 ). 4

  11. � ✂ ✄ � ☎ ✄ � � ✂ ✄ ☎ ✄ � � � � ✂ ✄ � ✁ ✁ ✂ ✂ ✂ � ✂ ☎ ✂ ✂ � ✁ ✁ ✄ � e.g. = 314159265358979323: NFS step 1: Consider, e.g., 2 45 possible choices of Can choose = 1000, . 5 = 314, 4 = 159, 3 = 265, Quickly identify, e.g., 2 25 attractive candidates. 2 = 358, 1 = 979, 0 = 323. NFS succeeds in factoring Will choose one in step 2. by inspecting values ✁ 1 If and then ✄ 5 + � + 323 5 ) ( 1000 )(314 ✄ 5 + ✂ ( � + 0 5 ) )( 5 ✁ ). for various integer pairs ( 6 where ( ) ( ) = � + ✂ + ✂ ). ✁ 1 + )( 5 ✁ 5 But NFS succeeds more quickly ( 5 0 using = 1370, inspecting Attractive : small ( ). ✄ 5 + 130 ✄ 4 + ( 1370 )(65 (1999 Murphy) ✄ 3 2 + 377 ✄ 2 3 + 127 4 + 33 5 ). 38

  12. � ✁ � � ✂ ✄ ☎ � � ✂ ✂ ✁ ✁ ✁ ✂ � ✂ ✁ ✂ � � � ✂ ✂ � ✂ ✁ � � ✄ � ✁ ✄ � ✄ ☎ � � ✄ ✄ ☎ ✄ � ✄ � � 314159265358979323: NFS step 1: Consider, e.g., Choosing one typical 2 45 possible choices of ✁ 1) 1000, . produces ( 159, 3 = 265, Quickly identify, e.g., Question: How much 2 25 attractive candidates. 979, 0 = 323. need to save factor factoring Will choose one in step 2. with ( ) values ✁ 1 If and then This has as much impact ✄ 5 + � + 323 5 ) ✄ 5 + ✂ ( � + 0 5 ) )( 5 chopping 3 lg ✁ ). integer pairs ( 6 where ( ) ( ) = Searching for good � + ✂ + ✂ ). ✁ 1 + )( 5 ✁ 5 succeeds more quickly ( 5 0 takes noticeable fraction 1370, inspecting Attractive : small ( ). total time of optimized ✄ 5 + 130 ✄ 4 + (1999 Murphy) (If not, consider mo 3 + 127 4 + 33 5 ). End up with rather

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Circuits for integer factorization D. J. Bernstein University of Illinois at Chicago Exercise

Circuits for integer factorization D. J. Bernstein University of Illinois at Chicago Exercise

Circuits for integer factorization D. J. Bernstein University of Illinois at Chicago Exercise for the reader: Find a nontrivial factor of 6366223796340423057152171586. Exercise for the reader: Find a nontrivial factor of

586 views • 42 slides
Integer Factorization Methods Modular Arithmetic Trial division, Pollards p 1 , Division

Integer Factorization Methods Modular Arithmetic Trial division, Pollards p 1 , Division

Integer Factorization Methods Integer 2014-04-11 Integer Factorization Methods Factorization Trial division, Pollards p 1 , Pollards , and Fermats method Methods Christopher Koch 1 C. Koch 1 Department of Computer Science and

681 views • 33 slides
Random problems at the core of integer factorization algorithms Pierrick Gaudry Caramba

Random problems at the core of integer factorization algorithms Pierrick Gaudry Caramba

Random problems at the core of integer factorization algorithms Pierrick Gaudry Caramba LORIA, Nancy CNRS, Universit de Lorraine, Inria Journes ALEA, March 2016 1/31 Plan Introduction: crypto context Integer factorization 101 How

462 views • 33 slides
Integer Factorization Methods Modular Trial division, Pollards p 1 , Arithmetic Division

Integer Factorization Methods Modular Trial division, Pollards p 1 , Arithmetic Division

Integer Factorization Methods C. Koch Overview Integer Factorization Methods Modular Trial division, Pollards p 1 , Arithmetic Division Algorithm and Congruence Pollards , and Fermats method Residue classes mod n Integers

505 views • 33 slides
Accelerated Reader What is Accelerated Reader? Accelerated Reader is the number one software

Accelerated Reader What is Accelerated Reader? Accelerated Reader is the number one software

Camerado Springs Middle School A closer look at Accelerated Reader What is Accelerated Reader? Accelerated Reader is the number one software program (or tool) that helps manage reading practice, monitor daily progress, and plan instruction. The

484 views • 13 slides
260 Chapter 21 Exercise 21.3 Consider a parallel DBMS in which each relation is stored by

260 Chapter 21 Exercise 21.3 Consider a parallel DBMS in which each relation is stored by

260 Chapter 21 Exercise 21.3 Consider a parallel DBMS in which each relation is stored by horizontally partitioning its tuples across all disks. Employees( eid: integer , did: integer , sal: real ) Departments( did: integer , mgrid: integer ,

298 views • 10 slides
Challenges in quantum algorithms for integer factorization D. J. Bernstein University of

Challenges in quantum algorithms for integer factorization D. J. Bernstein University of

1 Challenges in quantum algorithms for integer factorization D. J. Bernstein University of Illinois at Chicago Prelude: What is the fastest algorithm to sort an array? def blindsort(x): while not issorted(x): permuterandomly(x) 2 def

713 views • 50 slides
Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois

Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois

Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS0140542 Alfred P. Sloan Foundation I want to work for NSA as an independent

706 views • 49 slides
and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein

and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein

and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein 2 2 613 3 3 614 2 4 2 2 615 3 5 Thanks to: 5 5 616 2 2 2 7 6 2 3 617 University of Illinois at Chicago 7 7 618 2 3 8 2 2 2

411 views • 29 slides
Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la

Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la

Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la factorisation dentiers et le calcul de logarithme discret Cyril Bouvier CARAMEL project-team, LORIA Universit de Lorraine / CNRS / Inria

470 views • 42 slides
Isolating critical cases for reciprocals using integer factorization John Harrison Intel

Isolating critical cases for reciprocals using integer factorization John Harrison Intel

Isolating critical cases for reciprocals using integer factorization John Harrison Intel Corporation ARITH-16 Santiago de Compostela 17th June 2003 0 Background result before the final rounding Suppose we are interested in a floating-point

343 views • 19 slides
Integer factorization and discrete logarithm problems Pierrick Gaudry Caramel LORIA CNRS,

Integer factorization and discrete logarithm problems Pierrick Gaudry Caramel LORIA CNRS,

Integer factorization and discrete logarithm problems Pierrick Gaudry Caramel LORIA CNRS, Universit de Lorraine, Inria JNCF CIRM November 2014 1/81 Plan Presentation of the problems Cryptographic background Primality,

919 views • 88 slides
Nonunique Factorization in the Ring of Integer-Valued Polynomials Paul Baginski Fairfield

Nonunique Factorization in the Ring of Integer-Valued Polynomials Paul Baginski Fairfield

Nonunique Factorization in the Ring of Integer-Valued Polynomials Paul Baginski Fairfield University March 22, 2019 Paul Baginski Fairfield University Nonunique Factorization in the Ring of Integer-Valued Polynomials 2016 Fairfield

334 views • 30 slides
LU Factorization Marco Chiarandini Department of Mathematics & Computer Science University

LU Factorization Marco Chiarandini Department of Mathematics & Computer Science University

DM559 Linear and Integer Programming LU Factorization Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [ Based on slides by Lieven Vandenberghe, UCLA ] Operation Count LU Factorization Outline

524 views • 38 slides
LU Factorization Marco Chiarandini Department of Mathematics & Computer Science University

LU Factorization Marco Chiarandini Department of Mathematics & Computer Science University

DM559 Linear and Integer Programming LU Factorization Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [ Based on slides by Lieven Vandenberghe, UCLA ] Operation Count LU Factorization Outline

935 views • 34 slides
Integer factoring and compositeness witnesses Jacek Pomykaa & Maciej Radziejewski June 26,

Integer factoring and compositeness witnesses Jacek Pomykaa & Maciej Radziejewski June 26,

Integer factoring and compositeness witnesses Jacek Pomykaa & Maciej Radziejewski June 26, 2019 Integer factoring and compositeness witnesses 1 Objective: Factorization of a large integer n Oracles Techniques How many hard numbers are

514 views • 22 slides
Sound and Complete Flow Typing with Unions, Intersections and Negations David J. Pearce School

Sound and Complete Flow Typing with Unions, Intersections and Negations David J. Pearce School

Sound and Complete Flow Typing with Unions, Intersections and Negations David J. Pearce School of Engineering and Computer Science Victoria University of Wellington What is Flow Typing? Defining characteristic : ability to retype variables JVM

534 views • 18 slides
Cryptographic software engineering, part 2 Daniel J. Bernstein Previous part: General

Cryptographic software engineering, part 2 Daniel J. Bernstein Previous part: General

1 Cryptographic software engineering, part 2 Daniel J. Bernstein Previous part: General software engineering. Using const-time instructions. 2 Software optimization Almost all software is much slower than it could be. 2 Software

1.03k views • 100 slides
p| QED AlbertRMeyer March5,2012 lec5M. 11 AlbertRMeyer March5,2012 lec5M. 12 3

p| QED AlbertRMeyer March5,2012 lec5M. 11 AlbertRMeyer March5,2012 lec5M. 12 3

FundamentalThm.ofArithmetic Everyinteger > 1 Prime factorsuniquelyintoa weaklydecreasing Factorization sequenceofprimes AlbertRMeyer March5,2012 lec5M. 9 AlbertRMeyer March5,2012 lec5M. 10 UniquePrimeFactorization

535 views • 4 slides
cse 311: foundations of computing Spring 2015 Lecture 13: Primes, GCDs, modular inverses

cse 311: foundations of computing Spring 2015 Lecture 13: Primes, GCDs, modular inverses

cse 311: foundations of computing Spring 2015 Lecture 13: Primes, GCDs, modular inverses review: repeated squaring Since a mod m a (mod m) for any a we have a 2 mod m = (a mod m) 2 mod m and a 4 mod m = (a 2 mod m) 2 mod m

485 views • 21 slides
Number Theory Number Theory is the study of integers and their resulting structures . Why study

Number Theory Number Theory is the study of integers and their resulting structures . Why study

Number Theory Number Theory is the study of integers and their resulting structures . Why study it? 1 History: the first true algortihms were number-theoretic. 2 Analysis: Well learn about new kinds of running times and analyses. 3 Cryptography!

591 views • 10 slides
Wrap of Number Theory & Midterm Review F Primes, GCD, and LCM (Section 3.5 in text) F Midterm

Wrap of Number Theory & Midterm Review F Primes, GCD, and LCM (Section 3.5 in text) F Midterm

Wrap of Number Theory & Midterm Review F Primes, GCD, and LCM (Section 3.5 in text) F Midterm Review Sections 1.1-1.7 Propositional logic Predicate logic Rules of inference and proofs Sections 2.1-2.3 Sets and Set operations Functions

241 views • 12 slides
Discrete Mathematics & Mathematical Reasoning Primes and Greatest Common Divisors Colin

Discrete Mathematics & Mathematical Reasoning Primes and Greatest Common Divisors Colin

Discrete Mathematics & Mathematical Reasoning Primes and Greatest Common Divisors Colin Stirling Informatics Some slides based on ones by Myrto Arapinis Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 1 / 12 Primes

726 views • 40 slides
Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto

Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto

Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto 2017, 8th International Workshop, Utrecht, June 26-28, 2017 Martin Eker 1 , 2 Johan Hstad 1 1 KTH Royal Institute of Technology, SE-100 44

728 views • 31 slides

More recommend