Non-Wafer-Scale Sieving Hardware for the NFS: Another Attempt to - - PowerPoint PPT Presentation

non wafer scale sieving hardware for the nfs another
SMART_READER_LITE
LIVE PREVIEW

Non-Wafer-Scale Sieving Hardware for the NFS: Another Attempt to - - PowerPoint PPT Presentation

Jan 03, 2024 283 likes •446 views

Non-Wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-bit Willi Geiselmann Rainer Steinwandt The Number Field Sieve Precomputation Relation collection Linear Algebra (Matrix step) Postprocessing

slide-1
SLIDE 1

Non-Wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-bit

Willi Geiselmann Rainer Steinwandt

slide-2
SLIDE 2

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 2

The Number Field Sieve

  • Precomputation
  • Relation collection
  • Linear Algebra (Matrix step)
  • Postprocessing
slide-3
SLIDE 3

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 3

Relation Collection

  • Given F1(x,y), F2(x,y) ∈ Z[x,y] ,

homogeneous polynomials, e.g. of degree 5 and 1

  • Find (a,b) ∈ Z x N with F1(a,b) and

F2(a,b) smooth, gcd(a,b) = 1

slide-4
SLIDE 4

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 4

Parameters for 1024 Bit

(identical with TWIRL, 2003)

  • Smoothness bounds:

B1 = 2.6 • 1010 (algebraic), B2 = 3.5 • 109 (rational).

  • Sieving region:

A = 5.5 • 1014, -A < a < A; B = 2.7 • 108, 0 < b < B.

slide-5
SLIDE 5

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 5

Previous work

  • TWINKLE [Shamir 1999; Shamir, Lenstra 2000]

not designed for 1024 bit numbers

  • TWIRL [Shamir, Tromer 2003]

full wafer design

  • Mesh-based sieving [G., St. 2003, 2004]

not feasible for 1024 bit numbers

  • SHARK [Franke et al. 2005]

elaborated butterfly transport system

slide-6
SLIDE 6

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 6

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 2 3 5 7 11 13 17 19 23 29 31 37

Sieving (Eratosthenes)

Memory T i m e

Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ

slide-7
SLIDE 7

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 7

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 2 3 5 7 11 13 17 19 23 29 31 37

Sieving (TWINKLE/TWIRL)

Time

Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ

Counter Counter Counter Counter Counter Counter Counter Counter Counter Counter Counter Counter

slide-8
SLIDE 8

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 8

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 2 3 5 7 11 13 17 19 23 29 31 37

Sieving (mesh / here)

Memory

Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ Σ

? ? ? ? ? ? ? Counter Counter Counter ? ?

(S = 226)

slide-9
SLIDE 9

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 9

Different Types of Primes

  • Largish primes I:

227.2 < p < B1 < 235 ...Type II/III: 1.5 • 107 < p < 227.2

  • Medium primes:

213 < p < 1.5 • 107

  • Smallish primes:

p < 213

slide-10
SLIDE 10

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 10

Largish Stations

. . . DRAM for (p, r)-pairs −A ≤ r < −A + S control logic & adder DRAM for (p, r)-pairs −A + S ≤ r < −A+ 2S control logic & adder DRAM for (p, r)-pairs control logic & adder DRAM for (p, r)-pairs control logic & adder

  • - -
  • - -
slide-11
SLIDE 11

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 11

  • DRAM holds < 100,000 (p,r)-pairs
  • 3 < #DRAMs < 389

(pmax / S)

  • 256 stations for p > 1.5 • 107 ≈ 227.2
  • Distributed on 32 chips:

size: 472 mm2 (0.13 µm process)

  • utput: 448 bit per clock cycle

memory: 99%, logic: 1%

Largish Stations (Type I)

slide-12
SLIDE 12

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 12

Collection Unit

  • Distributed on 4

chips, each holding

  • 4 arrays of 32 x 32

counting units.

  • Each unit is in charge
  • f 212 sieve locations,
  • and adding up the

log(p) values.

counting unit input part counting unit counting unit counting unit input part counting unit counting unit counting unit input part counting unit counting unit

slide-13
SLIDE 13

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 13

Medium and Smallish Primes

  • Medium Primes:

 Calculated close to the Counting Units

  • Smallish Primes:

 calculated in the Counting Parts  stored (added) in separate DRAM

slide-14
SLIDE 14

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 14

Collection Unit (area estimates)

2,2 cm

22 L sta Type 2 90 mm2 16 L sta Type 3 46 mm2 16 L sta Type 3 46 mm2

20 M sta 20 mm2

2 M sta 2 mm2 2 M sta 2 mm2 2 M sta 2 mm2 2 M sta 2 mm2

array 50 mm2 array 50 mm2 array 50 mm2 array 50 mm2

22 L sta Type 2 90 mm2

Distributed on 4 chips: size: 493 mm2

(0.13 µm process)

input: 3584 bit / cc memory: 94% logic: 6%

slide-15
SLIDE 15

23.5.2007 Sieving with Small Chips (Geiselmann, Steinwandt) 15

Performance

  • Total silicon area 172 cm2
  • One subinterval (S=226) in 53,000 cc
  • One sieve line in 25 min (600 MHz)
  • Sieving of a 1024 bit number with

8300 devices in one year

  • 3.5 x more silicon area than TWIRL
  • or 2.0 x more after modification