Some Parallel Algorithms for Integer Factorisation

  • Richard P. Brent
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1685)


Algorithms for finding the prime factors of large composite numbers are of practical importance because of the widespread use of public key cryptosystems whose security depends on the presumed difficulty of the factorisation problem. In recent years the limits of the best integer factorisation algorithms have been extended greatly, due in part to Moore’s law and in part to algorithmic improvements. It is now routine to factor 100-decimal digit numbers, and feasible to factor numbers of 155 decimal digits (512 bits). We describe several integer factorisation algorithms, consider their suitability for implementation on parallel machines, and give examples of their current capabilities.


Elliptic Curve Parallel Algorithm Elliptic Curf Discrete Logarithm Discrete Logarithm Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    D. Atkins, M. Graff, A.K. Lenstra and P.C. Leyland, The magic words are squeamish ossifrage, Advances in Cryptology: Proc. Asiacrypt’94, LNCS917, Springer-Verlag, Berlin, 1995, 263–277.Google Scholar
  2. [2]
    A.O.L. Atkin and F. Morain, Elliptic curves and primality proving, Math. Comp.61 (1993), 29–68. Programs available from Scholar
  3. [3]
    H. Boender and H.J.J. te Riele, Factoring integers with large prime variations of the quadratic sieve, Experimental Mathematics, 5 (1996), 257–273.CrossRefMathSciNetzbMATHGoogle Scholar
  4. [4]
    R.P. Brent, A Fortran multiple-precision arithmetic package, ACM Transactions on Mathematical Software4 (1978), 57–70.CrossRefGoogle Scholar
  5. [5]
    R.P. Brent, An improved Monte Carlo factorisation algorithm, BIT20 (1980), 176–184.CrossRefMathSciNetzbMATHGoogle Scholar
  6. [6]
    R.P. Brent, Some integer factorisation algorithms using elliptic curves, Australian Computer Science Communications8 (1986), 149–163. Scholar
  7. [7]
    R.P. Brent, Parallel algorithms for integer factorization, in Number Theory and Cryptography (edited by J.H. Loxton), London Mathematical Society Lecture Note Series 154, Cambridge University Press, 1990, 26–37.Google Scholar
  8. [8]
    R.P. Brent, Vector and parallel algorithms for integer factorization, Proceedings Third Australian Supercomputer Conference University of Melbourne, December 1990, 12 pp.
  9. [9]
    R.P. Brent, Large factors found by ECM, Oxford University Computing Laboratory, May 1999.
  10. [10]
    R.P. Brent, Factorization of the tenth Fermat number, Math. Comp.68 (1999), 429–451. Preliminary version available as Factorization of the tenth and eleventh Fermat numbers, Technical Report TR-CS-96-02, CSL, ANU, Feb. 1996, 25pp. Scholar
  11. [11]
    R.P. Brent and J.M. Pollard, Factorisation of the eighth Fermat number, Math. Comp.36 (1981), 627–630.CrossRefMathSciNetzbMATHGoogle Scholar
  12. [12]
    J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman and S.S. Wagstaff, Jr., Factorisations of bn_ 1; b = 2; 3; 5; 6; 7; 10; 11; 12 up to high powers, American Mathematical Society, Providence, Rhode Island, second edition, 1988. Updates available from http://www.cs/
  13. [13]
    D.A. Buell, Factoring: algorithms, computations, and computers, J. Supercomputing1 (1987), 191–216.CrossRefzbMATHGoogle Scholar
  14. [14]
    C. Caldwell, The Dubner PC Cruncher-a microcomputer coprocessor card for doing integer arithmetic, review in J. Rec. Math.25(1), 1993.Google Scholar
  15. [15]
    T.R. Caron and R.D. Silverman, Parallel implementation of the quadratic sieve, J. Supercomputing1 (1988), 273–290.CrossRefGoogle Scholar
  16. [16]
    S. Cavallar, B. Dodson, A.K. Lenstra, P. Leyland, W. Lioen, P.L. Montgomery, B. Murphy, H. te Riele and P. Zimmermann, Factorization of RSA-140 using the number field sieve, announced 4 February 1999. Available from
  17. [17]
    S. Cavallar, B. Dodson, A.K. Lenstra, P. Leyland, W. Lioen, P.L. Montgomery, H. te Riele and P. Zimmermann, 211-digit SNFS factorization, announced 25 April 1999. Available from
  18. [18]
    D.V. and G.V. Chudnovsky, Sequences of numbers generated by addition in formal groups and new primality and factorization tests, Adv. in Appl. Math.7 (1986), 385–434.CrossRefMathSciNetzbMATHGoogle Scholar
  19. [19]
    H. Cohen, A Course in Computational Algebraic Number Theory, Springer-Verlag, Berlin, 1993.CrossRefzbMATHGoogle Scholar
  20. [20]
    H. Cohen and H.W. Lenstra, Jr., Primality testing and Jacobi sums, Math. Comp. 42 (1984), 297–330.CrossRefMathSciNetzbMATHGoogle Scholar
  21. [21]
    S. Contini, The factorization of RSA-140, RSA Laboratories Bulletin 10, 8 (March 1999). Available from http://www.rsa/com/rsalabs/html/bulletins.html.
  22. [22]
    J. Cowie, B. Dodson, R.M. Elkenbracht-Huizing, A.K. Lenstra, P.L. Montgomery and J. Zayer, A world wide number field sieve factoring record: on to 512 bits, Advances in Cryptology: Proc. Asiacrypt’96, LNCS1163, Springer-Verlag, Berlin, 1996, 382–394.CrossRefGoogle Scholar
  23. [23]
    R.E. Crandall, Parallelization of Pollard-rho factorization, preprint, 23 April 1999.Google Scholar
  24. [24]
    R. Crandall and B. Fagin, Discrete weighted transforms and large-integer arithmetic, Math. Comp.62 (1994), 305–324.CrossRefMathSciNetzbMATHGoogle Scholar
  25. [25]
    D. Deutsch, Quantum theory, the Church-Turing principle and the universal quantum computer, Proc. Roy. Soc. London, Ser. A400 (1985), 97–117.Google Scholar
  26. [26]
    D. Deutsch, Quantum computational networks, Proc. Roy. Soc. London, Ser. A425 (1989), 73–90.CrossRefMathSciNetzbMATHGoogle Scholar
  27. [27]
    W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory22 (1976), 472–492.CrossRefMathSciNetzbMATHGoogle Scholar
  28. [28]
    B. Dixon and A.K. Lenstra, Massively parallel elliptic curve factoring, Proc. Eurocrypt’ 92, LNCS658, Springer-Verlag, Berlin, 1993, 183–193.Google Scholar
  29. [29]
    B. Dodson and A.K. Lenstra, NFS with four large primes: an explosive experiment, Proc. Crypto’95, LNCS963, Springer-Verlag, Berlin, 1995, 372–385.Google Scholar
  30. [30]
    T. El Gamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, Advances in Cryptology: Proc. CRYPTO’84, Springer-Verlag, Berlin, 1985, 10–18.CrossRefGoogle Scholar
  31. [31]
    T. El Gamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. on Information Theory31 (1985), 469–472.CrossRefMathSciNetGoogle Scholar
  32. [32]
    M. Elkenbracht-Huizing, An implementation of the number field sieve, Experimental Mathematics, 5 (1996), 231–253.CrossRefMathSciNetzbMATHGoogle Scholar
  33. [33]
    M. Elkenbracht-Huizing, Factoring integers with the number field sieve, Doctor’s thesis, Leiden University, 1997.Google Scholar
  34. [34]
    M. Elkenbracht-Huizing, A multiple polynomial general number field sieve Algorithmic Number Theory-ANTS III, LNCS1443, Springer-Verlag, Berlin, 1998, 99–114.zbMATHGoogle Scholar
  35. [35]
    K.F. Ireland and M. Rosen, A Classical Introduction to Modern Number Theory, Springer-Verlag, Berlin, 1982.CrossRefzbMATHGoogle Scholar
  36. [36]
    D.E. Knuth, The Art of Computer Programming, Vol. 2, Addison Wesley, third edition, 1997.Google Scholar
  37. [37]
    N. Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag, New York, 1994.CrossRefzbMATHGoogle Scholar
  38. [38]
    S. Lang, Elliptic Curves-Diophantine Analysis, Springer-Verlag, Berlin, 1978.CrossRefzbMATHGoogle Scholar
  39. [39]
    R.S. Lehman, Factoring large integers, Math. Comp.28 (1974), 637–646.CrossRefMathSciNetzbMATHGoogle Scholar
  40. [40]
    A.K. Lenstra and H.W. Lenstra, Jr. (editors), The development of the number field sieve, Lecture Notes in Mathematics1554, Springer-Verlag, Berlin, 1993.Google Scholar
  41. [41]
    A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse and J.M. Pollard, The number field sieve, Proc. 22nd Annual ACM Conference on Theory of Computing, Baltimore, Maryland, May 1990, 564–572.Google Scholar
  42. [42]
    A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard, The factorization of the ninth Fermat number, Math. Comp. 61 (1993), 319–349.CrossRefMathSciNetzbMATHGoogle Scholar
  43. [43]
    A.K. Lenstra and M.S. Manasse, Factoring by electronic mail, Proc. Eurocrypt’ 89, LNCS434, Springer-Verlag, Berlin, 1990, 355–371.Google Scholar
  44. [44]
    A.K. Lenstra and M.S. Manasse, Factoring with two large primes, Math. Comp.63 (1994), 785–798.CrossRefMathSciNetzbMATHGoogle Scholar
  45. [45]
    H.W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics (2)126 (1987), 649–673.CrossRefMathSciNetzbMATHGoogle Scholar
  46. [46]
    K.S. McCurley, The discrete logarithm problem, in Cryptography and Computational Number Theory, C. Pomerance, ed., Proc. Symp. Appl. Math., Amer.Math. Soc., 1990.Google Scholar
  47. [47]
    A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, Boston, 1993.CrossRefzbMATHGoogle Scholar
  48. [48]
    A. Menezes, Elliptic curve cryptosystems, CryptoBytes1, 2 (1995), 1–4. Available from Scholar
  49. [49]
    P.L. Montgomery, Modular multiplication without trial division, Math. Comp. 44 (1985), 519–521.CrossRefMathSciNetzbMATHGoogle Scholar
  50. [50]
    P.L. Montgomery, Speeding the Pollard and elliptic curve methods of factorization, Math. Comp.48 (1987), 243–264.CrossRefMathSciNetzbMATHGoogle Scholar
  51. [51]
    P.L. Montgomery, An FFT extension of the elliptic curve method of factorization, Ph. D. dissertation, Mathematics, University of California at Los Angeles, 1992.
  52. [52]
    P.L. Montgomery, A survey of modern integer factorization algorithms, CWI Quarterly7 (1994), 337–366. Scholar
  53. [53]
    P.L. Montgomery, Square roots of products of algebraic numbers, Mathematics of Computation 1943-1993, Proc. Symp. Appl. Math.48 (1994), 567–571.MathSciNetzbMATHGoogle Scholar
  54. [54]
    P.L. Montgomery, A block Lanczos algorithm for finding dependencies over GF(2), Advances in Cryptology: Proc. Eurocrypt’95, LNCS921, Springer-Verlag, Berlin, 1995, 106–120.Google Scholar
  55. [55]
    F. Morain, Courbes elliptiques et tests de primalité, Ph. D. thesis, Univ. Claude Bernard-Lyon I, France, 1990.
  56. [56]
    M.A. Morrison and J. Brillhart, A method of factorisation and the factorization of F 7, Math. Comp.29 (1975), 183–205.zbMATHGoogle Scholar
  57. [57]
    R. Motwani and P. Raghavan, Randomized Algorithms, Cambridge University Press, 1995.Google Scholar
  58. [58]
    B.A. Murphy, Modelling the yield of number field sieve polynomials, Algorithmic Number Theory-ANTS III, LNCS1443, Springer-Verlag, Berlin, 1998, 137–150.CrossRefGoogle Scholar
  59. [59]
    B.A. Murphy, Polynomial selection for the number field sieve integer factorisation algorithm, Ph. D. thesis, Australian National University, 1999.Google Scholar
  60. [60]
    B.A. Murphy and R.P. Brent, On quadratic polynomials for the number field sieve, Australian Computer Science Communications20 (1998), 199–213.MathSciNetzbMATHGoogle Scholar
  61. [61]
    A.M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, Advances in Cryptology:Proc. Eurocrypt’ 84, LNCS209, Springer-Verlag, Berlin, 1985, 224–314.CrossRefGoogle Scholar
  62. [62]
    A.M. Odlyzko, The future of integer factorization, CryptoBytes1, 2 (1995), 5–12. Available from Scholar
  63. [63]
    P.C. van Oorschot and M.J. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proc 2nd ACM Conference on Computer and Communications Security, ACM, New York, 1994, 210–218.Google Scholar
  64. [64]
    P.C. van Oorschot and M.J. Wiener, Parallel collision search with cryptanalytic applications, J. Cryptology12 (1999), 1–28.CrossRefMathSciNetzbMATHGoogle Scholar
  65. [65]
    J.M. Pollard, Theorems in factorisation and primality testing, Proc. Cambridge Philos. Soc.76 (1974), 521–528.CrossRefMathSciNetzbMATHGoogle Scholar
  66. [66]
    J.M. Pollard, A Monte Carlo method for factorization, BIT15 (1975), 331–334.CrossRefMathSciNetzbMATHGoogle Scholar
  67. [67]
    C. Pomerance, The quadratic sieve factoring algorithm, Advances in Cryptology, Proc. Eurocrypt’ 84, LNCS209, Springer-Verlag, Berlin, 1985, 169–182.Google Scholar
  68. [68]
    C. Pomerance, The number field sieve, Proceedings of Symposia in Applied Mathematics48, Amer. Math. Soc., Providence, Rhode Island, 1994, 465–480.CrossRefMathSciNetzbMATHGoogle Scholar
  69. [69]
    C. Pomerance, A tale of two sieves, Notices Amer. Math. Soc.43 (1996), 1473–1485.MathSciNetzbMATHGoogle Scholar
  70. [70]
    C. Pomerance, J.W. Smith and R. Tuler, A pipeline architecture for factoring large integers with the quadratic sieve algorithm, SIAM J. on Computing17 (1988), 387–403.CrossRefMathSciNetzbMATHGoogle Scholar
  71. [71]
    J. Preskill, Lecture Notes for Physics 229: Quantum Information and Computation, California Institute of Technology, Los Angeles, Sept. 1998.
  72. [72]
    M.O. Rabin, Probabilistic algorithms for testing primality, J. Number Theory12 (1980), 128–138.CrossRefMathSciNetzbMATHGoogle Scholar
  73. [73]
    H.J.J. te Riele, W. Lioen and D. Winter, Factoring with the quadratic sieve on large vector computers, Belgian J. Comp. Appl. Math.27 (1989), 267–278.CrossRefMathSciNetzbMATHGoogle Scholar
  74. [74]
    H. Riesel, Prime numbers and computer methods for factorization, 2nd edition, Birkhäuser, Boston, 1994.CrossRefzbMATHGoogle Scholar
  75. [75]
    R.L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM21 (1978), 120–126.CrossRefMathSciNetzbMATHGoogle Scholar
  76. [76]
    RSA Laboratories, Information on the RSA challenge, http://www.rsa/com/rsalabs/html/challenges.html.
  77. [77]
    B. Schneier, Applied Cryptography, second edition, John Wiley and Sons, 1996.Google Scholar
  78. [78]
    A. Shamir, Factoring large numbers with the TWINKLE device (extended abstract), preprint, 1999. Announced at Eurocrypt’99.Google Scholar
  79. [79]
    P.W. Shor, Algorithms for quantum computation: discrete logarithms and factoring, Proc. 35th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, California, 1994, 124–134. CMP 98:06CrossRefGoogle Scholar
  80. [80]
    P.W. Shor, Polynomial time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM J. Computing26 (1997), 1484–1509.CrossRefMathSciNetzbMATHGoogle Scholar
  81. [81]
    J.H. Silverman, The arithmetic of elliptic curves, Graduate Texts in Mathematics 106, Springer-Verlag, New York, 1986.Google Scholar
  82. [82]
    R.D. Silverman, The multiple polynomial quadratic sieve, Math. Comp.48 (1987), 329–339.CrossRefMathSciNetzbMATHGoogle Scholar
  83. [83]
    R.D. Silverman and S.S. Wagstaff, Jr., A practical analysis of the elliptic curve factoring algorithm, Math. Comp.61 (1993), 445–462.CrossRefMathSciNetzbMATHGoogle Scholar
  84. [84]
    I.N. Stewart and D.O. Tall, Algebraic Number Theory, second edition, Chapman and Hall, 1987.Google Scholar
  85. [85]
    D. Stinson, Cryptography-Theory and Practice, CRC Press, Boca Raton, 1995.zbMATHGoogle Scholar
  86. [86]
    A.M. Turing, On computable numbers, with an application to the Entscheidungsproblem, Proc. London Math. Soc. (2)42 (1936), 230-265. Errata ibid 43 (1937), 544–546.MathSciNetzbMATHGoogle Scholar
  87. [87]
    U. Vazirani, Introduction to special section on quantum computation, SIAM J. Computing26 (1997), 1409–1410.CrossRefzbMATHGoogle Scholar
  88. [88]
    D. Weber, Computing discrete logarithms with the number field sieve, Algorithmic Number Theory-ANTS II, LNCS1122, Springer-Verlag, Berlin, 1996, 99–114.CrossRefGoogle Scholar
  89. [89]
    D. Weber, On the computation of discrete logarithms in finite prime fields, Ph. D. thesis, Universität des Saarlandes, 1997.Google Scholar
  90. [90]
    D.H. Wiedemann, Solving sparse linear equations over finite fields, IEEE Trans. Inform. Theory32 (1986), 54–62.CrossRefMathSciNetzbMATHGoogle Scholar
  91. [91]
    J. Zayer, Faktorisieren mit dem Number Field Sieve, Ph. D. thesis, Universität des Saarlandes, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Richard P. Brent
    • 1
  1. 1.Oxford University Computing LaboratoryOxfordUK

Personalised recommendations