Yet Another Sieving Device
A compact mesh architecture for supporting the relation collection step of the number field sieve is described. Differing from TWIRL, only isolated chips without inter-chip communication are used. According to a preliminary analysis for 768-bit numbers, with a 0.13 μm process one mesh-based device fits on a single chip of ≈(4.9 cm)2—the largest proposed chips in the TWIRL cluster for 768-bit occupy ≈(6.7 cm)2.
A 300 mm silicon wafer filled with the mesh-based devices is ≈ 6.3 times slower than a wafer with TWIRL clusters, but due to the moderate chip size, lack of inter-chip communication, and the comparatively regular structure, from a practical point of view the mesh-based approach might be as attractive as TWIRL.
Keywordsfactorization number field sieve RSA
Unable to display preview. Download preview PDF.
- [Ber01]Bernstein, D.J.: Circuits for Integer Factorization: a Proposal (2001), At the time of writing available electronically at http://cr.yp.to/papers.html#nfscircuit
- [GS03c]Geiselmann, W., Steinwandt, R.: Yet Another Sieving Device (extended version). Cryptology ePrint Archive: Report 2003/202 (2003), At the time of writing available at http://eprint.iacr.org/2003/202/