Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-Bit
Significant progress in the design of special purpose hardware for supporting the Number Field Sieve (NFS) has been made. From a practical cryptanalytic point of view, however, none of the published proposals for coping with the sieving step is satisfying. Even for the best known designs, the technological obstacles faced for the parameters expected for a 1024-bit RSA modulus are significant.
Below we present a new hardware design for implementing the sieving step. The suggested chips are of moderate size and the inter-chip communication does not seem unrealistic. According to our preliminary analysis of the 1024-bit case, we expect the new design to be about 2 to 3.5 times slower than TWIRL (a wafer-scale design). Due to the more moderate technological requirements, however, from a practical cryptanalytic point of view the new design seems to be no less attractive than TWIRL.
KeywordsRSA cryptanalytic hardware factoring integers NFS
- 1.Bernstein, D.J.: Circuits for Integer Factorization: a Proposal (2001), At the time of writing available electronically at: http://cr.yp.to/papers/nfscircuit.pdf
- 5.Geiselmann, W., Köpfer, H., Steinwandt, R., Tromer, E.: Improved Routing-Based Linear Algebra for the Number Field Sieve. In: Proceedings of ITCC ’05 – Track on Embedded Cryptographic Systems, IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
- 11.Lenstraand, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Heidelberg (1993)Google Scholar