Abstract
The hardness of the integer factorization problem assures the security of some public-key cryptosystems including RSA, and the number field sieve method (NFS), the most efficient algorithm for factoring large integers currently, is a threat for such cryptosystems. Recently, dedicated factoring devices attract much attention since it might reduce the computing cost of the number field sieve method. In this paper, we report implementational and experimental results of a dedicated sieving device “CAIRN 2” with Xilinx’s FPGA which is designed to handle up to 768-bit integers. Used algorithm is based on the line sieving, however, in order to optimize the efficiency, we adapted a new implementational method (the pipelined sieving). In addition, we actually factored a 423-bit integer in about 30 days with the developed device CAIRN 2 for the sieving step and usual PCs for other steps. As far as the authors know, this is the first FPGA implementation and experiment of the sieving step in NFS.
A part of this research is financially supported by a contract research with the National Institute of Information and Communications Technology (NICT), Japan.
Chapter PDF
Similar content being viewed by others
References
Aoki, K., Kida, Y., Shimoyama, T., Ueda, H.: GNFS Factoring Statistics of RSA-100, 110., 150. Cryptology ePrint archive 2004/095, IACR (2004)
Aoki, K., Ueda, H.: Sieving Using Bucket Sort. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 92–102. Springer, Heidelberg (2004)
Bernstein, D.: Circuits for integer factorization: a proposal. preprint (2001)
Bajracharya, S., Misra, D., Gaj, K., El-Ghazawi, T.: Reconfigurable Hardware Implementation of Mesh Routing in the Number Field Sieve Factorization. In: FPT 2004, pp. 263–270. IEEE, Los Alamitos (2004)
The Cunningham project: http://homes.cerias.purdue.edu/~ssw/cun/
Franke, J., et al.: RSA-576. Email announcement (December 2003)
Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-bit Integers. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 119–130. Springer, Heidelberg (2005)
Geiselmann, W., Januszewski, F., Köpher, H., Pelzl, J., Steinwandt, R.: A Simpler Sieving Device: Combining ECM and TWIRL. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296. Springer, Heidelberg (2006)
Gaj, K., Kwon, S., Baier, P., Kohlbrenner, P., Le, H., Khaleeluddin, M., Bachimanchi, R.: Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 119–133. Springer, Heidelberg (2006)
Geiselmann, W., Steinwandt, R.: A Dedicated Sieving Hardware. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 254–266. Springer, Heidelberg (2002)
Geiselmann, W., Steinwandt, R.: Yet Another Sieving Device. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 278–291. Springer, Heidelberg (2004)
Geiselmann, W., Steinwandt, R.: Non-Wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-bit. In: EUROCRYPT 2007. LNCS, vol. 4515, pp. 466–481. Springer, Heidelberg (2007)
IPFlex: DAPDNA Architecture. Available at http://www.ipflex.com/en/E1-products/index.html
Izu, T., Kogure, J., Shimoyama, T.: A Status Report: An Implementation of a Sieving Algorithm on a Dynamic Reconfigurable Processor (Extended Abstract). In: SHARCS 2005, ECRYPT (2005)
Izu, T., Katoh, K., Kogure, J., Nishimura, S., Shimoyama, T.: An Implementation of a Sieving Algorithm in the Number Field Sieve on a Dynamic Reconfigurable Processor (Extended Abstract). In: JWIS 2006 (2006)
Kim, H.J., Mongione-Smith, W.: Factoring Large Numbers with Programmable Hardware. In: FPGA 2000, pp. 41–48. ACM Press, New York (2000)
Lenstra, A., Lenstra, H.: The Development of the Number Field Sieve. Lecture Notes in Mathematics (LNM), vol. 1554. Springer, Heidelberg (1993)
Lenstra, A., Lenstra, H., Manasse, M., Pollard, J.: The Number Field Sieve. In: STOC 1990, pp. 564–572. ACM Press, New York (1990)
Lenstra, A., Shamir, A.: Analysis and Optimization of the TWINKLE Factoring Device. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 35–52. Springer, Heidelberg (2000)
Lenstra, A., Tromer, E., Shamir, A., Kortsmit, W., Dodson, B., Hughes, J., Leyland, P.: Factoring Estimates for a 1024-bit RSA Modulus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 55–74. Springer, Heidelberg (2003)
Lenstra, A., Shamir, A., Tomlinson, J., Tromer, E.: Analysis of Bernstein’s Circuit. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 1–26. Springer, Heidelberg (2002)
Nguyen, P.: A Montgomery-like Square Root for the Number Field Sieve. In: Buhler, J.P. (ed.) Algorithmic Number Theory. LNCS, vol. 1423, pp. 151–168. Springer, Heidelberg (1998)
Pollard, J.: The Lattice Sieve, pp. 43–49 (1991) in [LL93]
Shamir, A.: Factoring Large Numbers with the TWINKLE Device (Extended Abstract). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 2–12. Springer, Heidelberg (1999)
Šimka, M., Pelzl, J., Kleinjung, T., Franke, J., Priplata, C., Stahlke, C., Drutarovský, M., Fischer, V., Parr, C.: Hardware Factorization Based on Elliptic Curve Method. In: FCCM 2005, pp. 107–116. IEEE, Los Alamitos (2005)
Shamir, A., Tromer, E.: Factoring large numbers with the TWIRL device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)
Xilinx: Vertex-4 Multi-Platform FPGA, Available at http://www.xilinx.com/products/silicon_solutions/fpgas/virtex/virtex4/index.htm
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Izu, T., Kogure, J., Shimoyama, T. (2007). CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method . In: Paillier, P., Verbauwhede, I. (eds) Cryptographic Hardware and Embedded Systems - CHES 2007. CHES 2007. Lecture Notes in Computer Science, vol 4727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74735-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-74735-2_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74734-5
Online ISBN: 978-3-540-74735-2
eBook Packages: Computer ScienceComputer Science (R0)