Samenvatting
This paper shows, assuming standard heuristics regarding the number-field sieve, that a "batch NFS" circuit of area L^{1.181...+o(1)} factors L^{0.5+o(1)} separate B-bit RSA keys in time L^{1.022...+o(1)}. Here L=exp((log 2^B)^{1/3}(log log 2^B)^{2/3}). The circuit's area-time product (price-performance ratio) is just L^{1.704...+o(1)} per key. For comparison, the best area-time product known for a single key is L^{1.976...+o(1)}.
This paper also introduces new "early-abort" heuristics implying that "early-abort ECM" improves the performance of batch NFS by a superpolynomial factor, specifically exp((c+o(1))(log 2^B)^{1/6}(log log 2^B)^{5/6}) where c is a positive constant.
Keywords: integer factorization, number-field sieve, price-performance ratio, batching, smooth numbers, elliptic curves, early aborts
Originele taal-2 | Engels |
---|---|
Titel | Selected Areas in Cryptography -- SAC 2014: 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers |
Redacteuren | A. Joux, A. Youssef |
Uitgeverij | Springer |
Pagina's | 38-58 |
ISBN van geprinte versie | 978-3-319-13050-7 |
DOI's | |
Status | Gepubliceerd - 2014 |
Evenement | 21st International Conference on Selected Areas in Cryptography (SAC 2014) - Sackville, Canada Duur: 14 aug. 2014 → 15 aug. 2014 Congresnummer: 21 |
Publicatie series
Naam | Lecture Notes in Computer Science |
---|---|
Volume | 8781 |
ISSN van geprinte versie | 0302-9743 |
Congres
Congres | 21st International Conference on Selected Areas in Cryptography (SAC 2014) |
---|---|
Verkorte titel | SAC 2014 |
Land/Regio | Canada |
Stad | Sackville |
Periode | 14/08/14 → 15/08/14 |
Ander | 21st International Conference on Selected Areas in Cryptography |