1 / 25

Factoring of Large Numbers using Number Field Sieve Matrix Step

Factoring of Large Numbers using Number Field Sieve Matrix Step. Chandana Anand, Arman Gungor, and Kimberly A. Thomas ECE 646 Fall 2006. INTRODUCTION. The ability to conduct secure electronic transactions is becoming more and more important everyday

belicia
Download Presentation

Factoring of Large Numbers using Number Field Sieve Matrix Step

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Factoring of Large Numbers using Number Field Sieve Matrix Step Chandana Anand, Arman Gungor, and Kimberly A. Thomas ECE 646Fall 2006

  2. INTRODUCTION • The ability to conduct secure electronic transactions is becoming more and more important everyday • It is computationally difficult to factor a large number into its prime factors • What happens if an algorithm that can achieve this in a reasonable amount of time is discovered? F-2: Factoring of Large Numbers Using Number Field Sieve

  3. INTRODUCTION • Number Field Sieve (NFS) is the fastest known algorithm to factor numbers larger than 110 digits • Its development in the past few years has facilitated factoring of integers that were once considered to be infeasible to factor with today’s technology F-2: Factoring of Large Numbers Using Number Field Sieve

  4. INTRODUCTION • GNFS was used in factoring a 512-bit number in 1999 as part of the RSA Challenge • It was estimated that had the RSA-129 challenge used the GNFS instead of the Multiple Polynomial Quadratic Sieve, it would have taken a quarter of the time F-2: Factoring of Large Numbers Using Number Field Sieve

  5. INTRODUCTION RSA-155 Details (512-bits) • Calendar time for the polynomial selection 9 weeks • Sieving: 35.7 CPU-years in total, 3.7 months • Matrix and Square Root Steps: 1.5 months • Total Calendar Time: 7.4 months F-2: Factoring of Large Numbers Using Number Field Sieve

  6. INTRODUCTION • This CPU-effort is estimated to be equivalent to approximately 8000 MIPS years F-2: Factoring of Large Numbers Using Number Field Sieve

  7. GENERAL INFORMATION • Number field sieve is a fast factorization method developed by Pollard et al. • Number Field Sieve factors an integern in expected time: exp((c +o (1))(logn )1/3(loglogn )2/3) withc = 2(2/3)2/3 ~ 1.526 • Number Field Sieve can be thought of as an extension of the rational sieve where smooth numbers of order n are sought for, rarity of which makes the algorithm impractical F-2: Factoring of Large Numbers Using Number Field Sieve

  8. GENERAL INFORMATION • Polynomial selection: Find two Z-irreducible polynomials f(x) and g(x) so that f(m)=0 (mod n) and g(x)=0 (mod n) for some known m • Sieving: Here we find pairs of small integers, (a,b) • Matrix step: Here we take the (a,b) pairs found in the last step and construct a large matrix • Square root:Given the two squares from the previous steps and their prime factorizations, we must compute their square roots to finally factor n F-2: Factoring of Large Numbers Using Number Field Sieve

  9. GNFS Matrix Solving • Involves finding the dependencies in a very large, very sparse matrix • EXAMPLE: • For the RSA-130 challenge, factoring a 130 digit number, the matrix had 3,516,502 rows and 3,504,823 columns with on average 39.4 non-zero entries per row. • Storing the position of all 138,690,744 ones would take “only” 600 MB of memory vs over 1500 GB to store the entire matrix. • Traditional matrix solving methods (e.g. Gaussian) are infeasible F-2: Factoring of Large Numbers Using Number Field Sieve

  10. Wiedemann Algorithm • Intended to make GNFS Matrix step more computationally feasible • allows solving the matrix dependencies without modifying the matrix, leaving the matrix sparse and easier to store and operate on • Block Wiedemann • multiplies the sparse matrix by 32 or 64 vectors at once • takes advantage of the 32-bit or 64-bit architecture of modern computers F-2: Factoring of Large Numbers Using Number Field Sieve

  11. WLSS2 • Block Wiedemann implementation created in the mid-90s • Composed of four steps, two of which may be run in a distributed manner • Input: matrix file in an adjacency list format • 1000 1000 1 • 1f 2b 53 af c8 d4 f2 115 134 13e 13f 15a 185 19f 1b9 1ee207 25e 271 2b3 2e1 2f6 2fd 2ff 30c 336 362 3a3 3b3 3bc 3d3 3d7 • Output: list of candidate factors F-2: Factoring of Large Numbers Using Number Field Sieve

  12. WLSS2 • Program runs on enigma.gmu.edu without problem • did not try running distributed • Found several inconsistencies between the program and its documentation • Program has now “disappeared” from original Internet source F-2: Factoring of Large Numbers Using Number Field Sieve

  13. LiDIA • LiDIA is a C++ library for computational number theory • Allows operations on vectors and matrices such as: • u = A*v; • v.shift_left(n,1); • Also allows operations on vectors of vectors • required for implementation of Block Wiedemann F-2: Factoring of Large Numbers Using Number Field Sieve

  14. LiDIA Implementations • Wiedemann Implementation • working on enigma.gmu.edu • needs further debugging • reprogramming of matrix creation • addition of matrix importation functionality • Block Wiedemann Implemenation • in progress but needs further work on initialization of the vectors of vectors F-2: Factoring of Large Numbers Using Number Field Sieve

  15. Next Steps • Matrix Creation and Input • need to create a program to intelligently create matrices for testing • need a standard matrix format to allow comparisons between WLSS2 and the LiDIA implementations • One solution – add a function to LiDIA implementation to read WLSS2 style adjacency list • Complete debugging of LiDIA Wiedemann implementation • Complete implementation of LiDIA Block Wiedemann algorithm F-2: Factoring of Large Numbers Using Number Field Sieve

  16. Next Steps Continued • Testing of WLSS2, Wiedemann implementation, Block Wiedemann implementation • Functionality testing – do all implementations agree on the results of a given input matrix • Timing comparison F-2: Factoring of Large Numbers Using Number Field Sieve

  17. Block Wiedemann Algorithm • Input to Block Wiedemann: Matrix A of size DxD, D є [107, 1011] • Sparse matrix: Column density << D • Most time consuming operations: Matrix-by-vector multiplications • A.vi, A2.vi, ..... , Ak.vi F-2: Factoring of Large Numbers Using Number Field Sieve

  18. Matrix-by-Vector Multiplication • Non-zero entries in the columns of A - packets that need to be routed to their destinations • m x m mesh, m = √D: row indices of resultant matrix multiplication vector • Mesh Cell i • value at index i of the vector v • packets in column i of the matrix A F-2: Factoring of Large Numbers Using Number Field Sieve

  19. Mesh Routing Architecture • Lenstra et al proposed two versions of the routing based circuit • simple routing version • improved routing version • The improved version was implemented by Dr. Gaj et al in reconfigurable hardware • We implemented the emulation of this hardware in Java F-2: Factoring of Large Numbers Using Number Field Sieve

  20. Routing in the Mesh • Phase 1 – Odd row negotiates with the top even row • Phase 2 – Odd column negotiates with right even row • Phase 3 – Odd row negotiates with the bottom even row. • Phase 4 – Odd column negotiates with left even column. F-2: Factoring of Large Numbers Using Number Field Sieve

  21. Compare-Exchange • Both cells determine they will be closer to their destination after a swap • The cell that is the farthest from its destination determines it will be closer to its destination after a swap • The cell that is farthest will not be closer after the swap, but the cell with the smaller distance will be closer • Neither will become closer to its destination F-2: Factoring of Large Numbers Using Number Field Sieve

  22. Implementation Routines • Randomly populate the mesh • Determine the destination row and column indices of a packet • Perform the negotiations (4 times the size of the mesh) • Determine exchange cases • Update the partial results F-2: Factoring of Large Numbers Using Number Field Sieve

  23. Results • The mesh routing architecture was implemented for a mesh size of 4x4. • Compare-exchange operations were repeated 4*4 =16 times • On an average, routing was completed after all 4 phases of Round 1 and 2 phases of the Round 2 • The architecture was then scaled for a mesh size of 12x12 • Compare-exchange operations were repeated 4*12 = 48 times • Routing was completed at the end of all rounds F-2: Factoring of Large Numbers Using Number Field Sieve

  24. Results (contd..) • The code was then modified to perform multiple vector multiplications in the 12x12 mesh • Java threads were used to emulate the multiple matrix-by-vector multiplications taking place simultaneously in hardware • A new thread was spawned to process the matrix-by-vector multiplication for each vector • Each thread updates its own resultant vector F-2: Factoring of Large Numbers Using Number Field Sieve

  25. Future Work • Development of a routine to examine the state of the mesh after each phase • To find number of phases that are actually required to complete routing in the 12x12 mesh F-2: Factoring of Large Numbers Using Number Field Sieve

More Related