论文信息 - CAIRN: Dedicated Integer Factoring Devices

CAIRN: Dedicated Integer Factoring Devices

The integer factoring problem is known as one of the hard problem in cryptology, and some public-key cryptosystems including RSA are designed based of this fact. Recently, several dedicated integer factoring devices have been proposed, however, no implementational or even experimental results are not shown. This paper proposes a novel design of a dedicated integer factoring device. In order to verify the do abilty of the design, we actually developed the dedicated integer factoring devices CAIRN 1, 2 and 3. CAIRN 1 is the first and concept proof device implemented on DAP-DNA2, while CAIRN 2 is implemented on Xilinx’s FPGA and succeeded factoring a 128-bit composite integer whose factor was unknown at that time. CAIRN 3 is also implemented on Xilinx’s FPGA, and is about 38 times faster than CAIRN 2 in the experimental sieving for a 768-bit integer (RSA 768). It is estimated that the full sieving for RSA 768 requires about 270 years with single CAIRN 3.

Takeshi Shimoyama | Jun Kogure | Tetsuya Izu

[1] Arjen K. Lenstra,et al. Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[2] Kazumaro Aoki,et al. GNFS Factoring Statistics of RSA-100, 110, ..., 150 , 2004, IACR Cryptol. ePrint Arch..

[3] Jan Pelzl,et al. A Simpler Sieving Device: Combining ECM and TWIRL , 2006, ICISC.

[4] Arjen K. Lenstra,et al. The number field sieve , 1990, STOC '90.

[5] Eran Tromer,et al. Factoring large numbers with the TWIRL device , 2003 .

[6] Kazumaro Aoki,et al. Sieving Using Bucket Sort , 2004, ASIACRYPT.

[7] Daniel J. Bernstein,et al. Circuits for Integer Factorization: A Proposal , 2001 .

[8] Rainer Steinwandt,et al. Yet Another Sieving Device , 2004, CT-RSA.

[9] Adi Shamir. Factoring Large Numbers with the Twinkle Device (Extended Abstract) , 1999, CHES.

[10] W. Lutz,et al. Extended Abstract , 2003 .

[11] Takeshi Shimoyama,et al. CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method , 2007, CHES.

[12] J. Franke,et al. CONTINUED FRACTIONS AND LATTICE SIEVING , 2022 .

[13] Christof Paar,et al. SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers , 2005, CHES.

[14] Carl Pomerance,et al. The Development of the Number Field Sieve , 1994 .

[15] J. Pollard. The lattice sieve , 1993 .