Reconfigurable hardware implementation of mesh routing in number field sieve factorization

Factorization of large numbers has been a constant source of interest in cryptanalysis. The fastest known algorithm for factoring large numbers is the number field sieve (NFS). The two most time consuming phases of NFS are sieving and matrix step. We propose an efficient way of implementing the matrix step in reconfigurable hardware. Our solution is based on the mesh-routing method proposed by Lenstra et al. We determine the practical size of a partial mesh that can fit in one FFGA device, Xilinx Virtex II XC2V6000. We further extrapolate the computation time for the case of a square systolic array of FFGAs for 512-bit and 1024-bit numbers' factorization. We demonstrate that for practical sizes of numbers used in cryptography, 1024 bits, the matrix step of factorization can be performed using 1024 Virtex II FFGAs in less than 40 days.

[1]  D. Coppersmith Solving homogeneous linear equations over GF (2) via block Wiedemann algorithm , 1994 .

[2]  Tarek A. El-Ghazawi,et al.  Performance and overhead in a hybrid reconfigurable computer , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[3]  Gilles Villard,et al.  Further analysis of Coppersmith's block Wiedemann algorithm for the solution of sparse linear systems (extended abstract) , 1997, ISSAC.

[4]  Daniel J. Bernstein,et al.  Circuits for Integer Factorization: A Proposal , 2001 .

[5]  Eran Tromer,et al.  On the Cost of Factoring RSA-1024 , 2003 .

[6]  Sashisu Bajracharya,et al.  Reconfigurable Hardware Implementation and Analysis of Mesh Routing for the Matrix Step of the Number Field Sieve Factorization A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science at George Mason University By , 2005 .

[7]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[8]  Tarek A. El-Ghazawi,et al.  Implementation of Elliptic Curve Cryptosystems over GF(2n) in Optimal Normal Basis on a Reconfigurable Computer , 2004, FPL.

[9]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.

[10]  Jeff Gilchrist,et al.  Factorization of a 512-Bit RSA Modulus , 2000, EUROCRYPT.

[11]  Arjen K. Lenstra,et al.  Algorithms in Number Theory , 1991, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[12]  William H. Mangione-Smith,et al.  Factoring large numbers with programmable hardware , 2000, FPGA '00.

[13]  Adi Shamir,et al.  Factoring Estimates for a 1024-Bit RSA Modulus , 2003, ASIACRYPT.

[14]  Rainer Steinwandt,et al.  Hardware to Solve Sparse Systems of Linear Equations over GF(2) , 2003, CHES.

[15]  H. Lenstra,et al.  Algorithms in algebraic number theory , 1992, math/9204234.

[16]  Adi Shamir,et al.  Analysis of Bernstein's Factorization Circuit , 2002, ASIACRYPT.