A World Wide Number Field Sieve Factoring Record: On to 512 Bits

We present data concerning the factorization of the 130-digit number RSA130 which we factored on April 10, 1996, using the Number Field Sieve factoring method. This factorization beats the 129-digit record that was set on April 2, 1994, by the Quadratic Sieve method. The amount of computer time spent on our new record factorization is only a fraction of what was spent on the previous record. We also discuss a World Wide Web interface to our sieving program that we have developed to facilitate contributing to the sieving stage of future large scale factoring efforts. These developments have a serious impact on the security of RSA public key cryptosystems with small moduli. We present a conservative extrapolation to estimate the difficulty of factoring 512-bit numbers.

[1]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[2]  Arjen K. Lenstra,et al.  Factoring by Electronic Mail , 1990, EUROCRYPT.

[3]  Arjen K. Lenstra,et al.  Lattice sieving and trial division , 1994, ANTS.

[4]  Arjen K. Lenstra,et al.  Factoring Integers Using SIMD Sieves , 1994, EUROCRYPT.

[5]  Arjen K. Lenstra,et al.  On the Factorization of RSA-120 , 1993, CRYPTO.

[6]  Peter L. Montgomery,et al.  Square roots of products of algebraic numbers , 1994 .

[7]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[8]  Johannes A. Buchmann,et al.  An Implementation of the General Number Field Sieve , 1994, CRYPTO.

[9]  Dj Daniel Bernstein,et al.  A general number field sieve implementation , 1993 .

[10]  R. Marije Elkenbracht-Huizing,et al.  An Implementation of the Number Field Sieve , 1996, Exp. Math..

[11]  Jan van Leeuwen,et al.  Handbook of Theoretical Computer Science, Vol. A: Algorithms and Complexity , 1994 .

[12]  Arjen K. Lenstra,et al.  Factoring With Two Large Primes , 1990, EUROCRYPT.

[13]  Mike Gardner A new kind of cipher that would take millions of years to break , 1997 .

[14]  Arjen K. Lenstra,et al.  Algorithms in Number Theory , 1991, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[15]  R. Marije Elkenbracht-Huizing A Multiple Polynominal General Number Field Sieve , 1996, ANTS.

[16]  J. Pollard The lattice sieve , 1993 .

[17]  Peter L. Montgomery,et al.  A Block Lanczos Algorithm for Finding Dependencies Over GF(2) , 1995, EUROCRYPT.

[18]  Carl A. Gunter,et al.  In handbook of theoretical computer science , 1990 .

[19]  Arjen K. Lenstra,et al.  NFS with Four Large Primes: An Explosive Experiment , 1995, CRYPTO.