ECM using Edwards curves

This paper introduces EECM-MPFQ, a fast implementation of the elliptic-curve method of factoring integers. EECM-MPFQ uses fewer modular multiplications than the well-known GMP-ECM software, takes less time than GMP-ECM, and finds more primes than GMP-ECM. The main improvements above the modular-arithmetic level are as follows: (1) use Edwards curves instead of Montgomery curves; (2) use extended Edwards coordinates; (3) use signed-sliding-window addition-subtraction chains; (4) batch primes to increase the window size; (5) choose curves with small parameters and base points; (6) choose curves with large torsion.

[1]  A. Atkin,et al.  ELLIPTIC CURVES AND PRIMALITY PROVING , 1993 .

[2]  Pierrick Gaudry Fast genus 2 arithmetic based on Theta functions , 2007, J. Math. Cryptol..

[3]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[4]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[5]  Serdar Boztas,et al.  Applied Algebra, Algebraic Algorithms and Error-Correcting Codes , 2001, Lecture Notes in Computer Science.

[6]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[7]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[8]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[9]  Gary L. Mullen,et al.  Finite Fields and Applications , 2007, Student mathematical library.

[10]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[11]  Paulo S. L. M. Barreto,et al.  Progress in Cryptology - LATINCRYPT 2010, First International Conference on Cryptology and Information Security in Latin America, Puebla, Mexico, August 8-11, 2010, Proceedings , 2010, LATINCRYPT.

[12]  Pierrick Gaudry,et al.  The mpFq library and implementing curve-based key exchanges , 2007 .

[13]  Bruce Dodson,et al.  20 Years of ECM , 2006, ANTS.

[14]  Tanja Lange,et al.  Inverted Edwards Coordinates , 2007, AAECC.

[15]  Antoine Joux,et al.  Advances in Cryptology - EUROCRYPT 2009 , 2009, Lecture Notes in Computer Science.

[16]  Tanja Lange,et al.  ECM on Graphics Cards , 2009, IACR Cryptol. ePrint Arch..

[17]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[18]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[19]  Romain Cosset Factorization with genus 2 curves , 2010, Math. Comput..

[20]  C. Pandu Rangan,et al.  Progress in Cryptology - INDOCRYPT 2007, 8th International Conference on Cryptology in India, Chennai, India, December 9-13, 2007, Proceedings , 2007, INDOCRYPT.

[21]  Tanja Lange,et al.  Optimizing Double-Base Elliptic-Curve Single-Scalar Multiplication , 2007, INDOCRYPT.

[22]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[23]  Tanja Lange,et al.  Analysis and optimization of elliptic-curve single-scalar multiplication , 2007, IACR Cryptol. ePrint Arch..

[24]  Peter de Rooij,et al.  Efficient Exponentiation using Procomputation and Vector Addition Chains , 1994, EUROCRYPT.

[25]  Tanja Lange,et al.  A complete set of addition laws for incomplete Edwards curves , 2011, IACR Cryptol. ePrint Arch..

[26]  Sebastian Pauli,et al.  Algorithmic Number Theory, 7th International Symposium, ANTS-VII, Berlin, Germany, July 23-28, 2006, Proceedings , 2006, ANTS.

[27]  Tanja Lange,et al.  Starfish on Strike , 2010, LATINCRYPT.

[28]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[29]  D. J. Bernstein Fast multiplication and its applications , 2008 .

[30]  Richard P. Brent,et al.  Some integer factorization algorithms using elliptic curves , 2010, ArXiv.

[31]  Peter Stevenhagen,et al.  Algorithmic Number Theory: Lattices, Number Fields, Curves and Cryptography , 2011 .

[32]  Dj Daniel Bernstein,et al.  Arbitrarily tight bounds on the distribution of smooth integers , 2002 .

[33]  Alexander Kruppa Speeding up Integer Multiplication and Factorization. (Améliorations de la multiplication et de la factorisation d'entier) , 2010 .

[34]  Antoine Joux,et al.  Advances in cryptology : EUROCRYPT 2009 : 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009 : proceedings , 2009 .

[35]  J. McKee Subtleties in the Distribution of the Numbers of Points on Elliptic Curves Over a Finite Prime Field , 1999 .

[36]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[37]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[38]  Ed Dawson,et al.  Twisted Edwards Curves Revisited , 2008, IACR Cryptol. ePrint Arch..

[39]  Robert D. Silverman,et al.  A practical analysis of the elliptic curve factoring algorithm , 1993 .

[40]  M. A. Bennett,et al.  Number Theory for the Millennium I , 2002 .

[41]  DANIEL J. BERNSTEIN SCALED REMAINDER TREES , .

[42]  H. Edwards A normal form for elliptic curves , 2007 .

[43]  A. D. Santis Advances in cryptology, EUROCRYPT '94 : Workshop on the Theory and Application of Cryptographic Techniques, Perugia, Italy, May 9-12, 1994 : proceedings , 1995 .

[44]  B. Mazur,et al.  Rational isogenies of prime degree , 1978 .

[45]  François Morain,et al.  Finding suitable curves for the elliptic curve method of factorization , 1993 .

[46]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[47]  P. L. Montgomery,et al.  An FFT extension of the elliptic curve method of factorization , 1992 .