High-Performance Integer Factoring with Reconfigurable Devices

We present a novel FPGA-based implementation of the Elliptic Curve Method (ECM) for the factorization of medium-sized composite integers. More precisely, we demonstrate an ECM implementation capable to determine prime factors of up to 2,424 151-bit integers per second using a single Xilinx Virtex-4 SX35 FPGA. Using this implementation on a cluster like the COPACOBANA is beneficial for attacking cryptographic primitives like the well-known RSA cryptosystem with advanced methods such as the Number Field Sieve (NFS). To provide this vast number of integer factorizations per FPGA, we make use of the available DSP blocks on each Virtex-4 device to accelerate low-level arithmetic computations. This methodology allows the development of a time-area efficient design that runs 24 ECM cores in parallel, implementing both phase 1 and phase 2 of the ECM. Moreover, our design is fully scalable and supports composite integers in the range from 66 to 236 bits without any significant modifications to the hardware. Compared to the implementation by Gaj et al., who reported an ECM design for the same Virtex-4 platform, our improved architecture provides an advanced cost-performance ratio which is better by a factor of 37.

[1]  Richard P. Brent,et al.  Some integer factorization algorithms using elliptic curves , 2010, ArXiv.

[2]  Jean-Jacques Quisquater,et al.  Integer Factorization Based on Elliptic Curve Method: Towards Better Exploitation of Reconfigurable Hardware , 2007, 15th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM 2007).

[3]  Milos Drutarovský,et al.  Hardware factorization based on elliptic curve method , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[4]  H. Edwards A normal form for elliptic curves , 2007 .

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Patrick Baier,et al.  Area-Time Efficient Implementation of the Elliptic Curve Method of Factoring in Reconfigurable Hardware for Application in the Number Field Sieve , 2010, IEEE Transactions on Computers.

[7]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[8]  Tim Güneysu,et al.  Cryptanalysis with COPACOBANA , 2008, IEEE Transactions on Computers.

[9]  Patrick Baier,et al.  Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware , 2006, CHES.

[10]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[11]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[12]  Tim Güneysu,et al.  Enhancing COPACOBANA for advanced applications in cryptography and cryptanalysis , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[13]  Holger Orup,et al.  Simplifying quotient determination in high-radix modular multiplication , 1995, Proceedings of the 12th Symposium on Computer Arithmetic.

[14]  Jean-Jacques Quisquater,et al.  Integer Factorization Based on Elliptic Curve Method: Towards Better Exploitation of Reconfigurable Hardware , 2007 .

[15]  H. C. Williams,et al.  A $p+1$ method of factoring , 1982 .

[16]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[17]  Tanja Lange,et al.  ECM on Graphics Cards , 2009, IACR Cryptol. ePrint Arch..

[18]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .