Faster Index Calculus for the Medium Prime Case Application to 1175-bit and 1425-bit Finite Fields

Joux, Antoine

doi:10.1007/978-3-642-38348-9_11

Cited by 46 publications

(53 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fresh experimentation is needed to investigate the effects of SIMD parallelization on polynomial sieves. Data-parallel implementations of the pinpointing algorithm of Joux [29] also merits attention.…”

Section: Resultsmentioning

confidence: 99%

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Sengupta

Das

2017

Applied Mathematics and Computation

View full text Add to dashboard Cite

Abstract. Many cryptographic protocols derive their security from the apparent computational intractability of the integer factorization problem. Currently, the best known integer-factoring algorithms run in subexponential time. Efficient parallel implementations of these algorithms constitute an important area of practical research. Most reported implementations use multi-core and/or distributed parallelization. In this paper, we use SIMD-based parallelization to speed up the sieving stage of integer-factoring algorithms. We experiment on the two fastest variants of factoring algorithms: the number-field sieve method and the multiple-polynomial quadratic sieve method. Using Intel's SSE2 and AVX intrinsics, we have been able to speed up index calculations in each core during sieving. This performance enhancement is attributed to a reduction in the packing and unpacking overheads associated with SIMD registers. We handle both line sieving and lattice sieving. We also propose improvements to make our implementations cache-friendly. We obtain speedup figures in the range 5-40%. To the best of our knowledge, no public discussions on SIMD parallelization in the context of integer-factoring algorithms are available in the literature.

show abstract

Section: Resultsmentioning

confidence: 99%

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Sengupta

Das

2017

Applied Mathematics and Computation

View full text Add to dashboard Cite

show abstract

“…In [10], it was remarked that a single polynomial f that nicely factors can be transformed into several such polynomials, simply by a linear change of variable: f (X) −→ f (aX), for any non-zero constant a.…”

Section: Basic Ideamentioning

confidence: 99%

“…One of the two main ideas used for our algorithm is a generalization of the pinpointing technique proposed in [10]. Another independent algorithm for characteristic 2 was proposed in [5], yielding an algorithm with complexity L Q (1/3), with a better constant than the Function Field Sieve.…”

Section: Introductionmentioning

confidence: 99%

A New Index Calculus Algorithm with Complexity $$L(1/4+o(1))$$ in Small Characteristic

Joux

2014

Lecture Notes in Computer Science

Self Cite

120

112

View full text Add to dashboard Cite

Abstract. In this paper, we describe a new algorithm for discrete logarithms in small characteristic. This algorithm is based on index calculus and includes two new contributions. The first is a new method for generating multiplicative relations among elements of a small smoothness basis. The second is a new descent strategy that allows us to express the logarithm of an arbitrary finite field element in terms of the logarithm of elements from the smoothness basis. For a small characteristic finite field of size Q = p n , this algorithm achieves heuristic complexity LQ(1/4 + o(1)). For technical reasons, unless n is already a composite with factors of the right size, this is done by embedding FQ in a small extension FQe with e ≤ 2 log p n .

show abstract

“…The first of these improvements published in [Jou13a] showed that the 2006 version of the Function Field Sieve from [JL06] can be modified in a surprising way to improve its complexity. The basic idea is to slightly change how finite fields are defined and ends in a situation where the search for one smooth polynomial on the left-hand side of a relation can be amortized by constructing many possible right-hand sides from a single initial polynomial on the left.…”

Section: Small Characteristicmentioning

confidence: 99%

“…The basic idea can be viewed in two different ways, one can either consider a family of polynomials whose splitting probability is much higher than for random polynomials of the same degree as proposed in [GGMZ13], or start from a polynomial that splits and use a generalized version of the change of variable from [Jou13a] to construct many polynomials from this starting point. This latter approach is described in [Jou13b] and combined with a new method for computing individual logarithms, it yields a heuristic L(1/4) algorithm.…”

Section: Small Characteristicmentioning

confidence: 99%

The Past, Evolving Present, and Future of the Discrete Logarithm

Joux

Odlyzko

Pierrot

2014

Open Problems in Mathematics and Computational Science

Self Cite

View full text Add to dashboard Cite

The first practical public key cryptosystem ever published, the Diffie-Hellman key exchange algorithm, relies for its security on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the security of a large variety of other public key systems and protocols.Since the introduction of the Diffie-Hellman key exchange more than three decades ago, there have been substantial algorithmic advances in the computation of discrete logarithms. However, in general the discrete logarithm problem is still considered to be hard. In particular, this is the case for the multiplicative group of finite fields with medium to large characteristic and for the additive group of a general elliptic curve.This paper presents a current survey of the state of the art concerning discrete logarithms and their computation.

show abstract

Faster Index Calculus for the Medium Prime Case Application to 1175-bit and 1425-bit Finite Fields

Cited by 46 publications

References 14 publications

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

A New Index Calculus Algorithm with Complexity $$L(1/4+o(1))$$ in Small Characteristic

The Past, Evolving Present, and Future of the Discrete Logarithm

Contact Info

Product

Resources

About