Subject: Discussion related to cado-nfs
List archive
- From: paul zimmermann <Paul.Zimmermann@inria.fr>
- To: Francois Morain <morain@lix.polytechnique.fr>
- Cc: Cado-nfs-discuss@lists.gforge.inria.fr
- Subject: Re: [Cado-nfs-discuss] more polynomials in CADO
- Date: Mon, 24 Nov 2014 11:17:36 +0100
- List-archive: <http://lists.gforge.inria.fr/pipermail/cado-nfs-discuss/>
- List-id: A discussion list for Cado-NFS <cado-nfs-discuss.lists.gforge.inria.fr>
François,
> Date: Mon, 24 Nov 2014 10:32:01 +0100
> From: Francois Morain <morain@lix.polytechnique.fr>
>
> anybody objecting to my proposition of beginning to have more than two
> polynomials in CADO, making this change compatible with the present
> status?
>
> What I intend to do:
> * add a new field in struct cado_poly_s, say
> int nb_poly;
> * replace
> mpz_poly_t pols[2];
> by
> mpz_poly_t pols[CADO_NB_POLY_MAX];
> with
> #define CADO_NB_POLY_MAX 8 // say
> and inspect the code for replacing [2] by [CADO_NB_POLY_MAX] and the like.
> * modify the parser to authorise
> poly0 = c0,0,c0,1,...
> poly1 = c1,0,c1,1...
> with still poly0 = g = RATIONAL, poly1 = f = ALGEBRAIC.
>
> BTW, there seems to exist a modification of the parser that enables to
> use X0:, X1:, etc., isn't it?
>
> and see what happens next.
>
> FM
as long as the current format still works, I see no objection, for example
cado-nfs/params/rsa155.poly:
# The polynomial originally used for the RSA-155 factorization
# See "Factorization of a 512-Bit RSA Modulus" in Eurocrypt 2000, LNCS 1807
n:
10941738641570527421809707322040357612003732945449205990913842131476349984288934784717997257891267332497625752899781833797076537244027146743531593354333897
type: gnfs
# Murphy gives a skewness of 10800 (page 104 of his thesis)
# and this is also what is given in the Eurocrypt'2000 paper
# the L1-skewness as computed by polyselect would be 8301.109
skew: 10800.0
c5: 119377138320
c4: -80168937284997582
c3: -66269852234118574445
c2: 11816848430079521880356852
c1: 7459661580071786443919743056
c0: -40679843542362159361913708405064
Y1: 1
Y0: -39123079721168000771313449081
# The following bounds were used for lattice sieving. The paper says
# these bounds were chosen due to limitation of the lattice siever to
# factor base primes less than 2^24, not for optimality
rlim: 16777216
alim: 16777216
# The large prime bound originally used was 10^9, not 2^30, but
# we require a power-of-two here
lpbr: 30
lpba: 30
# Some line sieving allowed up to 3 large primes, but lattice sieving only 2
mfbr: 60
mfba: 60
rlambda: 2.2
alambda: 2.6
qintsize: 200000
# The prime factors of the discriminant, if someone wants to play with
# the number field, are
# 2^8 3^9 5^3 7 19 4463369 5854552419428551073
# 90637238831985282234717565562083780589
# 87620962372347280167871012623827350428181877
# 318422122650570760939842277313031606254349797027678964107679980783
Paul
- [Cado-nfs-discuss] more polynomials in CADO, Francois Morain, 11/24/2014
- Re: [Cado-nfs-discuss] more polynomials in CADO, paul zimmermann, 11/24/2014
Archive powered by MHonArc 2.6.19+.