Subject: Discussion related to cado-nfs
List archive
Re: [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€
Chronological Thread
- From: Laël Cellier <lael.cellier@grenoble-inp.org>
- To: Pierrick Gaudry <pierrick.gaudry@loria.fr>
- Cc: cado-nfs@inria.fr
- Subject: Re: [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€
- Date: Mon, 11 Mar 2024 11:31:07 +0100
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=lael.cellier@grenoble-inp.org; spf=None smtp.mailfrom=lael.cellier@grenoble-inp.org; spf=None smtp.helo=postmaster@smtpout01-ext2.partage.renater.fr
- Dkim-filter: OpenDKIM Filter v2.10.3 zmtaauth01.partage.renater.fr 068B9140136
- Ironport-sdr: 65eedd6d_pp/h7E9yC5A5g3bx2KlEoGkD8aBni389Fcr+UgRKNi7Rweo KC6eQZAcwgzL1ub033VOqHMSkp9uOu/CJfMyZSA==
Hemm noo…
ECM is not beating NFS for these
parameters; you need an expected ~40000 runs with
And then it wouldn’t happen for less than 100€…
Unless you heard about modern fpga implementations.
Sincerely,
Le 11/03/2024 à 7:53 AM, Pierrick
Gaudry a écrit :
Hi, ECM is an almost perfectly parallelizable factoring algorithm. Its complexity is in L(1/2) instead of L(1/3) for GNFS, and in practice it can extract prime factors of only a few dozen of digits. For 115 digits RSA numbers, it is certainly not the fastest method. You can have a look at GMP-ECM. Give it a try with appropriate parameters (see https://members.loria.fr/PZimmermann/records/ecm/params.html), and you will get an estimate of the cost. Note the total time of ECM before finding a factor is very probabilistic. Regards, Pierrick On Mon, Mar 11, 2024 at 12:34:29AM +0100, Laël Cellier wrote:As everybody here knows, the ɢɴꜰꜱ is the most efficient algorithm for factoring numbers formed of roughly equal in length composites. But it’s linear Algebra/sequential parts means (If I’m not wrong), that it requires at least 9 minutes on current hardware to factor semi‑primes formed of composites of roughly equal length (in the case of 382 bits semi‑primes the Linear part takes 6 to 10 minutes). Are there less efficient algorithms but by being more parallelizable, that would allow to solve batch of such semi‑primes faster using more resources ? (though not prohibitively costly). If yes, it would be good for ᴄᴀᴅᴏ to support them… The aim is part of a small competition where the reward goes to the first who answers. The fact the record is still 9 minutes for 382 bits semi‑prime seems to tell there’s no solution : but there’s currently only 3 participants in the race. Sincerely,
- [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€, Laël Cellier, 03/11/2024
- Re: [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€, Pierrick Gaudry, 03/11/2024
- Re: [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€, Paul Leyland, 03/11/2024
- Re: [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€, Laël Cellier, 03/11/2024
- Re: [cado-nfs] Factoring 350 to 400 bits long rsa number… But in less than 5 to 7 minutes and less than 100€, Pierrick Gaudry, 03/11/2024
Archive powered by MHonArc 2.6.19+.