Cryptology ePrint Archive: Report 2006/109

A Simpler Sieving Device: Combining ECM and TWIRL

Willi Geiselmann and Fabian Januszewski and Hubert Koepfer and Jan Pelzl and Rainer Steinwandt

Abstract: A main obstacle in manufacturing the TWIRL device for realizing the sieving step of the Number Field Sieve is the sophisticated chip layout. Especially the logic for logging and recovering large prime factors found during sieving adds significantly to the layout complexity. We describe a device building on the Elliptic Curve Method (ECM) that for parameters of interest enables the replacement of the complete logging part in TWIRL by an off-wafer postprocessing. The postprocessing is done in real time, leaving the total sieving time basically unchanged.

The proposed device is an optimized ECM implementation building on curves chosen to cope with factor sizes as expected in the output of TWIRL. According to our preliminary analysis, for the relation collection step expected for a 1024-bit factorization our design is realizable with current fab technology at very moderate cost. The proposed ECM engine also finds the vast majority of the needed cofactor factorizations. In summary, we think the proposed device to enable a significant decrease of TWIRL's layout complexity and therewith its cost.

Category / Keywords: public-key cryptography / RSA, NFS, ECM, cryptanalytic hardware

Publication Info: accepted at ICISC 2006

Date: received 20 Mar 2006, last revised 26 Aug 2006

Contact author: rsteinwa at fau edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: corrected complexity estimate

Version: 20060826:170457 (All versions of this report)

Short URL: ia.cr/2006/109

Discussion forum: Show discussion | Start new discussion