Paper 2015/1000

Factoring as a Service

Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri, and Nadia Heninger


The difficulty of integer factorization is fundamental to modern cryptographic security using RSA encryption and signatures. Although a 512-bit RSA modulus was first factored in 1999, 512-bit RSA remains surprisingly common in practice across many cryptographic protocols. Popular understanding of the difficulty of 512-bit factorization does not seem to have kept pace with developments in computing power. In this paper, we optimize the CADO-NFS and Msieve implementations of the number field sieve for use on the Amazon Elastic Compute Cloud platform, allowing a non-expert to factor 512-bit RSA public keys in under four hours for \$75. We go on to survey the RSA key sizes used in popular protocols, finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC, HTTPS, IMAP, POP3, SMTP, DKIM, SSH, and PGP.

Note: Corrected a reference.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MINOR revision.Financial Cryptography and Data Security 2016
RSAfactoringcloud computing
Contact author(s)
nadiah @ cis upenn edu
2016-01-16: last of 3 revisions
2015-10-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Luke Valenta and Shaanan Cohney and Alex Liao and Joshua Fried and Satya Bodduluri and Nadia Heninger},
      title = {Factoring as a Service},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1000},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.