Massively Parallel Computation of Discrete Logarithms

Gordon, Daniel M.; McCurley, Kevin S.

doi:10.1007/3-540-48071-4_22

Cited by 37 publications

(23 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is an interesting experimental investigation to determine how SIMD features can benefit sieving by vectors. -Our implementations of the MPQSM and NFSM sieves are not readily portable to polynomial sieves used in the computation of discrete logarithms over finite fields of small characteristics (for example, see [27,28]). Fresh experimentation is needed to investigate the effects of SIMD parallelization on polynomial sieves.…”

Section: Resultsmentioning

confidence: 99%

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Sengupta

Das

2017

Applied Mathematics and Computation

View full text Add to dashboard Cite

Abstract. Many cryptographic protocols derive their security from the apparent computational intractability of the integer factorization problem. Currently, the best known integer-factoring algorithms run in subexponential time. Efficient parallel implementations of these algorithms constitute an important area of practical research. Most reported implementations use multi-core and/or distributed parallelization. In this paper, we use SIMD-based parallelization to speed up the sieving stage of integer-factoring algorithms. We experiment on the two fastest variants of factoring algorithms: the number-field sieve method and the multiple-polynomial quadratic sieve method. Using Intel's SSE2 and AVX intrinsics, we have been able to speed up index calculations in each core during sieving. This performance enhancement is attributed to a reduction in the packing and unpacking overheads associated with SIMD registers. We handle both line sieving and lattice sieving. We also propose improvements to make our implementations cache-friendly. We obtain speedup figures in the range 5-40%. To the best of our knowledge, no public discussions on SIMD parallelization in the context of integer-factoring algorithms are available in the literature.

show abstract

Section: Resultsmentioning

confidence: 99%

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Sengupta

Das

2017

Applied Mathematics and Computation

View full text Add to dashboard Cite

show abstract

“…We implement the lattice sieve [26] in JL02-FFS and the polynomial sieve [11] in JL06-FFS, respectively. The detail of our implementation in JL06-FFS is described in Section 4.…”

Section: Comparison Of the Sieving Areamentioning

confidence: 99%

“…The polynomial sieve [11] and the lattice sieve [26] are well-known sieving algorithms. Although the lattice sieve is implemented in some experiments of the FFS such as [12,15,16], we implement the polynomial sieve since r is fixed as a monic polynomial by the polynomial sieve in JL06-FFS, whereas neither r nor s is able to be fixed by the lattice sieve.…”

Section: Collection Of Relationsmentioning

confidence: 99%

See 1 more Smart Citation

Solving a 676-Bit Discrete Logarithm Problem in GF(36n)

Hayashi

Shinohara

Wang

et al. 2012

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

Abstract. Pairings on elliptic curves in finite fields are crucial material for constructions of various cryptographic schemes. The ηT pairing on supersingular curves over GF(3 n ) is in particular popular since it is efficiently implementable. Taking into account of the MOV attack, the discrete logarithm problems (DLP) in GF(3 6n ) becomes concerned to the security of cryptosystems using ηT pairings in this case. In 2006, Joux and Lercier proposed a new variant of the function field sieve in the medium prime case, named JL06-FFS. We have, however, not found any practical implementations on JL06-FFS over GF(3 6n ) up to now. Therefore, we have firstly fulfilled such an implementation and successfully set a new record for solving the DLP in GF(3 6n ), the DLP in GF(3 6·71 ) of 676-bit size. We conclude that n = 97 case, where there are many implementations of the ηT pairing, is not recommended in practical use. In addition, we also conduct comparisons between JL06-FFS and an earlier version, named JL02-FFS, by practical experiments. Our results confirm that the former is faster several times than the latter under certain conditions.

show abstract

“…These calculations are being executed on an nCube-2 massively parallel computer with 1024 processors [649,650]. Computing discrete logarithms in GF (2 593 ) is still barely out of reach.…”

Section: Calculating Discrete Logarithms In a Finite Groupmentioning

confidence: 99%

Applied cryptography: Protocols, algorithms, and source code in C

1994

Computer Law & Security Review

771

View full text Add to dashboard Cite

Massively Parallel Computation of Discrete Logarithms

Cited by 37 publications

References 10 publications

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Use of SIMD-based data parallelism to speed up sieving in integer-factoring algorithms

Solving a 676-Bit Discrete Logarithm Problem in GF(36n)

Applied cryptography: Protocols, algorithms, and source code in C

Contact Info

Product

Resources

About