ON NONLINEAR POLYNOMIAL SELECTION AND GEOMETRIC PROGRESSION (MOD N) FOR NUMBER FIELD SIEVE

Abstract

The general number field sieve (GNFS) is asymptotically the fastest known factoring algorithm. One of the most important steps of GNFS is to select a good polynomial pair. A standard way of polynomial selection (being used in factoring RSA challenge numbers) is to select a nonlinear polynomial for algebraic sieving and a linear polynomial for rational sieving. There is another method called a nonlinear method which selects two polynomials of the same degree greater than one. In this paper, we generalize Montgomery's method [12] using geometric progression (GP) (mod N) to construct a pair of nonlinear polynomials. We also introduce GP of length d + k with $1{\leq}k{\leq}d-1$ and show that we can construct polynomials of degree d having common root (mod N), where the number of such polynomials and the size of the coefficients can be precisely determined.

Keywords

polynomial selection;number field sieve;geometric progression;LLL algorithm

File

Download PDF

Acknowledgement

Grant : BK21플러스

Supported by : 성균관대학교

References

1. S. Bai, R. P. Brent, and E. Thome, Root optimization of polynomials in the number field sieve, Math. Comp. 84 (2015), no. 295, 2447-2457. https://doi.org/10.1090/S0025-5718-2015-02926-3
2. K. Aoki, J. Franke, T. Kleinjung, A. K. Lenstra, and D. A. Osvik, A Kilobit special number field sieve factorization, Advances in cryptology-ASIACRYPT 2007, pp. 1-12, Lecture Notes in Comput. Sci., 4833, Springer, Berlin, 2007.
3. S. Bai, C. Bouvier, A. Kruppa, and P. Zimmermann, Better Polynomials for GNFS, To appear in Mathematics of Computation.
4. N. Coxon, On nonlinear polynomial selection for the number field sieve, preprint, 2011.
5. N. Coxon, Montgomery's method of polynomial selection for the number field sieve, preprent, 2014.
6. R. Crandall and C. Pomerance, Prime Numbers: A Computational Perspective 2ed, Springer, 2005.
7. J. Gower, Rotations and translations of number field sieve polynomials, Proceeding of Asiacrypt 2003, LNCS 2894, pp. 302-310, 2003.
8. T. Kleinjung, On polynomial selection for the general number field sieve, Math. Comp. 75 (2006), no. 256, 2037-2047. https://doi.org/10.1090/S0025-5718-06-01870-9
9. T. Kleinjung, K. Aoki, J. Franke, A. Lenstra, E. Thome, J. Bos, P. Gaudry, A. Kruppa, P. Montgomery, D. Osvik, H. te Riele, A. Timofeev, and P. Zimmermann, Factorization of a 768-bit RSA modulus, Advances in cryptology-EUROCRYPTO 2010, pp. 333-350, Lecture Notes in Comput. Sci., 6223, Springer, Berlin, 2010.
10. A. K. Lenstra and H. W. Lenstra, Jr, The Development of the Number Field Sieve, LNM 1554, Springer, 1993.
11. A. K. Lenstra, H. W. Lenstra, Jr, and L. Lovasz, Factoring polynomials with rational coefficients, Math. Ann. 261 (1982), no. 4, 513-534.
12. P. Montgomery, Small geometric progressions modulo n, Unpublished note of 2 pages, December 1993, revised 1995 and 2005.
13. B. Murphy, Polynomial Selection for the Number Field Sieve Integer Factorisation Al-gorithm, PhD thesis, Australian National University, July 1999.
14. P. Nguyen and J. Stern, Merkle-Hellman revisited: A cryptoanalysis of the Qu-Vanstone cryptosystem based on group factorizations, Advances in cryptology-EUROCRYPTO '97 (Santa Barbara, CA, 1997), pp. 198-212, Lecture Notes in Comput. Sci., 1294, Springer, Berlin, 1997.
15. T. Prest and P. Zimmermann, Non-linear polynomial selection for the number field sieve, J. Symbolic Comput. 47 (2012), no. 4, 401-409. https://doi.org/10.1016/j.jsc.2011.09.004
16. RSA challenge; available at http://www.rsa.com/rsalabs/html/challenges.html=
17. R. S. Williams, Cubic Polynomials in the Number Field Sieve, MSc Thesis, Texas Tech University, 2010.