Significant progress in the design of special purpose hardware for supporting the Number Field Sieve (NFS) has been made. However, from a practical cryptanalytic point of view, none of the published
proposals for
coping with the sieving step is satisfying. Even for the best known designs, the technological obstacles faced for the parameters
expected for
a 1024-bit RSA modulus are significant.
We present a new hardware design for implementing the sieving step. The suggested chips and their interconnections are of moderate complexity
and
size. According to our preliminary analysis of the 1024-bit the
case, we
expect the new design to be slower than TWIRL by a small factor.
However,
due to the more moderate technological requirements, from a practical cryptanalytic point of view the new design seems to be no less
attractive
than TWIRL.
(Based on joint work with Rainer Steinwandt.)
Copyright. All Rights Reserved.