Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [sieve]

12 questions
12
votes
3 answers

In the Quadratic Sieve, why restrict the factor base?

In the Quadratic Sieve, when factoring a number $N$, many descriptions and most implementations select as the factor base the set of small primes $p_j$ less than some bound $B$ restricted to having Legendre symbol $\left({N\over p_j}\right)=+1$. Why…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
6
votes
0 answers

What are the theoretical memory requirements for these factoring algotihms?

Given an $n$ bit integer quadratic sieve takes $L(\frac12,1+o(1))$ time and number field sieve takes $L(\frac13,1.922)$ time where $L$ notation is given in https://en.wikipedia.org/wiki/L-notation. What are the theoretical memory requirements for…
Turbo
  • 1,045
  • 6
  • 15
3
votes
1 answer

Combining Hellman Pohlig with Sieve

Suppose integer $m$ has $\phi(m)=2pq^5r^2$ where $p,q,r$ are primes. Hellman-Pohlig says that finding discrete log $z\bmod p$, $z\bmod q^5$, $z\bmod r^2$ and $z\bmod 2$ suffices to find $z\bmod\phi(m)$ in $g^z=h\bmod m$. It could be that $p,q^5,r^2$…
Turbo
  • 1,045
  • 6
  • 15
3
votes
1 answer

Proportion of RSA moduli factorable by NFS with less effort than average?

When applied to integers $N$ of comparable size, the Number Field Sieve is notoriously much faster if $N$ is known to be of the form $r^k\pm s$ with $r$ and $s$ suitably small integers, and $k$ an integer: using $L$-notation, the running time of…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
3
votes
2 answers

A variation of Sieve of Eratosthenes for random pseudoprime number generation

I wasn't sure if this question is more suited for SE.Math or not; please tell me if I should move it. For its mpz_nextprime() function (find the next pseudoprime following the given number) GMP uses an interesting variation of the Sieve. In order to…
fjarri
  • 299
  • 1
  • 6
2
votes
1 answer

Quadratic Sieve: Is there a thumb rule for deciding how many numbers to sieve?

In the Quadratic Sieve algorithm, we first decide on a B & then look for B-smooth prime factors by sieving using a quadratic polynomial. I can find a few formulas which help figure out how to decide on B. To factor a number N, we can use the…
user93353
  • 2,348
  • 3
  • 28
  • 49
2
votes
1 answer

Quadratic sieve for DLOG performance - theory vs actual?

Is there any report on comparing quadratic and number field sieve performance in theory vs actual data for discrete logarithm over primes? Is actual data better than theory in any way unexplained (I think I read this somewhere and cannot…
Turbo
  • 1,045
  • 6
  • 15
1
vote
0 answers

How exactly to perform the linear algebra step in the cubic sieve?

The cubic sieve is an algorithm is for computing discrete logarithm mostly in prime fields. It’s performance is less than the numner field sieve but it’s faster than the linear sieve. I do understand in part how to look for relations (not how many…
user2284570
  • 324
  • 4
  • 19
1
vote
1 answer

Does the ability to factor in polynomial time give you smooth numbers in the number field sieve?

I have read that despite strong connections between prime factorization and DLP an algorithm for the former does not imply the latter directly. But I was reading about the number field sieve and it seemed like the bottleneck was identifying smooth…
Ian Campbell
  • 11
  • 1
0
votes
1 answer

In the cubic sieve, what should be the order of the element of the cubic sieve congruences?

The cubic sieve is an algorithm for computing discrete logarithm. The initial step is to find a solution to $x^3\equiv y^2z\pmod p$ such that $x^3\ne y^2z$ with $x,y,z$ of order $p^\alpha$. But what does it mean to have…
user2284570
  • 324
  • 4
  • 19
0
votes
0 answers

Several questions about the cubic sieve for computing discrete logarithms…

The cubic sieve is an algorithm for computing discrete logarithms mostly in prime fields. It’s performance is less than the number field sieve but it’s faster than the linear sieve. See the paper here. How to compute the factor base ? How to do it…
user2284570
  • 324
  • 4
  • 19
0
votes
1 answer

Take n = 4633 and B = {−1, 2, 3}. Note the b-smooth numbers as {67, 68, 69}. Find the factor of n

This question is from Quadratic Sieve Factorization Method. Didn't find the solution on the web also. And not aware of how to solve such questions.
alu vaja
  • 1
  • 1