mersenneforum.org - Factoring 1024-bit number using Yafu

mersenneforum.org (https://www.mersenneforum.org/index.php)

- YAFU (https://www.mersenneforum.org/forumdisplay.php?f=96)

- - Factoring 1024-bit number using Yafu (https://www.mersenneforum.org/showthread.php?t=20421)

[QUOTE=wombatman;408341]Out of curiosity, why are you looking to factor a 1024-bit number?[/QUOTE]

it is just for my research. I am doing research in HPC; cryptography and factorization is very interesting example to use in my research. I wanted to explore the limits.

[QUOTE=LaurV;408350]He means you go to the forest to cut down some trees to warm your house in the winter, but all you can carry with you is your backpack and your axe. Using the axe you can cut down a tree in a reasonable amount of time, and carry it home, if the tree is not so big, and moreover, when you reach the forest, you found a couple of idiots (us), who use similar axes to cut down trees which are half meter in diameter, in days. Then, seeing that, you get an idea: what is the first thing you do? You go to one of the biggest tree in the forest, that one which is about two meters in diameter, and try to use your axe to cut it down. Your axe was done for smaller trees, and it only has about 80 cm handler, so you will have to go many turns around that tree, or cut it larger and put your hands (and the nose, and the full head) inside of the cut to reach the mid of the tree with your blade...

Factoring is the same, you may still be able to cut that tree, find a good poly within the limited [STRIKE]search range for the coefficients[/STRIKE] handler, and even sieve, if you put your nose inside, but you will not have the optimal time like you should have been using a chainsaw or something bigger, a caterpillar saw... The space you are searching will not allow you to use "optimal parameters" for this factorization, as you are pushing msieve close to its limits, and you will be forced to use parameters which are convenient to msieve, but "slower" not "optimal" for the number you are trying to factor.

More basic than that we can't explain.

(sorry, I could not refrain myself when I saw someone trying to factor a RSA1024 key and asking what a C97 is, and what a 4 degree poly is...)[/QUOTE]

:)
Never mined; I liked the example anyway. I am new here and by time I will understand the rules :))

Thank you

[QUOTE=VBCurtis;408357]What parameters did you use to get the "1.6 times"? Or, which parameters of NFS factorizations do you grasp the meaning of? Once we know which knobs you are aware of, we can explain to you the limits those knobs can be turned to, and why those limits aren't nearly enough to factor RSA-1024.[/QUOTE]

I will collect all the information about the parameters (most of them are the default). 1024 is not the objective, I can go much less than that. It was really choking how fast the problem complexity grows with the number of bits !!!

[QUOTE=CRGreathouse;408351]As a ballpark, you're looking at 4 million GHz-years for the sieving, assuming software could be tuned to work with numbers that large. So to get it done in 10 years you'd need, say, 25,000 quad-core 4 GHz machines.

You'd also need a ridiculous machine for the matrix step. Scaling from the 768-bit GNFS, storing the matrix alone would take 4TB, with maybe 40TB needed for Berlekamp-Massey. Perhaps this can be done on SSD rather than in-memory; the current performance penalty is 'only' about 40x.[/QUOTE]

The numbers are terrifying :)) I start to understand the limits now !!! I can keep playing with 512 or less to gain more experience. Thank you

If you don't mind.

At least Batalov is saying this thing.

If you happen to factorize 21, you know that the factors are 3 and 7.

For the number 20, it is 4 * 5, or rather 2 * 2 * 5

For 22, the factors are 2 * 11

In contrast, RSA-1024 is a 309 digit number. It is composite and one may assume that it is having two factors between
perhaps 150 and 160 digits in size as its individual factors.

But take a 150 digit number ending in either 0, 2, 4, 6, or 8. Such a number is even, and at least you should be able to
divide such a number by 2.

A similar number ending in 5 should be having 5 as a factor. Dividing such a number, you may end up with a number having
3, 5, or 7 as its last digit. As long as the last digit is 5, except the number 5 itself, you should be able to divide this
number with at least the factor 5, because you know that it should divide in such a way.

But in most cases, things are not that easy. In a recent example here, a 159-digit composite number ending with 1 as its last
digit is shown to be having a 13 digit factor.

For us who happen to be doing this, there should be no secret that the total number of factors are very large indeed.

Therefore, just saying that 21 equals 3 * 7 because you just happen it to be so is not the final or ultimate solution when
it comes to such a thing as being able to factorize a 1024-bit number.

Rather it should be about a way of knowing which numbers are factors and most likely are not supposed to divide the number
you wish to know the factors for.

Another important thing is thinking about numbers as being part of a hierarchical tree.

If you think of a RSA-1024 number being the root of the tree which you are not able to reach, you will need to go for the individual branches of such a tree and try factorizing each branch in order to be able to get to the individual factors.

For many numbers this is now a possible thing to do. For other numbers, such a factorization has still left to be carried out and the individual factors for these numbers are therefore still not known.

[QUOTE=LaurV;409272]Sh!t, he is back![/QUOTE]

And saying less than ever. I wish he wrote about Physics instead- then we could discover how special relativity would affect walking to the train station.

Apparently so.

But this should not be a secret.

Right now I do not understand the analogy about walking to the train station, but at least I happen to know that numbers supposedly could be quantisized when it comes to properties.

Take a composite number. Multiply this number with another composite number, possibly slightly larger, or at least in such a given order, next take the square root of this number, assuming that the answer is not the exact square root, but rather an approximation.

Next factorize the number you get by using either the ecm command, or if possible, try using the factor command on the whole number.

If the number completely factors, you have reached the end of one such branch. The other one, or part of the number, may still remain either unfactored or only partial factored. If the latter is true, next do the same process again, or perhaps divide the original number with the composite number which has yet to be fully factored.

Doing such a thing and possibly using a fixed composite number against another number which is having no small factors eventually will find the prime factors in between, because the square root function is supposed to return an approximate answer to the number, a big frustration and irritation to the newbee, but most likely a must when you happen to know the secret.

Guess I told you the secret now.

[QUOTE=VBCurtis;409306]And saying less than ever. I wish he wrote about Physics instead- then we could discover how special relativity would affect walking to the train station.[/QUOTE]

I think he took too much LSD