mersenneforum.org  

Go Back   mersenneforum.org > Factoring Projects > Factoring

Reply
 
Thread Tools
Old 2008-11-05, 16:58   #1
R.D. Silverman
 
R.D. Silverman's Avatar
 
Nov 2003

22·5·373 Posts
Default CADO

Hi,

Would anyone who attended the CADO workshop care to
summarize what went on? Were there any revelations/
insights/new ideas ??

I now have a proof that using a constant area sieve region
for the lattice sieve is not optimal. One should use a larger
region for the smaller special q's and gradually decrease the size
of the region as q increases. However, the speedup obtained does
not seem to be large for a practical reason.

Owing to the way computers address 2D arrays, it is
advantageous to have a sieve region be 2^n x 2^m.
An attempt to use (say) a sieve region that is 1.537 x 2^n
by 3.682 x 2^m would slow down the addressing.....
Thus, while the total number of sieve points would be reduced
by following an optimal "size strategy", addressing those points
would be slower.

I can write this up and submit a paper, but since the optimization
is not (very) effective, I am not sure that it is worth doing.
R.D. Silverman is offline   Reply With Quote
Old 2008-11-05, 18:25   #2
jasonp
Tribal Bullet
 
jasonp's Avatar
 
Oct 2004

22×883 Posts
Default

CADO had a lot of people present on a wide range of different topics. For NFS implementations, in no particular order, some of the highlights were:

- Peter Montgomery walked through some of his ideas for the postprocessing for RSA768 (the factorization is underway now and the sieving is pretty far along)

- Thorsten Kleinjung explained a new algorithm for GNFS polynomial selection, that is both much simpler than the current champion and promises to find noticeably better polynomials. He quoted 15-23% improved quality over the polynomials produced by his earlier method for RSA512 and RSA640. This was actually my favorite talk of the Workshop, and I'm hard at work implementing the new algorithm for msieve

- Alex Kruppa went through a long list of changes that are necessary for a lattice siever to find more than two large primes in relations, combined with building a network of factoring strategies that include P+-1 and ECM with parameters optimized for small inputs. Currently the CADO lattice siever finds relations with three large primes 25% faster than with two large primes

- Patrick Stach walked through a lot of the low-level details of the linear algebra and talked about mapping the computation onto graphics cards; there are 5x speedups possible for matrix multiplication given more sophisticated hardware knowledge

- Dan Bernstein rolled together a lot of his NFS work into a collection of methods to estimate the runtime of a factorization before starting it; maybe someone can combine these with Willemien Ekkelkamp's method of estimating the runtime given some trial sieving

- I talked about many of the filtering tweaks in msieve; hopefully it provided ammunition for the CADO filtering code

There are no proceedings from the workshop, only the slides (available online).
jasonp is offline   Reply With Quote
Old 2008-11-05, 18:52   #3
Batalov
 
Batalov's Avatar
 
"Serge"
Mar 2008
Phi(4,2^7658614+1)/2

2·4,591 Posts
Default

http://cado.gforge.inria.fr/workshop/ Fantastic slides.
http://cado.gforge.inria.fr/software.en.html Sadly, not yet.

Last fiddled with by Batalov on 2008-11-05 at 19:02 Reason: (links "for the rest of us"; I know that you know)
Batalov is offline   Reply With Quote
Old 2008-11-05, 19:29   #4
R.D. Silverman
 
R.D. Silverman's Avatar
 
Nov 2003

746010 Posts
Default

Quote:
Originally Posted by jasonp View Post

- Alex Kruppa went through a long list of changes that are necessary for a lattice siever to find more than two large primes in relations, combined with building a network of factoring strategies that include P+-1 and ECM with parameters optimized for small inputs. Currently the CADO lattice siever finds relations with three large primes 25% faster than with two large primes
There are no proceedings from the workshop, only the slides (available online).
Didn't Alex give any consideration to splitting the cofactors with QS?
I have found that it is faster than the alternatives.....
R.D. Silverman is offline   Reply With Quote
Old 2008-11-06, 12:35   #5
akruppa
 
akruppa's Avatar
 
"Nancy"
Aug 2002
Alexandria

2,467 Posts
Default

I found that with two 30-bit primes (so that the product fits in one word), ECM is almost as fast as Kleinjung's MPQS. Often one prime is a smaller than the other, which gives ECM an advantage. If their product is a little bigger than the word size, MPQS should have a noticeable advantage. If the composite needs to have 3 factors to be smooth, ECM with an early abort strategy will perform far better than MPQS which doesn't tell anything about likely smoothness until it found the actual factors. All in all, an implementation with only P-1, P+1 and ECM can perform quite well, although for some particular cases it would be worthwhile to have MPQS around as a fall-back.

Alex
akruppa is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
CADO NFS Shaopu Lin CADO-NFS 488 2020-09-07 19:12
CADO-NFS on windows jux CADO-NFS 22 2019-11-12 12:08
CADO help henryzz CADO-NFS 4 2017-11-20 15:14
CADO and WinBlows akruppa Programming 22 2015-12-31 08:37
CADO-NFS skan Information & Answers 1 2013-10-22 07:00

All times are UTC. The time now is 18:24.

Tue Dec 1 18:24:08 UTC 2020 up 82 days, 15:35, 2 users, load averages: 1.56, 1.84, 1.92

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.