|
2012-10-31, 21:56
|
#1 |
|
Oct 2012
2×3 Posts |
Factorization Project
Hi All. Sorry for my english, I speak spanish.
I was reading your forum for the last week in a daily basis and learning a lot about this new (for me) world of "Factorization ", I'm a Software Programmer and I'm working in a project and as a part of this project I need to break a 512 RSA key. I run a polinomial sarch for couple of days and I found this plinomial. I think that is a good one because I read that others with a 155 digits numbers found polinomials with a worst Murphy Score. Code:
n: 9330647851749976394640049245988341084251457066477254064387678593246658843721286080407870681103449135685712977746375526208381757210885555288474534773885843 # norm 7.208858e-015 alpha -6.647080 e 3.636e-012 rroots 5 skew: 20221494.43 c0: 127448258002115900251200751741968833225 c1: 195288306526916322821130677351970 c2: -11339011323431739879025280 c3: -2189856519884767486 c4: 26236783015 c5: 876 Y0: -1605023981925215696711560719284 Y1: 7801575093334627 rlim: 25000000 alim: 25000000 lpbr: 29 lpba: 29 mfbr: 58 mfba: 58 rlambda: 2.5 alambda: 2.5 I read that here are people with big hardware resourses for sieving, so if anyone want to help me, I'd really appreciate it. I mostly want to learn, this project (The whole project I'm working on, not the RSA key break) is only for learning and experiment purposes, there is no real "gain" or something. Cheers. Last fiddled with by akruppa on 2012-10-31 at 22:59 Reason: code tags |
|
|
|
2012-11-01, 07:32
|
#2 |
Sep 2009
977 Posts |
In the last week, I factored a 512-bit RSA key, with up to 42 hyperthreads on 8 computers with 7 different processor types.
The sieving went from Thursday evening to Sunday morning, and the post-processing from Sunday mid-day to Monday afternoon. I could have made the post-processing somewhat faster with another computer, but bandwidth constraints got in the way. This shows (unsurprisingly) that factoring a 512-bit RSA key has become quite a bit easier since 2009, when RSALS was set up to speed up the factorization of a dozen keys (with a quorum of 2 on WUs, so we effectively wasted half of our of CPU power). If you can put 32 recent cores (running 64-bit Linux, that's where ggnfs is the most efficient) to the task of sieving, it will be done pretty quickly :) A polynomial with E=3.636e-12 is indeed decent for your number. |
|
|
|
|
2012-11-01, 23:27
|
#3 |
|
Oct 2012
2·3 Posts |
Thanks for your comments debrouxl. I read a lot of forums post with your interventions and learn a lot from you. I read about RSALS and I liked so much the story about the Texas Instruments signing keys.
I don't have hardware resources, only a Core i5 notebook :(, so I'm sieving slowly, I think that I can continue working in other parts of my project while is sieving but I'm very intrigued if I will have succes in the search of the factors. I read that I need at least 60M raw relations, is this ok? I'm obtaining something like 2X the number of Q proseced ¿Is that a good relation? I don't read a lot about the post procesing fase, ¿Can you give some advises?. ¿Can it be paralelized? |
|
|
|
|
2012-11-02, 11:42
|
#4 | |
|
Just call me Henry
"David"
Sep 2007
Cambridge (GMT/BST)
23·3·5·72 Posts |
Quote:
2X the number of Q processed is a good ratio. |
|
|
|
|
|
2012-11-02, 13:23
|
#5 |
|
Oct 2012
68 Posts |
thanks henryzz, I have 4 GB RAM so I think that should be suficient. I'm runing multiple GGNFS threads with diferent jobs files in diferent folders for paralelize it, I don't know if there is a better way of do that.
|
|
|
|
|
2012-11-02, 22:56
|
#6 | |
|
Just call me Henry
"David"
Sep 2007
Cambridge (GMT/BST)
23×3×5×72 Posts |
Quote:
|
|
|
|
|
|
2012-11-03, 15:22
|
#7 |
|
Sep 2009
977 Posts |
For jobs of this size, post-processing doesn't need parallelization, indeed
 On a C154-C155, with the 14e siever, 1.7-2 relations per q value at the bottom of the range are the expected yield; it will decrease as you move upwards, you'll probably have to sieve a range of 35-40M q values. On your computer, a month of wall clock time should be enough for sieving, assuming 64-bit Linux siever and assuming 2 cores / 4 hyperthreads for a mobile Core i5. Note that I didn't create RSALS, but I've fed it almost all of its numbers over three years, and I've served as its de-facto public face. |
|
|
|
|
2012-11-03, 19:31
|
#8 |
|
Oct 2012
2×3 Posts |
Thanks for your coments. So I think this will be a large task...
|
|
|
|
|
2012-12-08, 18:53
|
#9 |
|
Oct 2012
2×3 Posts |
I don't know howt to reconstruct my private key file after obtaining my factors ¿ There is a tool that helpme in this task?.
Cheers. |
|
|
|
|
2012-12-09, 21:28
|
#10 |
|
Basketry That Evening!
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88
3·29·83 Posts |
|
|
|
|
|
2012-12-11, 01:19
|
#11 |
|
Oct 2012
2×3 Posts |
HI Again.
Thanks for the link Dubslow. Now I'm having a problem, I'm runing this comand ..\msieve -v -s todasrelaciones.dat -i rsa100.n -nf rsa100.fb -nc1 -v And getting this error, I don't know what I'm doing wrong. Code:
Mon Dec 10 23:00:19 2012 Msieve v. 1.50 (SVN 708) Mon Dec 10 23:00:19 2012 random seeds: 340fbce0 990c5b54 Mon Dec 10 23:00:19 2012 factoring 9330647851749976394640049245988341084251457066477254064387678593246658843721286080407870681103449135685712977746375526208381757210885555288474534773885843 (154 digits) Mon Dec 10 23:00:20 2012 searching for 15-digit factors Mon Dec 10 23:00:21 2012 commencing number field sieve (154-digit input) Mon Dec 10 23:00:21 2012 warning: factor base file uninitialized Mon Dec 10 23:00:21 2012 elapsed time 00:00:02 |
|
|
|
 |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Special project #3b - Project 400 | schickel | Aliquot Sequences | 307 | 2011-10-28 01:29 |
| Special project #3a - Project 300 | schickel | Aliquot Sequences | 29 | 2011-08-12 17:45 |
| Factorization of 7,254+ | dleclair | NFSNET Discussion | 1 | 2006-03-21 05:11 |
| Factorization of 11,212+ | Wacky | NFSNET Discussion | 1 | 2006-03-20 23:43 |
| Factorization of M(738) | McBryce | Factoring | 2 | 2003-09-19 19:32 |
