Computations

I took part to the following cryptographic record calculations.

• 2020: Factorization of RSA-250.

  • Original text announcement on NMBRTHRY mailing list,
  • software,
  • reproducibility data,
  • paper.
  • Institutional coverage: CNRS; UCSD.
  • Other: phys.org; Schneier's blog; mersenneforum.

• 2019: Factorization and discrete logarithm records done simultaneously for 240-digit numbers.

  • Original text announcement on NMBRTHRY mailing list,
  • software,
  • reproducibility data,
  • paper.
  • Institutional coverage: PRACE.
  • Press coverage: Le Monde; Ars Technica; New Scientist.

• 2016: Discrete logarithm record over a trapdoored 1024-bit prime

  • Original text announcement on NMBRTHRY mailing list,
  • paper,
  • software.
  • Press coverage: Le Monde; Ars Technica.

• 2016, 2017: Discrete logarithm record over extension fields of large prime characteristic.

  • Original text announcement for \( p^3 \) on NMBRTHRY mailing list,
  • paper for \( p^3 \),
  • paper for \( p^6 \).
  • software.

• 2015: Logjam: exploiting a TLS flaw to take advantage of the relative easiness of individual discrete logarithms once the precomputation is done.

  • paper at ACM CCS,
  • paper in CACM,
  • software.
  • Press coverage: Spiegel; Wall Street Journal; BBC News; ars technica; The Register; focus.de; Bloomberg; Wired; Tom's hardware; ComputerWorld; The Next Web; oszone.net; idg.se; silicon.fr; ZDnet; ZDnet France; itexpresso.fr; Westdeutsche Zeitung; derstandard.at; bit-tech.net; threatpost; softpedia; futurezone.at; iguru.gr; digi.no; datenschutz notizen; nextinpact; USA Today; engadget; techrepublic; v3.co.uk; tom's guide; darkreading; thehill; govinfo security; infosecurity magazine; SC Magazine; top tech; Business Insider; iThome (Taiwan).

• 2014: Discrete logarithm record over prime fields: 180 decimal digits.

  • Original text announcement on NMBRTHRY mailing list,
  • software.
  • Some more software (linear algebra on GPUs, H. Jeljeli) (dead link).

• 2013, 2014: Igusa class polynomial computation. We computed the triple \( H_1, \hat H_2, \hat H_3 \) parameterizing principally polarized abelian varieties having complex multiplication by the maximal order of a quartic CM field with class number \( h=20016 \). Previous state of the art was around \( h=500 \). This has been announced in 2014, together with a genus 2 Jacobian having the corresponding complex multiplication ring.

  • Paper,
  • software.
  • Original text announcement on NMBRTHRY mailing list.

• 2013: Discrete logarithm record over binary fields: \( \operatorname{GF}(2^{809}) \).

  • eprint report
  • Original text announcement on NMBRTHRY mailing list,
  • software.

• 2012: Discrete logarithm record over binary fields: \( \operatorname{GF}(2^{619}) \). We broke an old record by almost the smallest possible increment, but did this in a day.

  • ECC 2012 rump session, slides.
  • software.
  • Some more software (linear algebra on GPUs, H. Jeljeli) (dead link).

• 2012: Factorization of RSA-704. This is the largest factorization achieved so far with publicly available software, namely Cado-NFS (part of the software used to factor RSA-768 is not published). Report on IACR eprint.

• 2010: Factorization of RSA-768. This is the largest publicly announced RSA modulus factorization known.

  • Report on IACR eprint..
  • Paper.
  • Original text announcement on NMBRTHRY mailing list.
  • An attempt at collecting some of the press articles. We've been outnumbered.

• 2007: Discrete logarithm record over non-hyperelliptic curves of genus 3: a \( C_{3,4} \) curve over \( \operatorname{GF}(2^{31}) \), with a 93-bit group order (see the paper).

• 2006: Discrete logarithm record over hyperelliptic curves of genus 3: a curve over \( \operatorname{GF}(p) \) with a 27-bit prime p, having a 81-bit group order (see the paper).

• 2002: Discrete logarithms in \( \operatorname{GF}(2^{607}) \)

  • Paper.
  • Original text announcement on NMBRTHRY mailing list.