Computations

I took part to the following cryptographic record calculations.

• 2020: Factorization of RSA-250.

  • Original text announcement on NMBRTHRY mailing list,
  • software,
  • reproducibility data,
  • paper.
  • Institutional coverage: CNRS; UCSD.
  • Other: phys.org; Schneier's blog; mersenneforum.

• 2019: Factorization and discrete logarithm records done simultaneously for 240-digit numbers.

  • Original text announcement on NMBRTHRY mailing list,
  • software,
  • reproducibility data,
  • paper.
  • Institutional coverage: PRACE.
  • Press coverage: Le Monde; Ars Technica; New Scientist.

• 2016: Discrete logarithm record over a trapdoored 1024-bit prime

  • Original text announcement on NMBRTHRY mailing list,
  • paper,
  • software.
  • Press coverage: Le Monde; Ars Technica.

• 2016, 2017: Discrete logarithm record over extension fields of large prime characteristic.

  • Original text announcement for \(p^3\) on NMBRTHRY mailing list,
  • paper for \(p^3\) ,
  • paper for \(p^6\) .
  • software.

• 2015: Logjam: exploiting a TLS flaw to take advantage of the relative easiness of individual discrete logarithms once the precomputation is done.

  • paper at ACM CCS,
  • paper in CACM,
  • software.
  • Press coverage: Spiegel; Wall Street Journal; BBC News; ars technica; The Register; focus.de; Bloomberg; Wired; Tom's hardware; ComputerWorld; The Next Web; oszone.net; idg.se; silicon.fr; ZDnet; ZDnet France; itexpresso.fr; Westdeutsche Zeitung; derstandard.at; bit-tech.net; threatpost; softpedia; futurezone.at; iguru.gr; digi.no; datenschutz notizen; nextinpact; USA Today; engadget; techrepublic; v3.co.uk; tom's guide; darkreading; thehill; govinfo security; infosecurity magazine; SC Magazine; top tech; Business Insider; iThome (Taiwan).

• 2014: Discrete logarithm record over prime fields: 180 decimal digits.

  • Original text announcement on NMBRTHRY mailing list,
  • software.
  • Some more software (linear algebra on GPUs, H. Jeljeli) (dead link).

• 2013, 2014: Igusa class polynomial computation. We computed the triple \(H_1, \hat H_2, \hat H_3\) parameterizing principally polarized abelian varieties having complex multiplication by the maximal order of a quartic CM field with class number \(h=20016\) . Previous state of the art was around \(h=500\) . This has been announced in 2014, together with a genus 2 Jacobian having the corresponding complex multiplication ring.

  • Paper,
  • software.
  • Original text announcement on NMBRTHRY mailing list.

• 2013: Discrete logarithm record over binary fields: \(\operatorname{GF}(2^{809})\) .

  • eprint report
  • Original text announcement on NMBRTHRY mailing list,
  • software.

• 2012: Discrete logarithm record over binary fields: \(\operatorname{GF}(2^{619})\) . We broke an old record by almost the smallest possible increment, but did this in a day.

  • ECC 2012 rump session, slides.
  • software.
  • Some more software (linear algebra on GPUs, H. Jeljeli) (dead link).

• 2012: Factorization of RSA-704. This is the largest factorization achieved so far with publicly available software, namely Cado-NFS (part of the software used to factor RSA-768 is not published). Report on IACR eprint.

• 2010: Factorization of RSA-768. This is the largest publicly announced RSA modulus factorization known.

  • Report on IACR eprint..
  • Paper.
  • Original text announcement on NMBRTHRY mailing list.
  • An attempt at collecting some of the press articles. We've been outnumbered.

• 2007: Discrete logarithm record over non-hyperelliptic curves of genus 3: a \(C_{3,4}\) curve over \(\operatorname{GF}(2^{31})\) , with a 93-bit group order (see the paper).

• 2006: Discrete logarithm record over hyperelliptic curves of genus 3: a curve over \(\operatorname{GF}(p)\) with a 27-bit prime p, having a 81-bit group order (see the paper).

• 2002: Discrete logarithms in \(\operatorname{GF}(2^{607})\)

  • Paper.
  • Original text announcement on NMBRTHRY mailing list.