Eran Tromer of Weizmann Institute gave a talk at MIT on special-purpose factoring machines, and Intrepid Reporter Bob Hettinga summarized to Perry's List.

Date: Wed, 14 Sep 2005 21:12:30 -0400 To: cryptography@metzdowd.com From: "R.A. Hettinga" <rah@shipwright.com> Subject: Re: MIT talk: Special-Purpose Hardware for Integer Factoring

At 12:29 PM -0400 9/14/05, Steven M. Bellovin wrote:

...

TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005

So, I saw this here at Farquhar Street at 14:55EST, jumped in the shower, thus missing the train 13:20 train at Rozzy Square :-), instead took the bus, and then the T, and got to MIT's New Funny-Looking Building about 16:40 or so, and saw the last few slides, asking the first, and only, question, because the grad-students shot out of there at relativistic velocity, probably so they wouldn't miss their dinner, or something...

The upshot, to me, was that 1024-bit RSA keys are, for Nobody Special Anywhere, probably as DED as DES, for certain keys but probably not all without way too much money, but that things start to go sideways for this box somewhere south of 2kbit keysize, and so this is not TEOTWAWKI, key-wise.

"Unless someone comes up with in algorithmic improvement." Of course. :-).

Cheers, RAH Who went, obviously, to poke him about Micromint and hash-collisions, for fun, and who *did* have fun, as a result, in a dead-horse-beating kind of way...

-- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------

------- Forwarded Message Forwarded by Steve Bellovin - Open to the Public DATE: TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 TIME: 4:00 p.m. - 5:30 p.m. PLACE: 32-G575, Stata Center, 32 Vassar Street TITLE: Special-Purpose Hardware for Integer Factoring SPEAKER: Eran Tromer, Weizmann Institute Factoring of large integers is of considerable interest in cryptography and algorithmic number theory. In the quest for factorization of larger integers, the present bottleneck lies in the sieving and matrix steps of the Number Field Sieve algorithm. In a series of works, several special-purpose hardware architectures for these steps were proposed and evaluated. The use of custom hardware, as opposed to the traditional RAM model, offers major benefits (beyond plain reduction of overheads): the possibility of vast fine-grained parallelism, and the chance to identify and exploit technological tradeoffs at the algorithmic level. Taken together, these works have reduced the cost of factoring by many orders of magnitude, making it feasible, for example, to factor 1024-bit integers within one year at the cost of about US$1M (as opposed to the trillions of US$ forecasted previously). This talk will survey these results, emphasizing the underlying general ideas. Joint works with Adi Shamir, Arjen Lenstra, Willi Geiselmann, Rainer Steinwandt, Hubert K?pfer, Jim Tomlinson, Wil Kortsmit, Bruce Dodson, James Hughes and Paul Leyland. ------- End of Forwarded Message