What is the fastest integer factorization to break RSA?Largest integer factored by Shor's algorithm?Are there asymmetric cryptographic algorithms that are not based on integer factorization and discrete logarithm?RSA security assumptions - does breaking the DLP also break RSA?Is there an algorithm for factoring N, which is just as simple as this one, but faster?Integer factorization via geometric mean problemHow can I create an RSA modulus for which no one knows the factors?Effect of $L_n[1/4,c]$ integer factorization on RSA-2048Understanding the Hidden Subgroup Problem specific to Integer FactorizationMore Knowledge Integer FactorizationWhat are some of the best prime factorization algorithms and their effecitvityFermat's factorization method on weak RSA modulus
How to coordinate airplane tickets?
Create test of text direction (luatex)
How to find if SQL server backup is encrypted with TDE without restoring the backup
How to compactly explain secondary and tertiary characters without resorting to stereotypes?
Collected fruit by Seine's banks
Why was the shrink from 8″ made only to 5.25″ and not smaller (4″ or less)
What reasons are there for a Capitalist to oppose a 100% inheritance tax?
Machine learning testing data
Infinite sum of harmonic number
A hang glider, sudden unexpected lift to 25,000 feet altitude, what could do this?
How to calculate the right interval for a timelapse on a boat
How to travel to Japan while expressing milk?
Finding the reason behind the value of the integral.
Knowledge-based authentication using Domain-driven Design in C#
What is this scratchy sound on the acoustic guitar called?
How to install cross-compiler on Ubuntu 18.04?
What is the opposite of "eschatology"?
Car headlights in a world without electricity
Calculate the Mean mean of two numbers
How to delete logs automatically after a certain time and restart the process that fills up the log file?
What is the most common color to indicate the input-field is disabled?
That's an odd coin - I wonder why
Sums of two squares in arithmetic progressions
Getting extremely large arrows with tikzcd
What is the fastest integer factorization to break RSA?
Largest integer factored by Shor's algorithm?Are there asymmetric cryptographic algorithms that are not based on integer factorization and discrete logarithm?RSA security assumptions - does breaking the DLP also break RSA?Is there an algorithm for factoring N, which is just as simple as this one, but faster?Integer factorization via geometric mean problemHow can I create an RSA modulus for which no one knows the factors?Effect of $L_n[1/4,c]$ integer factorization on RSA-2048Understanding the Hidden Subgroup Problem specific to Integer FactorizationMore Knowledge Integer FactorizationWhat are some of the best prime factorization algorithms and their effecitvityFermat's factorization method on weak RSA modulus
$begingroup$
I read on Wikipedia, the fastest Algorithm for breaking RSA is GNFS.
And in one IEEE paper (MVFactor: A method to decrease processing time for factorization algorithm), I read the fastest algorithms are TDM, FFM and VFactor.
Which of these is actually right?
factoring
edited 2 hours ago
kelalaka
8,60522351
asked 3 hours ago
user56036user56036
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I read on Wikipedia, the fastest Algorithm for breaking RSA is GNFS.
And in one IEEE paper (MVFactor: A method to decrease processing time for factorization algorithm), I read the fastest algorithms are TDM, FFM and VFactor.
Which of these is actually right?
factoring
edited 2 hours ago
kelalaka
8,60522351
asked 3 hours ago
user56036user56036
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I read on Wikipedia, the fastest Algorithm for breaking RSA is GNFS.
And in one IEEE paper (MVFactor: A method to decrease processing time for factorization algorithm), I read the fastest algorithms are TDM, FFM and VFactor.
Which of these is actually right?
factoring
edited 2 hours ago
kelalaka
8,60522351
asked 3 hours ago
user56036user56036
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
I read on Wikipedia, the fastest Algorithm for breaking RSA is GNFS.
And in one IEEE paper (MVFactor: A method to decrease processing time for factorization algorithm), I read the fastest algorithms are TDM, FFM and VFactor.
Which of these is actually right?
factoring
factoring
edited 2 hours ago
kelalaka
8,60522351
asked 3 hours ago
user56036user56036
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 hours ago
kelalaka
8,60522351
asked 3 hours ago
user56036user56036
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 hours ago
kelalaka
8,60522351
edited 2 hours ago
kelalaka
8,60522351
edited 2 hours ago
kelalaka
8,60522351
8,60522351
asked 3 hours ago
user56036user56036
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
user56036user56036
111
asked 3 hours ago
user56036user56036
111
111
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user56036 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
$begingroup$
The IEEE paper is silly.
The factorization method they give is quite slow, except for rare cases. For example, in their table 1, where they proudly show that their improved algorithm takes 653.14 seconds to factor a 67 bit number; well, I just tried it using a more conventional algorithm, and it took 6msec; yes, that's 100,000 times as fast...
answered 3 hours ago
ponchoponcho
93.5k2146243
$endgroup$
1
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
1
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
add a comment |
$begingroup$
Which of these is actually right?
Both. From reading the abstract it appears the papper doesn't claim that "VFactor" or Fermat Factorization ("FFM") or Trial Division ("TDM") are the best methods in general. However, if the difference between primes $p,q$ with $n=pq$ is really small, like $ll2^100$$;dagger$, then FFM (and probably the VFactor variants as well) will be a lot faster.
Though in general the difference between two same-length random primes is about $sqrtn/2$ which is about $2^1024$ for realistically sized moduli, so these attacks don't work there. Even with 400-bit moduli, which are somewhat easily crackable using a home desktop using the GNFS, this difference is still about $2^200$ and thus way too large.
Of course the implementation of the key generation may be faulty and emit primes in a too small interval and it's in these cases where these specialized algorithms really shine.
$dagger$: "$ll$" meaning "a lot less" here
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
$endgroup$
add a comment |
$begingroup$
Quantum algorithms
There is of course Shor's algorithm, but as this algorithm only runs on quantum computers with a lot of qubits it's not capable to factor larger numbers than $21$ (reference).
There are multiple apparent new records using adiabatic quantum computation, although some are apparently stunts: See fgrieu's answer on a related question.
Classical algorithms
The general number field sieve is the fastest known classical algorithm for factoring numbers over $10^100$.
The Quadratic sieve algorithm is the fastest known classical algorithm for factoring numbers under $10^100$.
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
$endgroup$
2
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
user56036 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68480%2fwhat-is-the-fastest-integer-factorization-to-break-rsa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
The IEEE paper is silly.
The factorization method they give is quite slow, except for rare cases. For example, in their table 1, where they proudly show that their improved algorithm takes 653.14 seconds to factor a 67 bit number; well, I just tried it using a more conventional algorithm, and it took 6msec; yes, that's 100,000 times as fast...
answered 3 hours ago
ponchoponcho
93.5k2146243
$endgroup$
1
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
1
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
add a comment |
$begingroup$
The IEEE paper is silly.
The factorization method they give is quite slow, except for rare cases. For example, in their table 1, where they proudly show that their improved algorithm takes 653.14 seconds to factor a 67 bit number; well, I just tried it using a more conventional algorithm, and it took 6msec; yes, that's 100,000 times as fast...
answered 3 hours ago
ponchoponcho
93.5k2146243
$endgroup$
1
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
1
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
add a comment |
$begingroup$
The IEEE paper is silly.
The factorization method they give is quite slow, except for rare cases. For example, in their table 1, where they proudly show that their improved algorithm takes 653.14 seconds to factor a 67 bit number; well, I just tried it using a more conventional algorithm, and it took 6msec; yes, that's 100,000 times as fast...
answered 3 hours ago
ponchoponcho
93.5k2146243
$endgroup$
The IEEE paper is silly.
The factorization method they give is quite slow, except for rare cases. For example, in their table 1, where they proudly show that their improved algorithm takes 653.14 seconds to factor a 67 bit number; well, I just tried it using a more conventional algorithm, and it took 6msec; yes, that's 100,000 times as fast...
answered 3 hours ago
ponchoponcho
93.5k2146243
answered 3 hours ago
ponchoponcho
93.5k2146243
answered 3 hours ago
ponchoponcho
93.5k2146243
answered 3 hours ago
ponchoponcho
93.5k2146243
93.5k2146243
1
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
1
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
add a comment |
1
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
1
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
1
1
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
$begingroup$
Well I think the point of the paper is to improve upon Fermat-Factoring class algorithms, so it is expected that the given algorithm(s) get beaten by the more standard ones for small sizes, but excel on large inputs with (relatively small) prime differences?
$endgroup$
– SEJPM♦
3 hours ago
1
1
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
$begingroup$
@SEJPM: if that's the case, then they probably shouldn't go on so much about RSA (where the probability of having a sufficiently small difference is tiny)
$endgroup$
– poncho
3 hours ago
add a comment |
$begingroup$
Which of these is actually right?
Both. From reading the abstract it appears the papper doesn't claim that "VFactor" or Fermat Factorization ("FFM") or Trial Division ("TDM") are the best methods in general. However, if the difference between primes $p,q$ with $n=pq$ is really small, like $ll2^100$$;dagger$, then FFM (and probably the VFactor variants as well) will be a lot faster.
Though in general the difference between two same-length random primes is about $sqrtn/2$ which is about $2^1024$ for realistically sized moduli, so these attacks don't work there. Even with 400-bit moduli, which are somewhat easily crackable using a home desktop using the GNFS, this difference is still about $2^200$ and thus way too large.
Of course the implementation of the key generation may be faulty and emit primes in a too small interval and it's in these cases where these specialized algorithms really shine.
$dagger$: "$ll$" meaning "a lot less" here
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
$endgroup$
add a comment |
$begingroup$
Which of these is actually right?
Both. From reading the abstract it appears the papper doesn't claim that "VFactor" or Fermat Factorization ("FFM") or Trial Division ("TDM") are the best methods in general. However, if the difference between primes $p,q$ with $n=pq$ is really small, like $ll2^100$$;dagger$, then FFM (and probably the VFactor variants as well) will be a lot faster.
Though in general the difference between two same-length random primes is about $sqrtn/2$ which is about $2^1024$ for realistically sized moduli, so these attacks don't work there. Even with 400-bit moduli, which are somewhat easily crackable using a home desktop using the GNFS, this difference is still about $2^200$ and thus way too large.
Of course the implementation of the key generation may be faulty and emit primes in a too small interval and it's in these cases where these specialized algorithms really shine.
$dagger$: "$ll$" meaning "a lot less" here
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
$endgroup$
add a comment |
$begingroup$
Which of these is actually right?
Both. From reading the abstract it appears the papper doesn't claim that "VFactor" or Fermat Factorization ("FFM") or Trial Division ("TDM") are the best methods in general. However, if the difference between primes $p,q$ with $n=pq$ is really small, like $ll2^100$$;dagger$, then FFM (and probably the VFactor variants as well) will be a lot faster.
Though in general the difference between two same-length random primes is about $sqrtn/2$ which is about $2^1024$ for realistically sized moduli, so these attacks don't work there. Even with 400-bit moduli, which are somewhat easily crackable using a home desktop using the GNFS, this difference is still about $2^200$ and thus way too large.
Of course the implementation of the key generation may be faulty and emit primes in a too small interval and it's in these cases where these specialized algorithms really shine.
$dagger$: "$ll$" meaning "a lot less" here
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
$endgroup$
Which of these is actually right?
Both. From reading the abstract it appears the papper doesn't claim that "VFactor" or Fermat Factorization ("FFM") or Trial Division ("TDM") are the best methods in general. However, if the difference between primes $p,q$ with $n=pq$ is really small, like $ll2^100$$;dagger$, then FFM (and probably the VFactor variants as well) will be a lot faster.
Though in general the difference between two same-length random primes is about $sqrtn/2$ which is about $2^1024$ for realistically sized moduli, so these attacks don't work there. Even with 400-bit moduli, which are somewhat easily crackable using a home desktop using the GNFS, this difference is still about $2^200$ and thus way too large.
Of course the implementation of the key generation may be faulty and emit primes in a too small interval and it's in these cases where these specialized algorithms really shine.
$dagger$: "$ll$" meaning "a lot less" here
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
answered 3 hours ago
SEJPM♦SEJPM
29.3k659139
29.3k659139
add a comment |
add a comment |
$begingroup$
Quantum algorithms
There is of course Shor's algorithm, but as this algorithm only runs on quantum computers with a lot of qubits it's not capable to factor larger numbers than $21$ (reference).
There are multiple apparent new records using adiabatic quantum computation, although some are apparently stunts: See fgrieu's answer on a related question.
Classical algorithms
The general number field sieve is the fastest known classical algorithm for factoring numbers over $10^100$.
The Quadratic sieve algorithm is the fastest known classical algorithm for factoring numbers under $10^100$.
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
$endgroup$
2
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
add a comment |
$begingroup$
Quantum algorithms
There is of course Shor's algorithm, but as this algorithm only runs on quantum computers with a lot of qubits it's not capable to factor larger numbers than $21$ (reference).
There are multiple apparent new records using adiabatic quantum computation, although some are apparently stunts: See fgrieu's answer on a related question.
Classical algorithms
The general number field sieve is the fastest known classical algorithm for factoring numbers over $10^100$.
The Quadratic sieve algorithm is the fastest known classical algorithm for factoring numbers under $10^100$.
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
$endgroup$
2
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
add a comment |
$begingroup$
Quantum algorithms
There is of course Shor's algorithm, but as this algorithm only runs on quantum computers with a lot of qubits it's not capable to factor larger numbers than $21$ (reference).
There are multiple apparent new records using adiabatic quantum computation, although some are apparently stunts: See fgrieu's answer on a related question.
Classical algorithms
The general number field sieve is the fastest known classical algorithm for factoring numbers over $10^100$.
The Quadratic sieve algorithm is the fastest known classical algorithm for factoring numbers under $10^100$.
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
$endgroup$
Quantum algorithms
There is of course Shor's algorithm, but as this algorithm only runs on quantum computers with a lot of qubits it's not capable to factor larger numbers than $21$ (reference).
There are multiple apparent new records using adiabatic quantum computation, although some are apparently stunts: See fgrieu's answer on a related question.
Classical algorithms
The general number field sieve is the fastest known classical algorithm for factoring numbers over $10^100$.
The Quadratic sieve algorithm is the fastest known classical algorithm for factoring numbers under $10^100$.
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
edited 3 hours ago
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
answered 3 hours ago
AleksanderRasAleksanderRas
2,9101935
2,9101935
2
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
add a comment |
2
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
2
2
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
Actually, the factorization of 56153 was a stunt; the factors were deliberately chosen to have a special relation (differed in only 2 bits) and it's easy to factor when the factors have a known relation. AFAIK, the largest number that has been factored to date using a generic quantum factorization algorithm is 21.
$endgroup$
– poncho
3 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
$begingroup$
I've always wondered why QS is (at least, consensually said to be) faster than GNFS below a certain thresold (not so consensual), and how much of that is due to lack of work on optimizing GNFS for smaller values.
$endgroup$
– fgrieu
2 hours ago
add a comment |
user56036 is a new contributor. Be nice, and check out our Code of Conduct.
user56036 is a new contributor. Be nice, and check out our Code of Conduct.
user56036 is a new contributor. Be nice, and check out our Code of Conduct.
user56036 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68480%2fwhat-is-the-fastest-integer-factorization-to-break-rsa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
