Any info on this maybe improved matrix algebra for GNFS?

Francois Grieu fgrieu at
Wed Apr 24 01:23:40 EDT 2002

Found the following at

"(..) The paper, written by Nicko van Someren, CTO of nCipher Corp., a
security equipment vendor based in Cambridge, England (..) discloses
that (..) a student researcher at nCipher recently developed a new
implementation of a factoring method known as the General Number Field
Sieve, or GNFS, which could be used to factor a 512-bit key in about
three weeks using an off-the-shelf server with an Intel Corp. Itanium
processor. The calculations the student performed using the server are
the second phase of the GNFS method.
Previously, this process was thought to be feasible only on much more
powerful computers, such as Cray supercomputers."

In a recent message, Nicko van Someren confirms:
> My research student last winter showed that 512 bit keys can be
> factored in a matter of weeks using only the hardware found in a
> busy 70 person office."

Is there any info on the method used by this student to solve
the matrix algebra?

Is any novelty claimed beyond the technique used in
 "The program we used for this was optimized for running on vector
  computers, which is what CWI used for their record (RSA-155)
  factorization (..) We started to rewrite this program so that it
  would run better on the hardware available for us (..)
  Compaq generously let us use one of their quad processor
  ES40 systems. The total running time on this machine was 13 days,
  which is almost as good as the 16-processor Cray."

or to the one used in the recent
 "The block Lanczos algorithm produced 62 elements of the kernel of
  this matrix. This took two weeks on the six PCs on which the filter
  job was run."


  François Grieu

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list