There was an article on Slashdot (http://slashdot.org) recently about a paper by Daniel Bernstein which stirred people in the cryptograpy business by claiming that with custom designed hardware, numbers three times as large as are feasible today could be factored.
There is a new article on Slashdot about a paper by Lenstra, Shamir, Tomlinson and Tromer which analyses Bernstein's proposed circuit. I haven't read the whole thing yet, but the introduction states that the cost savings in the sieving step are much less than proposed by Bernstein, however a very efficient circuit for solving the matrix step could be built and remarkably inexpensively so. They mention a cost of "a few thousand dollars" for a device that could solve the matrix for a 1024 bit factorization in one day. Since sieving dominates the time for an NFS factorization, this new paper suggests that Bernstein's proposal has little effect on the security of public key cryptosystems. The paper seems to make a good read for people interested in integer factoring/cryptography. It is available at http://www.cryptosavvy.com/mesh.pdf Alex _________________________________________________________________________ Unsubscribe & list info -- http://www.ndatech.com/mersenne/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
