Slashdot Mirror

← Back to Stories (view on slashdot.org)

Factors Found in 200-Digit RSA Challenge

Posted by Zonk on from the really-big-numbers dept.

diodesign writes "The two unique prime factors of a 200-digit number have been discovered by researchers at Bonn University (Germany) and the CWI (Netherlands). The number is the largest integer yet factored with a general purpose algorithm and was one of a series of such numbers issued as a challenge by security company RSA security in March 1991 in order to track the real-world difficulty of factoring such numbers, used in the public-key encryption algorithm RSA. RSA-200 beats the previous record number 11281+1 (176 digits, factored on May 2nd, 2005), and RSA-576 (174 digits, factored on December 3rd, 2003)."

21 of 184 comments (clear)

  1. Hmmm by Anonymous Coward · · Score: 3, Funny

    Slashdot is a prime factor in how much time I waste day to day.

  2. 55 CPU years by Inkieminstrel · · Score: 4, Insightful

    The article says it took 55 CPU years to factor the number, though they did it in parallel for about a year and a half. I'd hate to imagine the teams that we don't hear about who are, say, 30 CPU years into the problem who just found out it's already been done.

    1. Re:55 CPU years by 0x461FAB0BD7D2 · · Score: 4, Insightful

      Well, those teams could still pursue with their endeavors, hopefully beating the time used by these researchers.

      This would mean that their algorithm and/or heuristics is/are superior, which would be beneficial to everyone, including these researchers who "won".

      The good thing about research like this is that no one really loses.

    2. Re:55 CPU years by merlin_jim · · Score: 3, Funny

      The article says it took 55 CPU years to factor the number, though they did it in parallel for about a year and a half. I'd hate to imagine the teams that we don't hear about who are, say, 30 CPU years into the problem who just found out it's already been done.

      Shutup. I hate you all.

      Oh well guess it's time to start looking at RSA-768...

      --
      I am disrespectful to dirt! Can you see that I am serious?!
    3. Re:55 CPU years by TedCheshireAcad · · Score: 4, Informative

      Another victory for the General Number Field Sieve (I think). The article was a little light on the details, but it mentioned they used a "general algorithm", which I'm assuming is the GNFS. The original paper may shed some light on the algorithm, for the algebraically inclined Slashdotter. (Link courtesty of Google Scholar)

  3. I don't get it... by neiffer · · Score: 3, Funny

    I tried to do it on my TI-85 and I keep getting an error!

  4. Did Michelle Deliop write this? by winkydink · · Score: 3, Funny

    May 9, 2005 The two unique prime factors of a 200 digit number have been discovered by researchers at Bonn University.

    Note: we need a source on this. All we have now is an anonymous edit on Wikipedia from someone at Cal State Fullerton.

    An anonymous edit in Wikipedia. Now there's a source for you!

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  5. Waste of time! by Tom7 · · Score: 4, Insightful

    I think these RSA challenges are a waste of computer power. It's trivial to compute how much computing resources it will take to factor numbers using an existing algorithm on paper, and you get a more accurate estimate than you get from sampling experimentally. I'm all for the development of new, faster algorithms and implementations, but the challenge should be for the development and demonstration of these algorithms, not the brute-force months-on-end search that ensues.

    1. Re:Waste of time! by Anonymous Coward · · Score: 5, Insightful

      If someone claims to have found a better factoring method, then it's easier for RSA to check that p,q < n and p*q = n, than to read his algorithm and analysis and award a prize based on that. (Imagine how many crackpots would apply with 100 pages long "proofs").

    2. Re:Waste of time! by Vellmont · · Score: 4, Insightful


      It's trivial to compute how much computing resources it will take to factor numbers using an existing algorithm on paper, and you get a more accurate estimate than you get from sampling experimentally
      You can certainly make a decent estimate of how long it will take, but you're never going to get a close approximation of the real-world performance of your implementation until you actually write the code and run it.

      The other side is that theoretical calculations are nice, but there's nothing quite like actual verification. It's much easier for a programmer to justify using larger key lengths when someone has actually cracked smaller key lengths rather than using calculations based on estimates of computing power.

      --
      AccountKiller
  6. Infinite Improbability... by wcitech · · Score: 3, Funny

    The air force has a practical use for this discovery, because when these numbers are fed into an infinite improbability drive, oncoming surface to air missles will be changed into a sperm whale and a harmless bowl of petunias.

  7. Damn you GNU factor v2.0.11 by GillBates0 · · Score: 3, Funny

    My plans for world domination have been foiled.

    $ factor --version
    factor (GNU sh-utils) 2.0.11

    $ factor 10000000000000000000
    10000000000000000000: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5

    $ factor 100000000000000000000
    factor: `100000000000000000000' is not a valid positive integer
    Try `factor --help' for more information.

    On a positive note, I was short only by 179 digits.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  8. Algorithmic difficulty by G4from128k · · Score: 3, Interesting

    Factoring numbers looks harder than it is. At first glance, it looks like adding digits makes the factoring problem exponentially harder. The question is: what is the base of the exponent. A naive analysis suggests that adding one binary digit makes the number twice as big and thus makes the factoring problem twice as hard. Such analyses are where get estimates that proclaim it will take a computer the life of the universe to factor an X-digit number.

    If adding one bit to the number, makes the problem twice as hard, then the base of the exponent for the executive time is 2. But what if the base is not 2, but is only 1.01? Then, adding 200 bits to the number only makes the problem 7 times harder (1.01 ^ 200). The scary part is that we can't prove that factoring has a lower limit to the base of the exponent. It could be 1.1, 1.01, or 1.001, or 1.0001. This means that any crypto based on prime factors has an unknown vulnerability in it.

    For now, prime factoring is hard, tomorrow, it might not be.

    --
    Two wrongs don't make a right, but three lefts do.
  9. Notation? by man1ed · · Score: 3, Insightful

    Does anyone know what the notation "11281+1" means?

    1. Re:Notation? by iMaple · · Score: 5, Informative

      Does anyone know what the notation "11281+1" means?

      It means 11282 :) .
      There seems to be a typo in the article post (A typo on slashdaot .. thats news ..I mean just one typo thats cool). Its probably due to some filter. It should say 11^281 +1

    2. Re:Notation? by petermgreen · · Score: 3, Insightful

      ^ is kinda a dirty hack notation where you can't superscript

      my guess is that someone copypasted it and in doing so lost the superscript (it should be noted that slashdot don't allow superscripting at least in comments)

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  10. Re:so? by CodeBuster · · Score: 3, Informative

    It means that an incrementally more efficient algorithm has been discovered which allows a slightly larger prime to be factored in a reasonable amount of time. However, this does not represent the sort of breakthrough algorithm that blows the problem wide open and allows factoring of arbitrarily large primes in time polynomial to the size of the input (the length of the prime number to be factored in this case). Thus, this new algorithm does not scale elegantly as one increases the size of the inputs and therefore it does not represent the general solution to the prime number factorization problem. Your public key crypto systems are safe if the prime numbers are large enough...for now.

  11. I don't want to spoil the ending but... by fxer · · Score: 5, Funny

    ...the punchline is

    3,532,461,934,402,770,121,272,604,978,198,464,36 8, 671,197,400,197,625,023,649,303,468,776,121,253,67 9,423,200,058,547,956,528,088,349
    and
    7,925,869, 954,478,333,033,347,085,841,480,059,687, 737,975,857,364,219,960,734,330,341,455,767,872,81 8,152,135,381,409,304,740,185,467

    tip your waitresses! :)

  12. Re:there are two kinds of people... by MoonBuggy · · Score: 3, Insightful

    Well the fact that the researchers from number 1 stated that the factorising took 55 CPU years (based on a 2.2GHz Opteron) pretty much sorts things out for the others. We can realistically assume that anyone with a few-million-$ reason could devote 100+ CPUs to this so basically you have to hope that your data will be outdated in 6 months or so.

    Alternatively if you take advantage of Sun's rent-a-cluster for $1/CPU hour you'd get change from $500,000 and get your results faster too, but then you have to pay again for the next problem that needs cracking, so it's probably more economical to purchase a smaller cluster.

  13. Real Discovery! by kenp2002 · · Score: 4, Interesting

    I have found a way to crack any code in a matter of minutes. It's simple!!! It works plenty of times!!

    Find out where the subject lives that encrypted the data. (1-3 days)

    Break into their home. (10 minutes)

    Look under their keyboard (1 minute)

    Read their private and public key off the notecard taped under the keyboard. (2 minutes.)
    Optionally: Steal the notecard and leave a fake one with the wrong key written down.
    Laugh maniacally... Done!!!

    To date when doing security sweeps at my various clients sites, 80% of staff have their password somewhere in their cube. 50% had their PGP keys under the keyboard, 10% had pen drives marked "Passwords" handing off a thumb tack on their cube wall. Who cares about better encyption, physical security (or perhaps mental security is a better choice) is where we need to focus.

    And remember network admins! Have you users spade or neutered :)

    --
    -=[ Who Is John Galt? ]=-
  14. Verify yourself! by graf0z · · Score: 3, Informative
    To verify the factorization just type

    echo "3532461934402770121272604978198464368671197400197 6\
    25023649303468776121253679423200058547956528088349 *\
    79258699544783330333470858414800596877379758573642 \
    19960734330341455767872818152135381409304740185467 " | bc
    After deleting the spaces slashcode mysteriously puts in, you should get RSA-200.

    Btw: Not 11^281+1 itself (which has obviously >281 decimal digits) was the previous world record, but a 176-digit factor of 11^281+1 called "c176":

    echo "8428398995380842661984668205419427509438600\
    88703946121840940131686719691460399191375953 *\
    11981208699381274324213719517435209389491006\
    236671100986363096780488054684807819312870741" | bc
    /graf0z.