Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
ECM at Work

Joppe W. Bos and Thorsten Kleinjung


The performance of the elliptic curve method (ECM) for integer factorization plays an important role in the security assessment of RSA-based protocols as a cofactorization tool inside the number field sieve. The efficient arithmetic for Edwards curves found an application by speeding up ECM. We propose techniques based on generating and combining addition chains to optimize Edwards ECM in terms of both performance and memory requirements. This makes our approach very suitable for memory-constrained devices such as graphics processing units. For commonly used ECM parameters we are able to lower the required memory up to a factor 55 compared to the state-of-the-art Edwards ECM approach.


Publication typeProceedings
Published inAsiacrypt 2012
PublisherSpringer Verlag
> Publications > ECM at Work