2
$\begingroup$

Schneier in 1996's Applied Cryptography says:

"Currently, a 129-decimal-digit modulus is at the edge of factoring technology"

In the intervening 15 years has anything much changed?

  • 0
    Perfect, want to submit that as an answer?2011-05-10

3 Answers 3

5

Please consult Wikipedia before posting a question. You can still ask about the Wikipedia article, of course.

See Integer factorization: Current state of the art.

  • 0
    I actually did but searched for the wrong thing. Finding nothing I turned to here instead and am glad I did so. By engaging with you here and following up on the links I learned so much more than I would have if I'd just found the answer myself. Awarding this the answer as it comes closest to answering my original question. Thanks!2011-05-12
2

The same algorithm is used for factoring, the Number-Field Sieve. It's probably been optimized further. But the main difference between now and then is computing power. Since the asymptotic running-time of the NFS is "known", you can even extrapolate into the future (assuming your favorite version of Moore's law).

  • 0
    Thanks - I cannot vote up as I don't have enough rep. I hope you'll understand.2011-05-12
2

For factoring RSA moduli (product of two large distinct primes), the Number Field Sieve is still king. It has two phases: a parallelizable sieving phase where we look for polynomials, then a non-parallelizable matrix reduction step that is usually done on a large computer.

If quantum computers ever become practical, they can factor integers via Shor's algorithm in polynomial time. In fact, this is the only known compelling application for them, but it's enough for the military to spend millions in the U.S. funding research on quantum computers.

Note: Peter Shor is a frequent contributor on this site.

  • 0
    @noonand: No problem, I appreciate the comment. :)2011-05-12