Integer Number Crunching on the Cell Processor

We describe our implementation of the Elliptic Curve Method (ECM) of integer factorization on the Cell processor. ECM is the method of choice for finding medium-sized prime factors, e.g., between 2³⁰ and 2¹⁰⁰. A good ECM implementation is of paramount importance for evaluating the security of cryptosystems like RSA because it is a critical step in the modern versions of the Number Field Sieves (NFS), currently the most efficient cryptanalysis technique against RSA. We use ECM as a benchmark to understand how the performance of integer number crunching applications can benefit from several architectural design features of the Cell including wide arithmetic pipeline, auxiliary pipeline for handling managerial tasks, and large on-die memory per thread of execution. As a result, our ECM implementation on the PowerXCell 8i Cell processor outperforms all previously published implementations on other hardware platforms including graphics processing units (GPUs). For example, compared with the best published result on an NVIDIA GTX 295 graphics card, ours is more than three times faster on absolute basis. This is in spite of the fact that GPUs have greater raw number-crunching capability, not to mention that the Cell consumes less power and hence delivers much better performance per watt.