GMP used during 3 and a half years to solve MIT's LCS35

Hans Åberg haberg-1 at
Tue Apr 30 20:15:04 UTC 2019

> On 30 Apr 2019, at 21:46, Bernard Fabrot <bfabrot at> wrote:
> When I say that it's not parallelizable I simply meant that each step depends on the result of the previous "modpow" step: so there's a limit to fast an ASIC can be I guess. A team is working on an ASIC (not just the cryptophage guys: but a third time, upon seeing the announcement, contacted the MIT and asked me to check their result at 75% in).  They used a FPGA to validate their ASIC and the LCS35 puzzle to test it all. I don't know yet how fast they'll be with their ASIC.

Developing such hardware is a way to parallelize it, as CPUs do not have support for fast enough thread synchronization. How far you can go may only depend on how much money you can put into it, so a well-funded security agency might go very far.

I got it to that you are using an average of about 4000 cycles per iteration, whereas the other guys are about 20 times faster.

> I also trusted GMP!  So the only thing I was concerned about was be some random "bit flip" or something like that. So I actually ran a second, delayed, computation, verifying the first result.

I presume you had some recovery system in case of a reboot.

More information about the gmp-discuss mailing list