GMP used during 3 and a half years to solve MIT's LCS35
bfabrot at gmail.com
Tue Apr 30 19:46:04 UTC 2019
First thanks everybody!
When I say that it's not parallelizable I simply meant that each step
depends on the result of the previous "modpow" step: so there's a limit to
fast an ASIC can be I guess. A team is working on an ASIC (not just the
cryptophage guys: but a third time, upon seeing the announcement, contacted
the MIT and asked me to check their result at 75% in). They used a FPGA to
validate their ASIC and the LCS35 puzzle to test it all. I don't know yet
how fast they'll be with their ASIC.
> ... what I find surprising is that no HW fault occurred over such a long
> Did you do anything special to check intermediate results?
The crypto puzzle contains fancy crypto maths that allow to check
intermediate results but I didn't bother implementing that. I heavily
tested my tiny piece of code with smaller parameters and was sure it was
I also trusted GMP! So the only thing I was concerned about was be some
random "bit flip" or something like that. So I actually ran a second,
delayed, computation, verifying the first result.
Zero error occured. Not a single one.
By the way I've got a question for you...
When I tested, for squaring, I think I remember it was slightly faster to
manually then to call the modpow function (mpz_powm).
Any idea why that'd be? That's be with 2048 bit numbers.
Once again kudos to all of you!
More information about the gmp-discuss