Integer Factorization Methods C. Koch Overview Integer Factorization Methods Modular Trial division, Pollard’s p − 1 , Arithmetic Division Algorithm and Congruence Pollard’s ρ , and Fermat’s method Residue classes mod n Integers modulo n Arithmetic with integers mod n GCD and Totatives Christopher Koch 1 Inverses mod n Euler’s Theorem Cost of 1 Department of Computer Science and Engineering Multiplication and GCD CSE489/589 Algorithms in CS & IT Integer New Mexico Tech Factorization Trial Division April 8, 2014 Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Overview Methods C. Koch Overview • Intro to modular arithmetic Modular Arithmetic • Euler’s theorem and Fermat’s little theorem Division Algorithm and Congruence • Trial division Residue classes mod n • Pollard’s p − 1 method Integers modulo n Arithmetic with integers mod n • Cycles in Z / n Z GCD and Totatives Inverses mod n Euler’s Theorem • Floyd’s cycle-finding algorithm Cost of Multiplication • Pollard’s ρ method (Monte Carlo factorization) and GCD • Birthday paradox Integer Factorization • Fermat’s method Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Convention Pollard’s ρ Birthday paradox a , b , c , d , m , n are integers, p , q are primes Fermat’s method
Integer Factorization Modular Arithmetic Methods C. Koch • a ∣ b ( a divides b ) if b is a multiple of a . Overview Modular • quotient and remainder unique in integer division Arithmetic Division Algorithm • Congruence modulo n : and Congruence Residue classes mod n a ≡ b ( mod n ) iff n ∣( a − b ) . Integers modulo n Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem Cost of Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Residue classes Methods C. Koch • Congruence modulo n is an equivalence relation on Overview integers. Modular Arithmetic • Equivalence classes: one for each remainder Division Algorithm and Congruence Residue classes mod [ a ] n = { x ∶ x ≡ a ( mod n )} . n Integers modulo n Arithmetic with integers mod n GCD and Totatives • Called residue classes mod n Inverses mod n Euler’s Theorem Cost of Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Integers modulo n Methods C. Koch • Integers modulo n : set of residue classes mod n : Overview Modular Z / n Z = {[ r ] n ∶ r ∈ Z } . Arithmetic Division Algorithm and Congruence • How to do arithmetic in mod n ? What is [ 3 ] 4 + [ 1 ] 4 ? Residue classes mod n Integers modulo n Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem Cost of Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Arithmetic mod n Methods C. Koch Definition Overview Let n ∈ Z + and a , b ∈ Z . Then, Modular Arithmetic Division Algorithm [ a ] n + [ b ] n = [ a + b ] n and Congruence Residue classes mod [ a ] n × [ b ] n = [ a × b ] n n Integers modulo n Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem • Similarly, Cost of Multiplication [ a ] n − [ b ] n = [ a ] n + [ − b ] n = [ a − b ] n . and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization GCD and Totatives Methods C. Koch Overview Modular • gcd ( a , b ) is the greatest common divisor of a and b Arithmetic Division Algorithm and Congruence • a , b are called coprime or relatively prime if gcd ( a , b ) = 1 . Residue classes mod n Integers modulo n a is called a totative of b and vice versa. Arithmetic with • Bézout’s identity: If gcd ( n , m ) = d , then there exist k , l integers mod n GCD and Totatives Inverses mod n s.t. nk + ml = d . Euler’s Theorem • ϕ ( n ) counts the number totatives less than n : Cost of Multiplication and GCD ϕ ( n ) = ∣{ c ∶ 1 ≤ c < n and gcd ( c , n ) = 1 }∣ . Integer Factorization Trial Division • We have ϕ ( mn ) = ϕ ( n ) ϕ ( m ) . Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Inverses mod n Methods C. Koch Overview Modular Arithmetic Division Algorithm and Congruence Residue classes mod n • Notice: no division in mod n! Integers modulo n Arithmetic with integers mod n • Division is usually defined as multiplication by the GCD and Totatives multiplicative inverse. Inverses mod n Euler’s Theorem • Multiplicative inverse of [ a ] n is [ b ] n such that Cost of [ a ] n [ b ] n = [ 1 ] n ; i.e. ab ≡ 1 ( mod n ) . Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Methods C. Koch Overview Theorem Modular [ a ] n ∈ Z / n Z has a multiplicative inverse if and only if Arithmetic gcd ( a , n ) = 1 . Division Algorithm and Congruence Residue classes mod n • Drawing from previous example: gcd ( 4 , 2 ) = 2 , while Integers modulo n Arithmetic with gcd ( 4 , 7 ) = 1 . integers mod n GCD and Totatives • That means that every element except 0 in Z / p Z has an Inverses mod n Euler’s Theorem Cost of inverse, since a prime is coprime to every element below it. Multiplication • Bézout’s identity again: gcd ( m , n ) = 1 , then and GCD m [ m − 1 ] n + n [ n − 1 ] m = 1 . Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Euler’s and Fermat’s Theorems Methods C. Koch Overview Modular Arithmetic Theorem (Euler, Euler totient, Euler-Fermat) Division Algorithm and Congruence Let a , n be coprime. Then, Residue classes mod n Integers modulo n a ϕ ( n ) ≡ 1 Arithmetic with ( mod n ) . integers mod n GCD and Totatives Inverses mod n Euler’s Theorem Cost of Corollary (Fermat) Multiplication and GCD Unless a is a multiple of p , Integer a p − 1 ≡ 1 Factorization ( mod p ) . Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Cost of Multiplication and GCD Methods C. Koch Overview Modular Arithmetic Convention Division Algorithm We will denote the cost of multiplication by M ( n ) and the cost and Congruence Residue classes mod of the GCD by G ( n ) for n -digit numbers. n Integers modulo n Arithmetic with integers mod n • Schoolbook multiplication: M ( n ) ∈ O ( n 2 ) . GCD and Totatives Inverses mod n • Schönhage-Strassen: M ( n ) ∈ O ( n lg n lg lg n ) . Euler’s Theorem Cost of • Euclidean GCD: G ( n ) ∈ O ( n 2 ) . Multiplication and GCD • Schönhage’s GCD: G ( n ) ∈ O ( M ( n ) lg n ) . Integer Factorization • Modular exponentiation ( a k mod b ): O ( M ( c ) lg k ) , Trial Division where c = max ( lg a , lg b ) . Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method
Integer Factorization Integer Factorization Methods C. Koch Overview Theorem (Fundamental Theorem of Arithmetic) Modular Let n be an integer. Then there exist unique primes Arithmetic Division Algorithm p 1 , p 2 , ⋯ , p k not necessarily distinct such that and Congruence Residue classes mod n Integers modulo n n = p 1 × p 2 × ⋯ × p k . Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem • In essence, every integer can be factored uniquely into Cost of primes. For example, 20 = 2 × 2 × 5 . Multiplication and GCD • FTA guarantees existence of that factorization, but how Integer Factorization do you find it? Trial Division Pollard’s p − 1 Cycles in Z / n Z Convention Floyd’s cycle-finding Pollard’s ρ In the following slides, every big O is given in terms of input Birthday paradox Fermat’s method values instead of input length.
Integer Factorization Trial Division Methods C. Koch TrialDivision ( n ) Overview 1: D ← () Modular 2: for all p in primes ( √ n ) do Arithmetic 3: Division Algorithm and Congruence while n mod p = 0 do Residue classes mod 4: n append ( D , p ) Integers modulo n 5: n ← n / p Arithmetic with integers mod n 6: GCD and Totatives Inverses mod n if n > 1 then 7: Euler’s Theorem append ( D , n ) 8: Cost of Multiplication and GCD return D 9: Integer Factorization • How often does for-loop execute? Trial Division Pollard’s p − 1 • Prime-counting function π ( m ) . Cycles in Z / n Z Floyd’s cycle-finding • How often does while execute? In total, at most Pollard’s ρ Birthday paradox log p ( n ) ≤ lg n (since lg 2 ≤ lg p for all p ≥ 1 ) Fermat’s method
Recommend
More recommend
