integer factorization methods
play

Integer Factorization Methods Modular Trial division, Pollards p 1 - PowerPoint PPT Presentation

Aug 22, 2023 •167 likes •505 views

Integer Factorization Methods C. Koch Overview Integer Factorization Methods Modular Trial division, Pollards p 1 , Arithmetic Division Algorithm and Congruence Pollards , and Fermats method Residue classes mod n Integers

  1. Integer Factorization Methods C. Koch Overview Integer Factorization Methods Modular Trial division, Pollard’s p − 1 , Arithmetic Division Algorithm and Congruence Pollard’s ρ , and Fermat’s method Residue classes mod n Integers modulo n Arithmetic with integers mod n GCD and Totatives Christopher Koch 1 Inverses mod n Euler’s Theorem Cost of 1 Department of Computer Science and Engineering Multiplication and GCD CSE489/589 Algorithms in CS & IT Integer New Mexico Tech Factorization Trial Division April 8, 2014 Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  2. Integer Factorization Overview Methods C. Koch Overview • Intro to modular arithmetic Modular Arithmetic • Euler’s theorem and Fermat’s little theorem Division Algorithm and Congruence • Trial division Residue classes mod n • Pollard’s p − 1 method Integers modulo n Arithmetic with integers mod n • Cycles in Z / n Z GCD and Totatives Inverses mod n Euler’s Theorem • Floyd’s cycle-finding algorithm Cost of Multiplication • Pollard’s ρ method (Monte Carlo factorization) and GCD • Birthday paradox Integer Factorization • Fermat’s method Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Convention Pollard’s ρ Birthday paradox a , b , c , d , m , n are integers, p , q are primes Fermat’s method

  3. Integer Factorization Modular Arithmetic Methods C. Koch • a ∣ b ( a divides b ) if b is a multiple of a . Overview Modular • quotient and remainder unique in integer division Arithmetic Division Algorithm • Congruence modulo n : and Congruence Residue classes mod n a ≡ b ( mod n ) iff n ∣( a − b ) . Integers modulo n Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem Cost of Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  4. Integer Factorization Residue classes Methods C. Koch • Congruence modulo n is an equivalence relation on Overview integers. Modular Arithmetic • Equivalence classes: one for each remainder Division Algorithm and Congruence Residue classes mod [ a ] n = { x ∶ x ≡ a ( mod n )} . n Integers modulo n Arithmetic with integers mod n GCD and Totatives • Called residue classes mod n Inverses mod n Euler’s Theorem Cost of Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  5. Integer Factorization Integers modulo n Methods C. Koch • Integers modulo n : set of residue classes mod n : Overview Modular Z / n Z = {[ r ] n ∶ r ∈ Z } . Arithmetic Division Algorithm and Congruence • How to do arithmetic in mod n ? What is [ 3 ] 4 + [ 1 ] 4 ? Residue classes mod n Integers modulo n Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem Cost of Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  6. Integer Factorization Arithmetic mod n Methods C. Koch Definition Overview Let n ∈ Z + and a , b ∈ Z . Then, Modular Arithmetic Division Algorithm [ a ] n + [ b ] n = [ a + b ] n and Congruence Residue classes mod [ a ] n × [ b ] n = [ a × b ] n n Integers modulo n Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem • Similarly, Cost of Multiplication [ a ] n − [ b ] n = [ a ] n + [ − b ] n = [ a − b ] n . and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  7. Integer Factorization GCD and Totatives Methods C. Koch Overview Modular • gcd ( a , b ) is the greatest common divisor of a and b Arithmetic Division Algorithm and Congruence • a , b are called coprime or relatively prime if gcd ( a , b ) = 1 . Residue classes mod n Integers modulo n a is called a totative of b and vice versa. Arithmetic with • Bézout’s identity: If gcd ( n , m ) = d , then there exist k , l integers mod n GCD and Totatives Inverses mod n s.t. nk + ml = d . Euler’s Theorem • ϕ ( n ) counts the number totatives less than n : Cost of Multiplication and GCD ϕ ( n ) = ∣{ c ∶ 1 ≤ c < n and gcd ( c , n ) = 1 }∣ . Integer Factorization Trial Division • We have ϕ ( mn ) = ϕ ( n ) ϕ ( m ) . Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  8. Integer Factorization Inverses mod n Methods C. Koch Overview Modular Arithmetic Division Algorithm and Congruence Residue classes mod n • Notice: no division in mod n! Integers modulo n Arithmetic with integers mod n • Division is usually defined as multiplication by the GCD and Totatives multiplicative inverse. Inverses mod n Euler’s Theorem • Multiplicative inverse of [ a ] n is [ b ] n such that Cost of [ a ] n [ b ] n = [ 1 ] n ; i.e. ab ≡ 1 ( mod n ) . Multiplication and GCD Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  9. Integer Factorization Methods C. Koch Overview Theorem Modular [ a ] n ∈ Z / n Z has a multiplicative inverse if and only if Arithmetic gcd ( a , n ) = 1 . Division Algorithm and Congruence Residue classes mod n • Drawing from previous example: gcd ( 4 , 2 ) = 2 , while Integers modulo n Arithmetic with gcd ( 4 , 7 ) = 1 . integers mod n GCD and Totatives • That means that every element except 0 in Z / p Z has an Inverses mod n Euler’s Theorem Cost of inverse, since a prime is coprime to every element below it. Multiplication • Bézout’s identity again: gcd ( m , n ) = 1 , then and GCD m [ m − 1 ] n + n [ n − 1 ] m = 1 . Integer Factorization Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  10. Integer Factorization Euler’s and Fermat’s Theorems Methods C. Koch Overview Modular Arithmetic Theorem (Euler, Euler totient, Euler-Fermat) Division Algorithm and Congruence Let a , n be coprime. Then, Residue classes mod n Integers modulo n a ϕ ( n ) ≡ 1 Arithmetic with ( mod n ) . integers mod n GCD and Totatives Inverses mod n Euler’s Theorem Cost of Corollary (Fermat) Multiplication and GCD Unless a is a multiple of p , Integer a p − 1 ≡ 1 Factorization ( mod p ) . Trial Division Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  11. Integer Factorization Cost of Multiplication and GCD Methods C. Koch Overview Modular Arithmetic Convention Division Algorithm We will denote the cost of multiplication by M ( n ) and the cost and Congruence Residue classes mod of the GCD by G ( n ) for n -digit numbers. n Integers modulo n Arithmetic with integers mod n • Schoolbook multiplication: M ( n ) ∈ O ( n 2 ) . GCD and Totatives Inverses mod n • Schönhage-Strassen: M ( n ) ∈ O ( n lg n lg lg n ) . Euler’s Theorem Cost of • Euclidean GCD: G ( n ) ∈ O ( n 2 ) . Multiplication and GCD • Schönhage’s GCD: G ( n ) ∈ O ( M ( n ) lg n ) . Integer Factorization • Modular exponentiation ( a k mod b ): O ( M ( c ) lg k ) , Trial Division where c = max ( lg a , lg b ) . Pollard’s p − 1 Cycles in Z / n Z Floyd’s cycle-finding Pollard’s ρ Birthday paradox Fermat’s method

  12. Integer Factorization Integer Factorization Methods C. Koch Overview Theorem (Fundamental Theorem of Arithmetic) Modular Let n be an integer. Then there exist unique primes Arithmetic Division Algorithm p 1 , p 2 , ⋯ , p k not necessarily distinct such that and Congruence Residue classes mod n Integers modulo n n = p 1 × p 2 × ⋯ × p k . Arithmetic with integers mod n GCD and Totatives Inverses mod n Euler’s Theorem • In essence, every integer can be factored uniquely into Cost of primes. For example, 20 = 2 × 2 × 5 . Multiplication and GCD • FTA guarantees existence of that factorization, but how Integer Factorization do you find it? Trial Division Pollard’s p − 1 Cycles in Z / n Z Convention Floyd’s cycle-finding Pollard’s ρ In the following slides, every big O is given in terms of input Birthday paradox Fermat’s method values instead of input length.

  13. Integer Factorization Trial Division Methods C. Koch TrialDivision ( n ) Overview 1: D ← () Modular 2: for all p in primes ( √ n ) do Arithmetic 3: Division Algorithm and Congruence while n mod p = 0 do Residue classes mod 4: n append ( D , p ) Integers modulo n 5: n ← n / p Arithmetic with integers mod n 6: GCD and Totatives Inverses mod n if n > 1 then 7: Euler’s Theorem append ( D , n ) 8: Cost of Multiplication and GCD return D 9: Integer Factorization • How often does for-loop execute? Trial Division Pollard’s p − 1 • Prime-counting function π ( m ) . Cycles in Z / n Z Floyd’s cycle-finding • How often does while execute? In total, at most Pollard’s ρ Birthday paradox log p ( n ) ≤ lg n (since lg 2 ≤ lg p for all p ≥ 1 ) Fermat’s method

Recommend

Integer Factorization Methods Modular Arithmetic Trial division, Pollards p 1 , Division

Integer Factorization Methods Modular Arithmetic Trial division, Pollards p 1 , Division

Integer Factorization Methods Integer 2014-04-11 Integer Factorization Methods Factorization Trial division, Pollards p 1 , Pollards , and Fermats method Methods Christopher Koch 1 C. Koch 1 Department of Computer Science and

681 views • 33 slides
Random problems at the core of integer factorization algorithms Pierrick Gaudry Caramba

Random problems at the core of integer factorization algorithms Pierrick Gaudry Caramba

Random problems at the core of integer factorization algorithms Pierrick Gaudry Caramba LORIA, Nancy CNRS, Universit de Lorraine, Inria Journes ALEA, March 2016 1/31 Plan Introduction: crypto context Integer factorization 101 How

462 views • 33 slides
Challenges in quantum algorithms for integer factorization D. J. Bernstein University of

Challenges in quantum algorithms for integer factorization D. J. Bernstein University of

1 Challenges in quantum algorithms for integer factorization D. J. Bernstein University of Illinois at Chicago Prelude: What is the fastest algorithm to sort an array? def blindsort(x): while not issorted(x): permuterandomly(x) 2 def

713 views • 50 slides
Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois

Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois

Building circuits for integer factorization D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS0140542 Alfred P. Sloan Foundation I want to work for NSA as an independent

706 views • 49 slides
and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein

and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein

and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein 2 2 613 3 3 614 2 4 2 2 615 3 5 Thanks to: 5 5 616 2 2 2 7 6 2 3 617 University of Illinois at Chicago 7 7 618 2 3 8 2 2 2

411 views • 29 slides
Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la

Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la

Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la factorisation dentiers et le calcul de logarithme discret Cyril Bouvier CARAMEL project-team, LORIA Universit de Lorraine / CNRS / Inria

470 views • 42 slides
Isolating critical cases for reciprocals using integer factorization John Harrison Intel

Isolating critical cases for reciprocals using integer factorization John Harrison Intel

Isolating critical cases for reciprocals using integer factorization John Harrison Intel Corporation ARITH-16 Santiago de Compostela 17th June 2003 0 Background result before the final rounding Suppose we are interested in a floating-point

343 views • 19 slides
Integer factorization: Exercise for the reader: a progress report Find a nontrivial factor of

Integer factorization: Exercise for the reader: a progress report Find a nontrivial factor of

Integer factorization: Exercise for the reader: a progress report Find a nontrivial factor of 6366223796340423057152171586. D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS0140542 Alfred P. Sloan Foundation rization:

593 views • 55 slides
Integer factorization and discrete logarithm problems Pierrick Gaudry Caramel LORIA CNRS,

Integer factorization and discrete logarithm problems Pierrick Gaudry Caramel LORIA CNRS,

Integer factorization and discrete logarithm problems Pierrick Gaudry Caramel LORIA CNRS, Universit de Lorraine, Inria JNCF CIRM November 2014 1/81 Plan Presentation of the problems Cryptographic background Primality,

919 views • 88 slides
Nonunique Factorization in the Ring of Integer-Valued Polynomials Paul Baginski Fairfield

Nonunique Factorization in the Ring of Integer-Valued Polynomials Paul Baginski Fairfield

Nonunique Factorization in the Ring of Integer-Valued Polynomials Paul Baginski Fairfield University March 22, 2019 Paul Baginski Fairfield University Nonunique Factorization in the Ring of Integer-Valued Polynomials 2016 Fairfield

334 views • 30 slides
LU Factorization Marco Chiarandini Department of Mathematics &amp; Computer Science University

LU Factorization Marco Chiarandini Department of Mathematics &amp; Computer Science University

DM559 Linear and Integer Programming LU Factorization Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark [ Based on slides by Lieven Vandenberghe, UCLA ] Operation Count LU Factorization Outline

524 views • 38 slides
LU Factorization Marco Chiarandini Department of Mathematics &amp; Computer Science University

LU Factorization Marco Chiarandini Department of Mathematics &amp; Computer Science University

DM559 Linear and Integer Programming LU Factorization Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark [ Based on slides by Lieven Vandenberghe, UCLA ] Operation Count LU Factorization Outline

935 views • 34 slides
Fast Coordinate Descent methods for Non-Negative Matrix Factorization Inderjit S. Dhillon

Fast Coordinate Descent methods for Non-Negative Matrix Factorization Inderjit S. Dhillon

Non-negative Matrix Factorization Fast Coordinate Descent methods for Non-Negative Matrix Factorization Inderjit S. Dhillon University of Texas at Austin SIAM Conference on Applied Linear Algebra Valencia, Spain June 19, 2012 Joint work with

682 views • 25 slides
Structured sparse methods for matrix factorization Francis Bach Sierra team, INRIA - Ecole

Structured sparse methods for matrix factorization Francis Bach Sierra team, INRIA - Ecole

Structured sparse methods for matrix factorization Francis Bach Sierra team, INRIA - Ecole Normale Sup erieure March 2011 Joint work with R. Jenatton, J. Mairal, G. Obozinski Structured sparse methods for matrix factorization Outline

1.07k views • 73 slides
Factorization Methods Bernd Schr oder Bernd Schr oder Louisiana Tech University, College

Factorization Methods Bernd Schr oder Bernd Schr oder Louisiana Tech University, College

Trial Division Fermat Factorization Fermat Numbers Linear Diophantine Equations Factorization Methods Bernd Schr oder Bernd Schr oder Louisiana Tech University, College of Engineering and Science Factorization Methods Trial Division

2.03k views • 151 slides
Questions about Prime Numbers Proving Existential Statements Is 1 prime? Prove existential

Questions about Prime Numbers Proving Existential Statements Is 1 prime? Prove existential

Even/Odd Numbers CSE 20 Discrete Math An integer n is even iff n equals twice some integer. An integer n is odd iff n equals twice some integer plus 1. Summer, 2006 July 12 (Day 3) Number Theory Methods of Proof Instructor: Neil Rhodes 2

270 views • 8 slides
Matrix Factorization and Factorization Machines for Recommender Systems Chih-Jen Lin Department

Matrix Factorization and Factorization Machines for Recommender Systems Chih-Jen Lin Department

Matrix Factorization and Factorization Machines for Recommender Systems Chih-Jen Lin Department of Computer Science National Taiwan University Talk at SDM workshop on Machine Learning Methods on Recommender Systems, May 2, 2015 Chih-Jen Lin

1.14k views • 54 slides
Integer factoring and compositeness witnesses Jacek Pomykaa &amp; Maciej Radziejewski June 26,

Integer factoring and compositeness witnesses Jacek Pomykaa &amp; Maciej Radziejewski June 26,

Integer factoring and compositeness witnesses Jacek Pomykaa &amp; Maciej Radziejewski June 26, 2019 Integer factoring and compositeness witnesses 1 Objective: Factorization of a large integer n Oracles Techniques How many hard numbers are

514 views • 22 slides
Integer Linked Lists An integer list is either: (1) empty, represented by (null) Lists, Too

Integer Linked Lists An integer list is either: (1) empty, represented by (null) Lists, Too

Integer Linked Lists An integer list is either: (1) empty, represented by (null) Lists, Too or (2) a listNode , whose head is an integer and whose tail is an integer list L 17 -8 4 O - 1 O - 2 Class Methods of IntList Contract

306 views • 3 slides
CSCI 1951-G Optimization Methods in Finance Part 03: (Mixed) Integer (Linear) Programming

CSCI 1951-G Optimization Methods in Finance Part 03: (Mixed) Integer (Linear) Programming

CSCI 1951-G Optimization Methods in Finance Part 03: (Mixed) Integer (Linear) Programming February 9, 2018 1 / 55 Roadmap 1 Introduce Integer Programming and the various sub classes of IP 2 Study the feasible region for IPs 3 Show the

976 views • 55 slides
Circuits for integer factorization D. J. Bernstein University of Illinois at Chicago Exercise

Circuits for integer factorization D. J. Bernstein University of Illinois at Chicago Exercise

Circuits for integer factorization D. J. Bernstein University of Illinois at Chicago Exercise for the reader: Find a nontrivial factor of 6366223796340423057152171586. Exercise for the reader: Find a nontrivial factor of

586 views • 42 slides
Chapter IX: Matrix factorizations* 1. The general idea 2. Matrix factorization methods 3. Latent

Chapter IX: Matrix factorizations* 1. The general idea 2. Matrix factorization methods 3. Latent

Chapter IX: Matrix factorizations* 1. The general idea 2. Matrix factorization methods 3. Latent topic models 4. Dimensionality reduction *Zaki &amp; Meira, Ch. 8; Tan, Steinbach &amp; Kumar, App. B; Manning, Raghavan &amp; Schtze, Ch. 18

798 views • 53 slides
Direct Methods for Solving Linear Systems Matrix Factorization Numerical Analysis (9th Edition)

Direct Methods for Solving Linear Systems Matrix Factorization Numerical Analysis (9th Edition)

Direct Methods for Solving Linear Systems Matrix Factorization Numerical Analysis (9th Edition) R L Burden &amp; J D Faires Beamer Presentation Slides prepared by John Carroll Dublin City University 2011 Brooks/Cole, Cengage Learning c

1.5k views • 132 slides
Challenges in def bubblesort(x): quantum algorithms for for j in range(len(x)): integer

Challenges in def bubblesort(x): quantum algorithms for for j in range(len(x)): integer

1 2 Challenges in def bubblesort(x): quantum algorithms for for j in range(len(x)): integer factorization for i in reversed(range(j)): x[i],x[i+1] = ( D. J. Bernstein min(x[i],x[i+1]), University of Illinois at Chicago max(x[i],x[i+1])

1.48k views • 118 slides

More recommend