Parallel Quadratic Sieve Factoring and other adventures done in parallel Daniel Ron 11/24/2018

Background Factoring is hard Many different algorithms Background – Algorithm – Results – Moving Forward Factoring is hard Many different algorithms Daniel Ron 11/24/2018

Background Factoring is hard Many different algorithms Trial division Background – Algorithm – Results – Moving Forward Factoring is hard Many different algorithms Trial division Pullard’s 𝜌 Method Quadratic Number Field Sieve General Number Field Sieve Daniel Ron 11/24/2018

Background Factoring is hard Many different algorithms Trial division Background – Algorithm – Results – Moving Forward Factoring is hard Many different algorithms Trial division Pullard’s 𝜌 Method Quadratic Number Field Sieve General Number Field Sieve 𝑛 2 4 𝑛 𝑝𝑜𝑙𝑦𝑙𝑜𝑔 𝑛 exp 1+𝑜 1 log 𝑛 log log 𝑛 exp 3 64 9 +𝑜 1 log 𝑛 1 3 log log 𝑛 2 3 Daniel Ron 11/24/2018

Background: Goals Where can we parallelize? Background – Algorithm – Results – Moving Forward Where can we parallelize? What sub-problems can we improve in parallel? Daniel Ron 11/24/2018

Background: Goals Primality checking Modular square root GCD Background – Algorithm – Results – Moving Forward Primality checking Modular square root GCD “Small” number factoring Nullspace over 𝐹 2 Daniel Ron 11/24/2018

Background: Goals Primality checking Miller-Rabin Background – Algorithm – Results – Moving Forward Primality checking Miller-Rabin Modular square root Tonelli-Shanks GCD Lehmer “Small” number factoring Pullard’s 𝜌 method Nullspace over 𝐹 2 Block Lanczos Daniel Ron 11/24/2018

Background: Goals Good at Parallel Primality checking Background – Algorithm – Results – Moving Forward Good at Parallel Primality checking Small number factoring Nullspace over 𝐹 2 Bad at Parallel Modular square root GCD Daniel Ron 11/24/2018

Miller-Rabin Primality test Algorithm Background – Algorithm – Results – Moving Forward Primality Testing Miller-Rabin Primality test Daniel Ron 11/24/2018

Algorithm Given odd 𝑛, we have 𝑛−1= 2 𝑠 𝑑, 𝑑 odd Background – Algorithm – Results – Moving Forward Given odd 𝑛, we have 𝑛−1= 2 𝑠 𝑑, 𝑑 odd ∀𝑎, either 𝑎 𝑑 ≡1 mod 𝑛 or 𝑎 2 𝑟 𝑑 ≡−1 mod 𝑛 If 𝑎 𝑑 ≠1 mod 𝑛 or 𝑎 2 𝑟 𝑑 ≠−1 mod 𝑛 𝑛 must be composite a is called a witness Daniel Ron 11/24/2018

Algorithm Try random 𝑎∈[2,𝑛−1] 𝑘 times 100% accuracy on primes Background – Algorithm – Results – Moving Forward Try random 𝑎∈[2,𝑛−1] 𝑘 times 100% accuracy on primes 1− 4 −𝑘 on composites Embarrassingly parallel If we find any witness, abort all threads Daniel Ron 11/24/2018

“Small” Number Factoring Pullard’s 𝜌 Method Algorithm Background – Algorithm – Results – Moving Forward “Small” Number Factoring Pullard’s 𝜌 Method Daniel Ron 11/24/2018

Algorithm Intelligently generate a pseudo-random sequence Background – Algorithm – Results – Moving Forward Intelligently generate a pseudo-random sequence Based on finding cycles 𝑓 𝑥 = 𝑥 2 +𝑐 mod 𝑛 for some 𝑐, 𝑐≠0,−2 Iterate over 𝑥=𝑓 𝑥 , 𝑦=𝑓 𝑓 𝑦 until 𝐺𝐶𝐷 𝑥−𝑦 ,𝑛 ≠1 → Can run multiple iterations at once with different values of 𝑐 Daniel Ron 11/24/2018

Block Lanczos Algorithm Background – Algorithm – Results – Moving Forward Nullspace over 𝐹 2 Block Lanczos Algorithm Daniel Ron 11/24/2018

Algorithm Works well on sparse matrices over small finite fields Background – Algorithm – Results – Moving Forward Works well on sparse matrices over small finite fields Known to be very fast for this data, but doesn’t gain from being parallelized Daniel Ron 11/24/2018

Algorithm Quadratic Sieve Background – Algorithm – Results – Moving Forward Quadratic Sieve Daniel Ron 11/24/2018

Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀 Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018

Algorithm Given 𝑛 →Choose bounds 𝑩 and 𝑴 Tunable Parameter Background – Algorithm – Results – Moving Forward Given 𝑛 →Choose bounds 𝑩 and 𝑴 Tunable Parameter Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018

Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀 Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 → Find set of all 𝒑<𝑩 such that 𝒏 𝒑 =𝟏 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Brute force Daniel Ron 11/24/2018

Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀 Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 → Find all squares 𝒂 𝒊 𝟐 = 𝒃 𝒊 <𝑴 such that 𝒃 𝒊 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018

Algorithm Use polynomial 𝑓 𝑥 = 𝐴𝑥+𝐵 2 −n Background – Algorithm – Results – Moving Forward Use polynomial 𝑓 𝑥 = 𝐴𝑥+𝐵 2 −n Note: 𝑓 𝑥 mod n ≡ 𝐴𝑥+𝐵 2 mod 𝑛 ⇒ 𝑎 𝑖 =(𝐴𝑥+𝐵) for some 𝑥 Solve 𝑓 𝑥 ≡0 mod 𝑝, call solution α 𝑝 factors f 𝛼+𝑘𝑝 , mark all these values Repeat for all 𝑝 in our base Daniel Ron 11/24/2018

Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀 Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set → Find subset of 𝒃 𝒊 such that 𝚷 𝒃 𝒊 = 𝒄 𝟐 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018

Algorithm Write each 𝑏 𝑖 in prime power representation Background – Algorithm – Results – Moving Forward Write each 𝑏 𝑖 in prime power representation 𝑏 𝑖 = 𝑝 𝑖0 𝑒 𝑖0 𝑝 𝑖1 𝑒 𝑖1 … 𝑝 𝑖𝑚 𝑒 𝑖𝑚 Can be represented as vector 𝑒 𝑖0 , 𝑒 𝑖1 ,…, 𝑒 𝑖𝑚 we set 𝑒 𝑖𝑚 , can set size of vector Consider these vectors in 𝐹 2 Choose subset of vectors whos sum is 0 Daniel Ron 11/24/2018

Algorithm This is a matrix operation! Background – Algorithm – Results – Moving Forward This is a matrix operation! 𝑥 ⋅ 1 0 1 0 1 1 0 1 1 0 1 1 =0↔ 1 0 1 0 1 1 0 1 1 0 1 1 𝑥 =0 Finding the nullspace gives us 𝑏 𝑖 s.t. Π 𝑏 𝑖 = 𝑐 2 mod 𝑛 Daniel Ron 11/24/2018

Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀 Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c → Calculate 𝑮𝑪𝑫(𝒂−𝒄, 𝒏), 𝑮𝑪𝑫(𝒂+𝒄, 𝒏) Now we have two factors! Daniel Ron 11/24/2018

Results Background – Algorithm – Results – Moving Forward Improvement in primality testing for larger numbers ~1 order of magnitude on one core Primality testing: Linear speedup with cores Pollard’s Rho: faster than trial division for semiprimes Worse for small smooth numbers Slight parallel speedup Daniel Ron 11/24/2018

Results Background – Algorithm – Results – Moving Forward Daniel Ron 11/24/2018

Moving Forward Implement efficient blocking of matrix data Background – Algorithm – Results – Moving Forward Implement efficient blocking of matrix data Where + when parallelization helps Parallel for loops Parallel polynomials in QS → 𝐴𝑥+𝐵 2 Parallel nullspace over 𝐹 2 etc Get QS working on bigints Determine proper cutoffs Daniel Ron 11/24/2018