Integer Factorization By: Josh Tuggle & Kyle Johnson.

Slides:

Advertisements

Similar presentations

Mathematics of Cryptography Part II: Algebraic Structures

Advertisements

Cryptography and Network Security

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Computability and Complexity

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

Notation Intro. Number Theory Online Cryptography Course Dan Boneh

RSA & F ACTORING I NTEGERS BY: MIKE NEUMILLER & BRIAN YARBROUGH.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10,  John.

CSE115/ENGR160 Discrete Mathematics 03/17/11 Ming-Hsuan Yang UC Merced 1.

Introduction Polynomials

Factoring Algorithms Ref: D. Stinson, Cryptography - Theory and Practice, 2001.

Shor’s Algorithm Osama Awwad Department of Computer Science Western Michigan University July 12, 2015.

Chapter 8 – Introduction to Number Theory Prime Numbers

Dan Boneh Intro. Number Theory Modular e’th roots Online Cryptography Course Dan Boneh.

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.

Zeros of Polynomials PolynomialType of Coefficient 5x 3 + 3x 2 + (2 + 4i) + icomplex 5x 3 + 3x 2 + √2x – πreal 5x 3 + 3x 2 + ½ x – ⅜rational 5x 3 + 3x.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.

May 29, 2008 GNFS polynomials Peter L. Montgomery Microsoft Research, USA 1 Abstract The Number Field Sieve is asymptotically the fastest known algorithm.

CPSC 3730 Cryptography and Network Security

Information Security and Management 4. Finite Fields 8

October,2006 Higher- Degree Polynomials Peter L. Montgomery Microsoft Research and CWI 1 Abstract The Number Field Sieve is asymptotically the fastest.

Copyright, Yogesh Malhotra, PhD, 2013www.yogeshmalhotra.com SPECIAL PURPOSE FACTORING ALGORITHMS Special Purpose Factoring Algorithms For special class.

The Complexity of Primality Testing. What is Primality Testing? Testing whether an integer is prime or not. – An integer p is prime if the only integers.

PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur.

Introduction to Algorithms Second Edition by Cormen, Leiserson, Rivest & Stein Chapter 31.

Short course on quantum computing Andris Ambainis University of Latvia.

Factorization of a 768-bit RSA modulus Jung Daejin Lee Sangho.

SNFS versus (G)NFS and the feasibility of factoring a 1024-bit number with SNFS Arjen K. Lenstra Citibank, New York Technische Universiteit Eindhoven.

Chapter 4 – Finite Fields

Data Security and Encryption (CSE348) 1. Lecture # 12 2.

Lesson 2.5, page 312 Zeros of Polynomial Functions Objective: To find a polynomial with specified zeros, rational zeros, and other zeros, and to use Descartes’

The Fast Fourier Transform and Applications to Multiplication

Information Security Lab. Dept. of Computer Engineering 87/121 PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular.

9/22/15UB Fall 2015 CSE565: S. Upadhyaya Lec 7.1 CSE565: Computer Security Lecture 7 Number Theory Concepts Shambhu Upadhyaya Computer Science & Eng. University.

Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.

Quantum Computing Michael Larson. The Quantum Computer Quantum computers, like all computers, are machines that perform calculations upon data. Quantum.

A Survey on Factoring Large Numbers ～巨大数の因数分解に関する調査～ Kanada Lab. M Yoshida Hitoshi.

Page 1 COMPSCI 290.2: Computer Security “Quantum Cryptography” including Quantum Communication Quantum Computing.

Primality Testing. Introduction The primality test provides the probability of whether or not a large number is prime. Several theorems including Fermat’s.

9.1 Primes and Related Congruence Equations 23 Sep 2013.

Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number.

Multiplicative Group The multiplicative group of Z n includes every a, 0

CS480 Cryptography and Information Security

Zeros (Solutions) Real Zeros Rational or Irrational Zeros Complex Zeros Complex Number and its Conjugate.

Shor's Factorization Algorithm Keith Kelley, CS 6800.

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:

PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Dept of CSE, IIT Kanpur.

Number-Theoretic Algorithms

CSE565: Computer Security Lecture 7 Number Theory Concepts

COMPSCI 290.2: Computer Security

Handbook of Applied Cryptography - CH4, from 4.1~4.3

Introduction to Number Theory

Quantum Cryptography Quantum Computing

Applied Discrete Mathematics Week 3: Algorithms

Number Theory (Chapter 7)

Parallel Quadratic Sieve

Factoring RSA Moduli: Current State of the Art J

Mathematical Background for Cryptography

Quantum Cryptography Quantum Computing

Mathematical Background: Extension Finite Fields

Presentation transcript:

Integer Factorization By: Josh Tuggle & Kyle Johnson

What Is It? Integer Factorization - The decomposition of a composite number into its primes. Not much of an actual problem until the number becomes very large. No efficient algorithm exists yet. Goal: Factor in polynomial time.

What Is It? Hardest instance for I.F.: semiprimes. – Product of two prime numbers. An algorithm that can efficiently factor any integer would compromise RSA Cryptography.

Statistics Sept – April 1994: RSA-129 becomes first large distributed factorization. Jan – Aug. 1999: RSA-155 is factored using GNFS. April 2003: RSA-160 factored using 100 CPUs. Dec – May 2005: RSA-200 factored using 80 Opteron processors in Germany. Dec. 2009: RSA-768 becomes largest semiprime factored (232 digits) after two years and the equivalent of 2000 years of processing.

Running Time There are many bounds on this problem based on what is known about the integer to be factored. The algorithm with the best running time is the General Number Field Sieve: However, there is an algorithm out there that has a better factoring time, with a major difference.

Running Time Shor’s Algorithm currently has the best runtime for this problem: O((log N) 3 ). – N is the input’s size. Only works with a quantum computer.

Algorithms There exists multiple algorithms for this particular problem. Which one to use depends on what is known about the input. These algorithms can be grouped into two classes: Special-Purpose and General- Purpose.

Special-Purpose (Category 1) These algorithms’ runtimes depend on the size of the smallest prime factor. General procedure is to use these algorithms on an integer first to remove the more manageable factors. Examples: Trial Division, Wheel Factorization, Euler’s factorization method.

Trial Division Requires most work, but easiest to understand. Given an integer n: – Start at 2 – Move up number line towards n. – Divide n by each number – Check if the number went into n with no remainders – Repeat until all factors are prime.

General-Purpose (Category 2) The runtime for these algorithms depends only on the size of the integer being factored. RSA numbers are factored using algorithms in this class. Examples: Dixon’s Algorithm, Shank’s Square Forms Factorization, General Number Field Sieve.

General Number Field Sieve (GNFS) Arbitrarily select two polynomials f(x) and g(x) that must fit several conditions. – Small degrees d and e. – Integer coefficients – Irreducible over rationals – Must yield same integer root when modded by the initial number n.

General Number Field Sieve (GNFS) Subject the two polynomials to number field rings to find values of two integers a and b that satisfy: – r = b d f(a/b) and s = b e g(a/b) – r and s must be numbers that factor into primes only. Homomorphisms are then used to find two values x and y such that x 2 – y 2 is divisible by n. These values are used to find a factor of n by taking the gcd of n and x – y.

Shor’s Algorithm Algorithm developed by Peter Shor in Can factor in polynomial time, but requires a quantum computer. Placed in complexity class BQP – Bounded-Error Quantum Polynomial Time

Shor’s Process The algorithm consists of two key parts: – A change of the problem from factoring to order- finding. – Solving the order-finding problem. The problem change portion can be done on a traditional computer, but the order-finding portion requires a quantum computer.

Traditional Half Pick a random integer a that is less than N, the integer being factored. Find the gcd of the two integers. If this value isn’t 1, then there is a factor of N, and the algorithm is finished. If the value is 1, we must go to the quantum half of the algorithm.

Quantum Half Known as the period-finding subroutine. Used to find an r value that represents the period of the function: f(x) = a x mod N. Quantum circuits used are custom made for each (a, N) pair. r cannot be odd and a r/2 and -1 cannot be congruent modulo N. If these conditions are both met, then gcd(a r/2 ± 1, N) is a nontrivial factor of N and the algorithm finishes.

Quantum Half Heavily depends on a quantum computer’s superposition property. Evaluates the function at all points simultaneously. The algorithm’s runtime (O(log N) 3 ) stems from Shor solving three quantum problems in O(log N) time each. – Superposition, function as a quantum transform, and quantum Fourier transform.

Questions?