Prabhas Chongstitvatana1 Factorizing large integers Finding the unique decomposition of n into a product of prime factors. Factorize(n) if n is prime done.

Slides:



Advertisements
Similar presentations
AKS Implementation of a Deterministic Primality Algorithm
Advertisements

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Chapter 8 Introduction To Number Theory. Prime Numbers Prime numbers only have divisors of 1 and Prime numbers only have divisors of 1 and self. self.
Thinking Mathematically
Decimals and Fractions
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Section 5-4 Greatest Common Factor and Least Common Multiple.
Chapter Primes and Greatest Common Divisors ‒Primes ‒Greatest common divisors and least common multiples 1.
Lesson 1: Factors and Multiples of Whole Numbers
Lecture 8: Primality Testing and Factoring Piotr Faliszewski
Basic properties of the integers
Foundations of Network and Computer Security J J ohn Black Lecture #7 Sep 14 th 2004 CSCI 6268/TLEN 5831, Fall 2004.
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
Zeros of Polynomial Functions Section 2.5. Objectives Use the Factor Theorem to show that x-c is a factor a polynomial. Find all real zeros of a polynomial.
Discrete Log 1 Discrete Log. Discrete Log 2 Discrete Logarithm  Discrete log problem:  Given p, g and g a (mod p), determine a o This would break Diffie-Hellman.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 29 th 2005 CSCI 6268/TLEN 5831, Fall 2005.
Factoring Algorithms Ref: D. Stinson, Cryptography - Theory and Practice, 2001.
Chapter 8 – Introduction to Number Theory Prime Numbers
RSA Question 2 Bob thinks that p and q are primes but p isn’t. Then, Bob thinks ©Bob:=(p-1)(q-1) = Á(n). Is this true ? Bob chooses a random e (1 < e
Properties of the Integers: Mathematical Induction
WHOLE NUMBERS; INTEGERS Whole numbers: Z 0,+ = the natural numbers  {0}. Integers:
CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.
Chapter Number Theory 4 4 Copyright © 2013, 2010, and 2007, Pearson Education, Inc.
The Integers and Division
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.
Software Security Seminar - 1 Chapter 11. Mathematical Background 발표자 : 안병희 Applied Cryptography.
Chapter 3 Greek Number Theory The Role of Number Theory Polygonal, Prime and Perfect Numbers The Euclidean Algorithm Pell’s Equation The Chord and Tangent.

May 29, 2008 GNFS polynomials Peter L. Montgomery Microsoft Research, USA 1 Abstract The Number Field Sieve is asymptotically the fastest known algorithm.
Chapter 2 The Fundamentals: Algorithms, the Integers, and Matrices
CSE 504 Discrete Mathematics & Foundations of Computer Science
3.4/3.5 The Integers and Division/ Primes and Greatest Common Divisors Let each of a and b be integers. We say that a divides b, in symbols a | b, provided.
Information Security and Management 4. Finite Fields 8
October,2006 Higher- Degree Polynomials Peter L. Montgomery Microsoft Research and CWI 1 Abstract The Number Field Sieve is asymptotically the fastest.
Copyright, Yogesh Malhotra, PhD, 2013www.yogeshmalhotra.com SPECIAL PURPOSE FACTORING ALGORITHMS Special Purpose Factoring Algorithms For special class.
Number Theory.  A prime number is a natural number greater than 1 that has exactly two factors (or divisors), itself and 1.  Prime numbers less than.
We will use Gauss-Jordan elimination to determine the solution set of this linear system.
1 Introduction to Abstract Mathematics Chapter 3: Elementary Number Theory and Methods of Proofs Instructor: Hayk Melikya Direct.
Factorization of a 768-bit RSA modulus Jung Daejin Lee Sangho.
Slide Copyright © 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley.
6.4 Factoring.
CSE 311: Foundations of Computing Fall 2014 Lecture 12: Primes, GCD.
More on Efficiency Issues. Greatest Common Divisor given two numbers n and m find their greatest common divisor possible approach –find the common primes.
9/22/15UB Fall 2015 CSE565: S. Upadhyaya Lec 7.1 CSE565: Computer Security Lecture 7 Number Theory Concepts Shambhu Upadhyaya Computer Science & Eng. University.
Math Problems Francis Fok 9 th Oct. Content Greatest common divisor Prime number algorithm Find power Other forms of integer.
Module #9 – Number Theory 1/5/ Algorithms, The Integers and Matrices.
Slide Copyright © 2009 Pearson Education, Inc. Unit 1 Number Theory MM-150 SURVEY OF MATHEMATICS – Jody Harris.
Greatest Common Divisors & Least Common Multiples  Definition 4 Let a and b be integers, not both zero. The largest integer d such that d|a and d|b is.
A Survey on Factoring Large Numbers ~ 巨大数の因数分解に関する調査 ~ Kanada Lab. M Yoshida Hitoshi.
AF2. Turn off your phones Primes, gcd, some examples, reading.
AF2. Turn off your phones Primes, gcd, some examples, reading.
Part I: Numbers and Operations Lesson 1: Numbers.
1 Discrete Structures – CNS2300 Text Discrete Mathematics and Its Applications Kenneth H. Rosen (5 th Edition) Chapter 2 The Fundamentals: Algorithms,
Chapter 4 With Question/Answer Animations 1. Chapter Summary Divisibility and Modular Arithmetic - Sec 4.1 – Lecture 16 Integer Representations and Algorithms.
Ch04-Number Theory and Cryptography 1. Introduction to Number Theory Number theory is about integers and their properties. We will start with the basic.
Module #9 – Number Theory 6/11/20161 Chapter 3 Algorithms, Integers and Matrices.
Chapter 3 The Fundamentals: Algorithms, the integers, and matrices Section 3.4: The integers and division Number theory: the part of mathematics involving.
Agenda Review:  Relation Properties Lecture Content:  Divisor and Prime Number  Binary, Octal, Hexadecimal Review & Exercise.
Number-Theoretic Algorithms
Divisibility and Primes
Parallel Quadratic Sieve
Factoring RSA Moduli: Current State of the Art J
Copyright © Zeph Grunschlag,
Mathematical Background for Cryptography
From the last time: gcd(a, b) can be characterized in two different ways: It is the least positive value of ax + by where x and y range over integers.
Presentation transcript:

Prabhas Chongstitvatana1 Factorizing large integers Finding the unique decomposition of n into a product of prime factors. Factorize(n) if n is prime done find a non trivial divisor m factorize( m) factorize( n/m )

Prabhas Chongstitvatana2 Looking for divisor smaller than sqrt(n) by trying all m, called “trial division”. “hard” : n is the product of two primes of roughly the same size Let n be a composite integer. Let a and b be distinct integer 1..n-1 such that a+b != n. If a 2 mod n = b 2 mod n then gcd( a+b, n) is a non trivial divisor of n.

Prabhas Chongstitvatana3 Example n = 2537, let a = 2012, b = 1127, a 2 = 1595n b 2 = 500n a != b, a + b != n gcd(a+b, n) = 43 is a divisor of n

Prabhas Chongstitvatana4 How to find a and b ? An integer is k-smooth if all its prime divisors are among the k smallest primes. 120 = 2 3 x 3 x 5 is 3-smooth Use LV choose x randomly 1..n-1 y = x 2 mod n if y is k-smooth store x and factorization of y. Find k+1 different integers of these.

Prabhas Chongstitvatana5 x1 = 2455 y1 = 1650 = 2 x 3 x 5 2 x 11 x2 = 970 y2 = 2210 = 2 x 5 x 13 x 17 x3 = 1105 y3 = 728 = 2 3 x 7 x 13 x4 = 1458 y4 = 2295 = 3 3 x 5 x 17 x5 = 216 y5 = 990 = 2 x 3 2 x 5 x 11 x6 = 80 y6 = 1326 = 2 x 3 x 13 x 17 x7 = 1844 y7 = 756 = 2 2 x 3 3 x 7 x8 = 433 y8 = 2288 = 2 4 x 11 x 13

Prabhas Chongstitvatana6 Form (k+1) x k matrix M over {0, 1}. Each row corresponds to one success, each column corresponds to one admissible primes. Mij = 0 if j-th prime appears to an even power (including zero).

Prabhas Chongstitvatana M = y1 = 1650 = 2 x 3 x 5 2 x 11 y2 = 2210 = 2 x 5 x 13 x 17

Prabhas Chongstitvatana8 Matrix M has more rows than columns hence the rows cannot be linearly independent. There exists a nonempty set of rows that add up to the all-zero vector in arithmetic mod 2. (can be found by Gauss-Jordan elimination) There are seven solutions 1,2,4,8 or 1,3,4,5,6,7...

Prabhas Chongstitvatana9 1, 2, 4,

Prabhas Chongstitvatana10 The exponents are necessarily even by construction. A square root can be found. y 1 y 2 y 4 y 8 = 2 6 x 3 4 x 5 4 x 11 2 x 13 2 x 17 2 y 1 y 3 y 4 y 5 y 6 y 7 = 2 8 x 3 10 x 5 4 x 7 2 x 11 2 x 13 2 x 17 2 a = 2 3 x 3 2 x 5 2 x 11 x 13 x 17 mod 2537 = 1973 b = 2455 x 970 x 1458 x 433 mod 2537 = 1127 x1 * x2 * x4 * x8

Prabhas Chongstitvatana11 The technique yields a, b in 1..n-1 such that a 2 mod n = b 2 mod n but no quarantee that a != b and a+b != n.

Prabhas Chongstitvatana12 The technique yields a, b in 1..n-1 such that a 2 mod n = b 2 mod n but no quarantee that a != b and a+b != n. Choose y1y3y4y5y6y7 It can be proved that this process succeeds with prob. at least 50% a’ = 2 4 x 3 5 x 5 2 x 7 x 11 x 13 x 17 mod 2537 = 1973 b’ = 2455 x 1105 x 1458 x 216 x 80 x 1844 mod 2537 = 1127 But a’ + b’ = n

Prabhas Chongstitvatana13 Determine the value of k k large ; higher prob. That x 2 mod n will be k-smooth k small; the faster for testing k-smoothness and factorize k-smooth values.

Prabhas Chongstitvatana14 Determine the value of k k large ; higher prob. That x 2 mod n will be k-smooth k small; the faster for testing k-smoothness and factorize k-smooth values. Let L = e^ sqrt( log n log log n ) let b an arbitrary positive real number let t = L 1/2 b

Prabhas Chongstitvatana15 If k ~ L b, about one x in t is such that x 2 mod n is k-smooth. To build M, take k+1 successes (each use k div) The expected number of “trial division” approx. O(t k 2 ) = O(L (1/2b) + 2b ) which minimize at O(L 2 ) when b = 1/2 Find set of rows add to zero take O(k 3 ) = O(L 3b ) (use Gauss-Jordan)

Prabhas Chongstitvatana16 Take k ~ sqrt(L), the algorithm splits n after an expected number of divisions that is approx. O(L 2 ). An average 100 decimal digit number L 2 ~ 5 x whereas sqrt(n) ~ 7 x 10 49

Prabhas Chongstitvatana17 Take k ~ sqrt(L), the algorithm splits n after an expected number of divisions that is approx. O(L 2 ). An average 100 decimal digit number L 2 ~ 5 x whereas sqrt(n) ~ 7 x Improvement Choose x so that x 2 mod n is more likely to be k- smooth

Prabhas Chongstitvatana18 Randomness plays a fundamental role in this algorithm because no deterministic approach for finding so many good x’s has been proved efficient. Other heuristic Choose x slightly larger than sqrt(n) Quadratic sieve Double large prime multiple polynomial variation of quadratic sieve Elliptic curve Number field sieve

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.