Presentation is loading. Please wait.

Presentation is loading. Please wait.

Factoring bi-primes with Orion Dr. William Macready, Vice-President, Product Development July 14 2005.

Published byRudolf Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "Factoring bi-primes with Orion Dr. William Macready, Vice-President, Product Development July 14 2005."— Presentation transcript:

1 Factoring bi-primes with Orion Dr. William Macready, Vice-President, Product Development July 14 2005

2 confidential 2 Given an n T -bit integer T which is the product of an n p -bit prime p and an n q -bit prime q; find p or q Problem is useful for a number of reasons Potential cryptanalytic applications Source of difficult optimization problems (lots of local minima) where we know the answer Applications:\\factoring bi-primes

3 confidential 3 Multiplying out the factors long-hand gives a set of equality constraints that the bits of p and q must satisfy Objective function consists in adding the squared constraint violations Applications:\\factoring bi-primes

4 confidential 4 Number to be factored must be odd Both factors must be odd So we know the ones-place bits are 1 There are n T possible bit lengths {n p, n q } Most significant bit of each factor must be 1 Example:\\factoring 119

5 confidential 5 Step 1 - Multiplication n T = n 119 =7 possible factor bit lengths –In the worst case, all 7 possible combinations must be tried –in this example we try n p =5 and n q =3 Write factors using x i,y for unknown bits 1 x 3 x 2 x 1 1 & 1 y 1 Write out long multiplication for the factors

6 confidential 6 Factor 1:1x3x3 x2x2 x1x1 1 Factor 2:1y1 1x3x3 x2x2 x1x1 1 yx3yx3yx2yx2yx1yx1yy 1x3x3 x2x2 x1x1 1 1110111 Long Multiplication for 119

7 confidential 7 Step 2 – Derive Equations An equation to be satisfied can be derived from each column Need to introduce new binary variables, z i, for carries For 119, we get a system of 6 equations

8 confidential 8 Step 3 – Polynomial Time Simplification of Equations Using a polynomial (in n T ) time algorithm, simplify the equations as much as possible –eliminate variables which can easily be inferred to have a certain value –current method is O(n T 3 ), but could do better If goal is the factoring of n T =1,024-bit bi-primes then we need to do more/better polynomial preprocessing to reduce number of variables

9 confidential 9 System of Equations for 119 x 1 + y=1(1) x 2 + x 1 y + 1=1 + 2z 1 (2) x 3 + x 2 y + x 1 + z 1 =0 + 2z 2 + 4z 3 (3) 1 +x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1 + 2z 5 (5) 1 + z 5 =1(6)

10 confidential 10 System of Equations for 119 x 1 + y=1(1) x 2 + x 1 y + 1=1 + 2z 1 (2) x 3 + x 2 y + x 1 + z 1 =0 + 2z 2 + 4z 3 (3) 1 +x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1 + 2z 5 (5) 1 + z 5 =1(6)

11 confidential 11 System of Equations for 119 x 1 + y=1(1) x 2 + x 1 y + 1=1 + 2z 1 (2) x 3 + x 2 y + x 1 + z 1 =0 + 2z 2 + 4z 3 (3) 1 +x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

12 confidential 12 System of Equations for 119 x 1 + y=1 => x 1 y=0(1) x 2 + x 1 y + 1=1 + 2z 1 (2) x 3 + x 2 y + x 1 + z 1 =0 + 2z 2 + 4z 3 (3) 1 +x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

13 confidential 13 System of Equations for 119 x 1 + y=1(1) x 2 + 1=1 + 2z 1 (2) x 3 + x 2 y + x 1 + z 1 =0 + 2z 2 + 4z 3 (3) 1 +x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

14 confidential 14 System of Equations for 119 x 1 + y=1(1) x 2 + 1=1 + 2z 1 (2) x 3 + x 2 y + x 1 + z 1 =0 + 2z 2 + 4z 3 (3) 1 +x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

15 confidential 15 System of Equations for 119 x 1 + y=1(1) x 2 + 1=1(2) x 3 + x 2 y + x 1 =0 + 2z 2 + 4z 3 (3) 1 + x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

16 confidential 16 System of Equations for 119 x 1 + y=1(1) x 2 + 1=1(2) x 3 + x 2 y + x 1 =0 + 2z 2 + 4z 3 (3) 1 + x 3 y + x 2 + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

17 confidential 17 System of Equations for 119 x 1 + y=1(1) 1=1(2) x 3 + x 1 =0 + 2z 2 + 4z 3 (3) 1 + x 3 y + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

18 confidential 18 System of Equations for 119 x 1 + y=1(1) 1=1(2) x 3 + x 1 =0 + 2z 2 + 4z 3 (3) 1 + x 3 y + z 2 =1 + 2z 4 (4) y + x 3 + z 3 + z 4 =1(5) 1=1(6)

19 confidential 19 System of Equations for 119 x 1 + y=1(1) 1=1(2) x 3 + x 1 =0 + 2z 2 (3) 1 + x 3 y + z 2 =1 + 2z 4 (4) y + x 3 + z 4 =1(5) 1=1(6)

20 confidential 20 Step 4 – Convert to a Quadratic Optimization Objective After simplification algorithm complete, replace all bi-linear terms (e.g. x 3 y) with new binary variables (w), w is 1 if and only if x 3 and y are both 1. –actually this is done first since it might offer the potential for additional simplification Each new binary variable (w) introduces 3 new binary slack variables: (s 1, s 2, s 3 ) –can get by with only 1 slack variable Can now convert the equations into an energy function.

21 confidential 21 System of Equations for 119 x 1 + y=1(1) 1=1(2) x 3 + x 1 =0 + 2z 2 (3) 1 + w + z 2 =1 + 2z 4 (4) y + x 3 + z 4 =1(5) 1=1(6)

22 confidential 22 Energy terms for 119 x 1 + y - 1=0(1) 1 - 1=0(2) x 3 + x 1 -2z 2 =0(3) w + z 2 -2z 4 =0(4) y + x 3 + z 4 - 1=0(5) 1 - 1=0(6)

23 confidential 23 Quadratic terms for 119 (x 1 + y – 1) 2 =0(1) 0=0(2) (x 3 + x 1 -2z 2 ) 2 =0(3) (w + z 2 -2z 4 ) 2 =0(4) (y + x 3 + z 4 - 1) 2 =0(5) 0=0(6)

24 confidential 24 Step 5 – Orion To find the factors, all terms must be zero Sum all the terms together in one energy function –Can weight each term differently –This freedom used to tune the quantum mechanical annealing schedule

25 confidential 25 Energy Function E = μ 1 (x 1 +y–1) 2 + μ 2 (x 3 +x 1 -2z 2 ) 2 + μ 3 (w+z 2 -2z 4 ) 2 + μ 4 (y+x 3 +z 4 -1) 2 + λ 1 (w- x 3 +s 1 ) 2 + λ 2 (w-y+s 2 ) 2 + λ 3 (x 3 +y-w+s 3 -1) 2 We know that ground state has E min = 0 We can be smart in how the Lagrange multipliers are chosen to minimize the number of local minima

26 confidential 26 Factor Graph for factoring 119

27 confidential 27 Factoring Algorithm Given: an integer T of n T bits to be factored Determine possible bit sizes of factors For each bit size pair {n p, n q } –Derive factoring equations Number of variables = bit positions of each factor + carry variables –Simplify factoring equations (scaling behaviour) –Result is a set of multi-linear equations to be solved over the Booleans –Map equations to an energy function solved by the hardware map quartic interaction to quadratic –Introduces slack variables (scaling of number of variables) –Minimize energy function (scaling ?) –Read result –Solution factors T? Yes -> done No -> rerun (perhaps modify energy function, e.g. adjust multipliers)

28 confidential 28 Scaling behaviour

29 confidential 29 Scaling behaviour – space complexity Space complexity –With limited sophistication in simplifying the factoring equations Number of variables required to factor an n T bit integer is O(n T ) Number of variables required after removal of quartic interactions is O(n T 2 ) –Arises from the pair-wise products –With more intelligence in simplifying the equations can probably do much better Currently do not include the fact that factors are prime in simplification

30 confidential 30 Scaling behaviour – time complexity Time complexity governed by three separate tasks –Derivation and simplification of multi-linear equations –Orion run time Classical preprocessing is tractable by construction Orion run-time performance unknown

31 confidential 31 Integer factoring can be addressed as discrete optimization in O(n T 2 ) variables Optimization used to find integer solutions to a multi-linear set of equations –Equations to be solved can probably be simplified without too much effort Method is parallelizable as different bit length of factors can all be tested in parallel Factoring bi-primes:\\conclusions

Download ppt "Factoring bi-primes with Orion Dr. William Macready, Vice-President, Product Development July 14 2005."

Similar presentations

Factoring Polynomials

Factoring Polynomials
Complex Roots of Polynomials

Complex Roots of Polynomials
Easy Optimization Problems, Relaxation, Local Processing for a small subset of variables.

Easy Optimization Problems, Relaxation, Local Processing for a small subset of variables.
CRASH COURSE IN QUADRATICS In preparation for the Algebra CST -b + b 2 – 4ac 2ac √ (x+4)(x-3)=0 (x+1)(x+2) X 2 – 5x +4 F O I L Complete The Square.

CRASH COURSE IN QUADRATICS In preparation for the Algebra CST -b + b 2 – 4ac 2ac √ (x+4)(x-3)=0 (x+1)(x+2) X 2 – 5x +4 F O I L Complete The Square.
Optimization in Engineering Design 1 Lagrange Multipliers.

Optimization in Engineering Design 1 Lagrange Multipliers.
Quantum Computation and Error Correction Ali Soleimani.

Quantum Computation and Error Correction Ali Soleimani.
Constrained Optimization Rong Jin. Outline  Equality constraints  Inequality constraints  Linear Programming  Quadratic Programming.

Constrained Optimization Rong Jin. Outline  Equality constraints  Inequality constraints  Linear Programming  Quadratic Programming.
Lecture 10: Support Vector Machines

Lecture 10: Support Vector Machines
6.5 & 6.6 Theorems About Roots and the Fundamental Theorem of Algebra

6.5 & 6.6 Theorems About Roots and the Fundamental Theorem of Algebra
11 -1 Chapter 11 Randomized Algorithms. 11 -2 Randomized algorithms In a randomized algorithm (probabilistic algorithm), we make some random choices.

11 -1 Chapter 11 Randomized Algorithms Randomized algorithms In a randomized algorithm (probabilistic algorithm), we make some random choices.
Constrained Optimization Rong Jin. Outline  Equality constraints  Inequality constraints  Linear Programming  Quadratic Programming.

Constrained Optimization Rong Jin. Outline  Equality constraints  Inequality constraints  Linear Programming  Quadratic Programming.
Warm Up #4 1. Evaluate –3x – 5y for x = –3 and y = 4. –11 ANSWER

Warm Up #4 1. Evaluate –3x – 5y for x = –3 and y = 4. –11 ANSWER
Solving Systems Using Elimination Objective: To solve systems of equations algebraically.

Solving Systems Using Elimination Objective: To solve systems of equations algebraically.
3.5 Solving systems of equations in 3 variables

3.5 Solving systems of equations in 3 variables
Factoring Polynomials

Factoring Polynomials
MATH!!! EXAM PREP!!!! ConoR RoweN. Addition Property (of Equality) Multiplication Property (of Equality). If the same number is added to both sides of.

MATH!!! EXAM PREP!!!! ConoR RoweN. Addition Property (of Equality) Multiplication Property (of Equality). If the same number is added to both sides of.
Warm - up 6.2 Factor: 1. 4x 2 – 24x4x(x – 6) 2. 2x 2 + 11x – 21(2x – 3)(x + 7) 3. 4x 2 – 36x + 81 (2x – 9) 2 Solve: 4. x 2 + 10x + 25 = 0X = -5.

Warm - up 6.2 Factor: 1. 4x 2 – 24x4x(x – 6) 2. 2x x – 21(2x – 3)(x + 7) 3. 4x 2 – 36x + 81 (2x – 9) 2 Solve: 4. x x + 25 = 0X = -5.
(c) MathScience Innovation Center 2007 Solving Linear Systems Trial and Error Substitution Linear Combinations (Algebra) Graphing.

(c) MathScience Innovation Center 2007 Solving Linear Systems Trial and Error Substitution Linear Combinations (Algebra) Graphing.
Section 3.2 Beginning on page 104

Section 3.2 Beginning on page 104
Graphing Systems of Equations Graph of a System Intersecting lines- intersect at one point One solution Same Line- always are on top of each other,

Graphing Systems of Equations Graph of a System Intersecting lines- intersect at one point One solution Same Line- always are on top of each other,

Similar presentations

Ads by Google