Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prabhas Chongstitvatana1 Factorizing large integers Finding the unique decomposition of n into a product of prime factors. Factorize(n) if n is prime done.

Published byJason Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Prabhas Chongstitvatana1 Factorizing large integers Finding the unique decomposition of n into a product of prime factors. Factorize(n) if n is prime done."— Presentation transcript:

1 Prabhas Chongstitvatana1 Factorizing large integers Finding the unique decomposition of n into a product of prime factors. Factorize(n) if n is prime done find a non trivial divisor m factorize( m) factorize( n/m )

2 Prabhas Chongstitvatana2 Looking for divisor smaller than sqrt(n) by trying all m, called “trial division”. “hard” : n is the product of two primes of roughly the same size Let n be a composite integer. Let a and b be distinct integer 1..n-1 such that a+b != n. If a 2 mod n = b 2 mod n then gcd( a+b, n) is a non trivial divisor of n.

3 Prabhas Chongstitvatana3 Example n = 2537, let a = 2012, b = 1127, a 2 = 1595n + 1629 b 2 = 500n + 1629 a != b, a + b != n gcd(a+b, n) = 43 is a divisor of n

4 Prabhas Chongstitvatana4 How to find a and b ? An integer is k-smooth if all its prime divisors are among the k smallest primes. 120 = 2 3 x 3 x 5 is 3-smooth Use LV choose x randomly 1..n-1 y = x 2 mod n if y is k-smooth store x and factorization of y. Find k+1 different integers of these.

5 Prabhas Chongstitvatana5 x1 = 2455 y1 = 1650 = 2 x 3 x 5 2 x 11 x2 = 970 y2 = 2210 = 2 x 5 x 13 x 17 x3 = 1105 y3 = 728 = 2 3 x 7 x 13 x4 = 1458 y4 = 2295 = 3 3 x 5 x 17 x5 = 216 y5 = 990 = 2 x 3 2 x 5 x 11 x6 = 80 y6 = 1326 = 2 x 3 x 13 x 17 x7 = 1844 y7 = 756 = 2 2 x 3 3 x 7 x8 = 433 y8 = 2288 = 2 4 x 11 x 13

6 Prabhas Chongstitvatana6 Form (k+1) x k matrix M over {0, 1}. Each row corresponds to one success, each column corresponds to one admissible primes. Mij = 0 if j-th prime appears to an even power (including zero).

7 Prabhas Chongstitvatana7 2 3 5 7 11 13 17 1 1 0 0 1 0 0 1 0 1 0 0 1 1 1 0 0 1 0 1 0 0 1 1 0 0 0 1 1 0 1 0 1 0 0 1 1 0 0 0 1 1 0 1 0 1 0 0 0 0 0 0 0 1 1 0 1234567812345678 M = y1 = 1650 = 2 x 3 x 5 2 x 11 y2 = 2210 = 2 x 5 x 13 x 17

8 Prabhas Chongstitvatana8 Matrix M has more rows than columns hence the rows cannot be linearly independent. There exists a nonempty set of rows that add up to the all-zero vector in arithmetic mod 2. (can be found by Gauss-Jordan elimination) There are seven solutions 1,2,4,8 or 1,3,4,5,6,7...

9 Prabhas Chongstitvatana9 1, 2, 4, 8 2 3 5 7 11 13 17 1 1 0 0 1 0 0 1 0 1 0 0 1 1 0 1 1 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0

10 Prabhas Chongstitvatana10 The exponents are necessarily even by construction. A square root can be found. y 1 y 2 y 4 y 8 = 2 6 x 3 4 x 5 4 x 11 2 x 13 2 x 17 2 y 1 y 3 y 4 y 5 y 6 y 7 = 2 8 x 3 10 x 5 4 x 7 2 x 11 2 x 13 2 x 17 2 a = 2 3 x 3 2 x 5 2 x 11 x 13 x 17 mod 2537 = 1973 b = 2455 x 970 x 1458 x 433 mod 2537 = 1127 x1 * x2 * x4 * x8

11 Prabhas Chongstitvatana11 The technique yields a, b in 1..n-1 such that a 2 mod n = b 2 mod n but no quarantee that a != b and a+b != n.

12 Prabhas Chongstitvatana12 The technique yields a, b in 1..n-1 such that a 2 mod n = b 2 mod n but no quarantee that a != b and a+b != n. Choose y1y3y4y5y6y7 It can be proved that this process succeeds with prob. at least 50% a’ = 2 4 x 3 5 x 5 2 x 7 x 11 x 13 x 17 mod 2537 = 1973 b’ = 2455 x 1105 x 1458 x 216 x 80 x 1844 mod 2537 = 1127 But a’ + b’ = n

13 Prabhas Chongstitvatana13 Determine the value of k k large ; higher prob. That x 2 mod n will be k-smooth k small; the faster for testing k-smoothness and factorize k-smooth values.

14 Prabhas Chongstitvatana14 Determine the value of k k large ; higher prob. That x 2 mod n will be k-smooth k small; the faster for testing k-smoothness and factorize k-smooth values. Let L = e^ sqrt( log n log log n ) let b an arbitrary positive real number let t = L 1/2 b

15 Prabhas Chongstitvatana15 If k ~ L b, about one x in t is such that x 2 mod n is k-smooth. To build M, take k+1 successes (each use k div) The expected number of “trial division” approx. O(t k 2 ) = O(L (1/2b) + 2b ) which minimize at O(L 2 ) when b = 1/2 Find set of rows add to zero take O(k 3 ) = O(L 3b ) (use Gauss-Jordan)

16 Prabhas Chongstitvatana16 Take k ~ sqrt(L), the algorithm splits n after an expected number of divisions that is approx. O(L 2 ). An average 100 decimal digit number L 2 ~ 5 x 10 30 whereas sqrt(n) ~ 7 x 10 49

17 Prabhas Chongstitvatana17 Take k ~ sqrt(L), the algorithm splits n after an expected number of divisions that is approx. O(L 2 ). An average 100 decimal digit number L 2 ~ 5 x 10 30 whereas sqrt(n) ~ 7 x 10 49 Improvement Choose x so that x 2 mod n is more likely to be k- smooth

18 Prabhas Chongstitvatana18 Randomness plays a fundamental role in this algorithm because no deterministic approach for finding so many good x’s has been proved efficient. Other heuristic Choose x slightly larger than sqrt(n) Quadratic sieve Double large prime multiple polynomial variation of quadratic sieve Elliptic curve Number field sieve

Download ppt "Prabhas Chongstitvatana1 Factorizing large integers Finding the unique decomposition of n into a product of prime factors. Factorize(n) if n is prime done."

Similar presentations

AKS Implementation of a Deterministic Primality Algorithm

AKS Implementation of a Deterministic Primality Algorithm
Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Chapter 8 Introduction To Number Theory. Prime Numbers Prime numbers only have divisors of 1 and Prime numbers only have divisors of 1 and self. self.

Chapter 8 Introduction To Number Theory. Prime Numbers Prime numbers only have divisors of 1 and Prime numbers only have divisors of 1 and self. self.
Thinking Mathematically

Thinking Mathematically
Decimals and Fractions

Decimals and Fractions
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Section 5-4 Greatest Common Factor and Least Common Multiple.

Section 5-4 Greatest Common Factor and Least Common Multiple.
Chapter 3 3.5 Primes and Greatest Common Divisors ‒Primes ‒Greatest common divisors and least common multiples 1.

Chapter Primes and Greatest Common Divisors ‒Primes ‒Greatest common divisors and least common multiples 1.
Lesson 1: Factors and Multiples of Whole Numbers

Lesson 1: Factors and Multiples of Whole Numbers
Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Lecture 8: Primality Testing and Factoring Piotr Faliszewski
Basic properties of the integers

Basic properties of the integers
Foundations of Network and Computer Security J J ohn Black Lecture #7 Sep 14 th 2004 CSCI 6268/TLEN 5831, Fall 2004.

Foundations of Network and Computer Security J J ohn Black Lecture #7 Sep 14 th 2004 CSCI 6268/TLEN 5831, Fall 2004.
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel:03- 5742968, Fax : 886-3-572-3694.

1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
Zeros of Polynomial Functions Section 2.5. Objectives Use the Factor Theorem to show that x-c is a factor a polynomial. Find all real zeros of a polynomial.

Zeros of Polynomial Functions Section 2.5. Objectives Use the Factor Theorem to show that x-c is a factor a polynomial. Find all real zeros of a polynomial.
Discrete Log 1 Discrete Log. Discrete Log 2 Discrete Logarithm  Discrete log problem:  Given p, g and g a (mod p), determine a o This would break Diffie-Hellman.

Discrete Log 1 Discrete Log. Discrete Log 2 Discrete Logarithm  Discrete log problem:  Given p, g and g a (mod p), determine a o This would break Diffie-Hellman.

Similar presentations

Ads by Google