Presentation is loading. Please wait.

Presentation is loading. Please wait.

6.4 Factoring.

Published byMorgan Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "6.4 Factoring."— Presentation transcript:

1 6.4 Factoring

2 1. The Pollard’s p-1 algorithm
input: an integer n , and a prespecified “bound” B output:factors of n

3 Why? Suppose p is a prime divisor of n, and suppose that
q <= B for every prime power q|(p-1). Then (p-1)|B! At the end of for loop, we have a=2B! mod n Now 2p-1=1 mod p (by Fermat’s little Thm) Since (p-1)|B!, it follows a=2B! =1 mod p and hence p|(a-1). Since we also have p|n, d=gcd(a-1, n) will be a non-trivial divisor of n (unless a=1).

4 E.g. n= , B=180 a = 2180! = D = gcd(a-1, n) = In fact, the complete factorization of n into primes is = x The factorization succeeds because has only “small” prime factors: = 2 x 3 x 131 x 173

5 2. The Pollard’s rho algorithm
input: an integer n output:factors of n (1) Selecting a “random” function f with integer coefficients , and any Begin with x=x0 and y=y0. (2) Repeat the two calculations until d=gcd(x-y,n)>1. (3) Do the following compare 3.1 If d<n, we have succeeded. 3.2 If d=n, the method is failed. Goto (1). (*) A typical choice of f(x)=x2+1, with a seed x0=2.

6 Complexity of rho method
We expect this method to use the function f at most E.g:n=551, f(x)=x2+1 mod 551 and x0=2. 5 26 126 449 240 1 19

7 3. Dixon’s random squares algorithm
The idea is to locate with if gcd(x+y,n) is a nontrivial factor of n. (Why?) since n|(x-y)(x+y) but neither of x-y or x+y is divisible by n. Eg. n=15, x=2, y=7 (22=72 mod 15) => gcd(2+7,15)=3 is a nontrivial factor of n. Eg. n=77, x=10, y=32 (102=322 mod 77) => gcd(10+32,77)=7 is a nontrivial factor of n.

8 factor base and pt-smooth
A factor base B={p1, p2,…,pt} consisting of the first t primes is selected. If b factors over B, b is said to be pt-smooth. Eg:B={2,3,5}, b=23*56 is 5-smooth; b=23*76 is not 5-smooth. We may include -1 in B to handle the negative b B={p0, p1, p2,…,pt}, with p0=-1.

9 Algorithm input: a composite integer n and factor base B= {p1, p2,…,pt} output:factors of n (1) Suppose t+1 pairs (ai, bi=ai2 mod n) are obtained, where bi is pt-smooth over B and the factorizations are given by (2) A set S is to be selected so that has only even powers of primes appearing. (3) Let , and do the following compare 3.1 If 3.2 If

10 Eg :n=10057, t=5, B={2,3,5,7,11} 1 2 231 1018 968 2*509 (discard!) 23*112 25*32*11 105 115 3168 3 4 5 1006 6336 8800 26*32*11 25*52*11 2*32*72 3010 4014 882 6 28*11 4023 2816 If S={4,5,6}, then x=3010*4014*4023 mod n=2748 y=27*3*5*7*11 mod n=7042 Since , we obtain a nontrivial factor gcd(x+y,n)=89, and 10057=89*113. If S={1,5}, then x=105*4014 mod n=9133 and y=22*3*7*11=924. Unfortunately, , and no useful information is obtained.

11 Eg :n= , t=6, B={2,3,5,7,11, 13} = 3*7 (mod n) = 2*7*13 (mod n) = 2*3*13 (mod n) ( * * )2 = (2*3*7*13)2 (mod n) = 5462 (mod n) gcd( –546, )=115759 to find the factor of n

12 Improvements: We may include -1 in B to handle the negative b
B={p0, p1, p2,…,pt}, with p0=-1. Define Let ai=z+m and bi= q(z) = ai2 - kn for z=0,1,-1,2,-2, … k=1,2, …

13 Quadratic sieve algorithm (simple version)
input: a composite integer n output:factors of n (1) choose a suitable P and construct a factor base (2) Define (3) Let ai=z+m and bi=q(z)=ai2-n for z=0,1,-1,2,-2,… A set S is to be selected so that has only even powers of primes appearing. (4) Let , and do the following

14

15 Eg :n=10057 If S={1}, then x=101 and y= =22*3.
-1 1 100 -57 -256 -3*19 -28 24*32 99 101 144 -3 5 97 -648 968 -23*34 23*112 105 If S={1}, then x=101 and y= =22*3. Since , we obtain a nontrivial factor gcd(x+y,n)=113, and 10057=89*113. If S={-1,-3, 5}, then x=99*97*105 and y=27*32*11. Unfortunately, , and no useful information is obtained.

16 4. Factoring algorithms in practice
(Asymptotic running times) 1. Quadratic sieve 2. Elliptic curve (p is the smallest prime factor of n) 3. Number field sieve

17 The RSA Challenge http://www.rsa.com/rsalabs/node.asp?id=2092
RSA-640 is factored! (11/2/2005) (193 digits) RSA-200 is factored! (5/9/2005) (663 bits) RSA-576 is factored! (12/3/2003) (174 digits) RSA-160 is factored! (1/6/2003) (530 bits) RSA-155 is factored! (8/22/1999) (512 bit) RSA-140 is factored! (2/2/1999)

Download ppt "6.4 Factoring."

Similar presentations

Integer Factorization By: Josh Tuggle & Kyle Johnson.

Integer Factorization By: Josh Tuggle & Kyle Johnson.
Prime recognition and factorization

Prime recognition and factorization
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.
Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou
Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Lecture 8: Primality Testing and Factoring Piotr Faliszewski
COM 5336 Cryptography Lecture 7a Primality Testing

COM 5336 Cryptography Lecture 7a Primality Testing
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.

Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.
and Factoring Integers (I)

and Factoring Integers (I)
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
Probabilistic Complexity. Probabilistic Algorithms Def: A probabilistic Turing Machine M is a type of non- deterministic TM, where each non-deterministic.

Probabilistic Complexity. Probabilistic Algorithms Def: A probabilistic Turing Machine M is a type of non- deterministic TM, where each non-deterministic.
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
CSE115/ENGR160 Discrete Mathematics 03/17/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 03/17/11 Ming-Hsuan Yang UC Merced 1.
Discrete Log 1 Discrete Log. Discrete Log 2 Discrete Logarithm  Discrete log problem:  Given p, g and g a (mod p), determine a o This would break Diffie-Hellman.

Discrete Log 1 Discrete Log. Discrete Log 2 Discrete Logarithm  Discrete log problem:  Given p, g and g a (mod p), determine a o This would break Diffie-Hellman.
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Similar presentations

Ads by Google