General number field sieve - Knowledge (XXG)

1102: 332: 386:. Since these numbers are smaller, they are more likely to be smooth than the numbers inspected in previous algorithms. This is the key to the efficiency of the number field sieve. In order to achieve this speed-up, the number field sieve has to perform computations and factorizations in 946: 747: 87: 1700:

developed a faster implementation of final processing as part of msieve, which is in the public domain. Both implementations feature the ability to be distributed among several nodes in a cluster with a sufficiently fast interconnect.

1621:

One such method was suggested by Murphy and Brent; they introduce a two-part score for polynomials, based on the presence of roots modulo small primes and on the average value that the polynomial takes over the sieving area.

1476: 1475:, with a "square root" which also can be computed. It should be remarked that the use of Gaussian elimination does not give the optimal run time of the algorithm. Instead, sparse matrix solving algorithms such as 2535: 570: 92: 796: 2539: 1020: 565: 2047: 327:{\displaystyle {\begin{aligned}&\exp \left(\left((64/9)^{1/3}+o(1)\right)\left(\log n\right)^{1/3}\left(\log \log n\right)^{2/3}\right)\\={}&L_{n}\left\end{aligned}}} 1086: 1051: 784: 471: 2080: 1550:, and these homomorphisms will map each "square root" (typically not represented as a rational number) into its integer representative. Now the product of the factors 1610:

The choice of polynomial can dramatically affect the time to complete the remainder of the algorithm. The method of choosing polynomials based on the expansion of

2595: 2404: 2040: 1708:

software written by Kleinjung, or by msieve, and lattice sieving by GPL software written by Franke and Kleinjung; these are distributed in GGNFS.

2272: 1804: 382:(see below). The general number field sieve, on the other hand, manages to search for smooth numbers that are subexponential in the size of 2214: 2033: 2143: 2320: 349:: while the latter can only factor numbers of a certain special form, the general number field sieve can factor any number apart from 2118: 2013: 1735:(which contains final-processing code, a polynomial selection optimized for smaller numbers and an implementation of the line sieve) 1142: 1693: 2229: 2267: 2204: 2148: 2111: 2409: 2300: 2219: 2209: 1124: 63: 2085: 2237: 2490: 1390:, and we have a better chance for them to be smooth at the same time. The current best-known approach for this search is 2485: 2414: 2315: 2452: 2366: 1863: 356:

The principle of the number field sieve (both special and general) can be understood as an improvement to the simpler

1120: 951:

The product of any two such values can be computed by taking the product as polynomials, then reducing any powers of

2531: 2521: 2480: 2256: 2224: 2095: 1750: 1670: 941:{\displaystyle a_{k-1}r^{k-1}+\cdots +a_{1}r^{1}+a_{0}r^{0},{\text{ where }}a_{0},\ldots ,a_{k-1}\in \mathbb {Q} .} 346: 2516: 2457: 1480: 1964: 2419: 2292: 2138: 2090: 390:. This results in many rather complicated aspects of the algorithm, as compared to the simpler rational sieve. 1677:. A project called NFSNET ran from 2002 through at least 2007. It used volunteer distributed computing on the 742:{\displaystyle {\begin{aligned}(a+bi)(c+di)&=ac+(ad+bc)i+(bd)i^{2}\\&=(ac-bd)+(ad+bc)i.\end{aligned}}} 985: 2434: 2325: 1587: 2545: 2495: 2475: 1186: 1175: 976: 753: 43: 2001:(eds.). "The development of the number field sieve". Lecture Notes in Math. (1993) 1554. Springer-Verlag. 1207:. An optimal strategy for choosing these polynomials is not known; one simple method is to pick a degree 1112: 2196: 2171: 2100: 1697: 1626: 51: 2555: 1618:

shown above is suboptimal in many practical situations, leading to the development of better methods.

2550: 2442: 2424: 2399: 2361: 2105: 1878: 1398: 1938: 1844: 2560: 2526: 2447: 2351: 2310: 2305: 2282: 2186: 1692:

Until 2007, the gold-standard implementation was a suite of software developed and distributed by

1562:

can be obtained as a square in two ways—one for each homomorphism. Thus, one can find two numbers

2391: 2338: 2335: 2176: 2075: 1674: 1526: 1201: 1194: 2132: 2125: 2511: 2467: 2181: 2158: 2009: 1800: 1696:

in the Netherlands, which was available only under a relatively restrictive license. In 2007,

1413:

of squares in our number fields, but that condition can be achieved by this method too. Each

1060: 1025: 758: 454: 967:

as described above, yielding a value in the same form. To ensure that this field is actually

2356: 1886: 1454: 1054: 980: 2346: 2245: 1998: 1391: 1190: 1057:

with integer coefficients. In some cases, this ring of integers is equivalent to the ring

361: 1882: 1821: 2376: 2277: 2262: 2166: 2067: 2005: 1770: 1686: 787: 357: 338: 1409:

to be squares at the same time. A slightly stronger condition is needed—that they are

2589: 2371: 2056: 1994: 1669:

Some implementations focus on a certain smaller class of numbers. These are known as

1367: 369: 31: 2381: 1774: 1722: 1717: 1682: 1503: 971:-dimensional and does not collapse to an even smaller field, it is sufficient that 438: 387: 1891: 17: 1449:, with a "square root" which can be determined (as a product of known factors in 350: 2025: 1913: 1410: 1156: 342: 2059: 2008:. Prime Numbers: A Computational Perspective (2001). 2nd edition, Springer. 59: 47: 2022:

Matthew E. Briggs: An Introduction to the General Number Field Sieve, 1998

1732: 1678: 1394:; to get acceptable yields, it is necessary to use a large factor base. 1712: 1968: 1216: 1582:

and again with probability at least one half we get a factor of

2029: 1705: 1095: 1918:

Presentation at EIDMA-CWI Workshop on Factoring Large Numbers

1864:"On polynomial selection for the general number field sieve" 1727: 1942: 1625:

The best reported results were achieved by the method of

506:. This equation can be used to reduce away any powers of 378:. The size of these values is exponential in the size of 1431:

and hence that the product of the corresponding factors

2576:

indicate that algorithm is for numbers of special forms

1738: 1651:

composed of small prime factors congruent to 1 modulo 2

1351:) is an integer. The goal is to find integer values of 1246:) as the polynomial with the smallest coefficients and 1185:

are chosen, which have integer coefficients, which are

1063: 1028: 988: 761: 457: 404:

or the number of bits in the binary representation of

364:. When using such algorithms to factor a large number 1822:"On quadratic polynomials for the number field sieve" 1117:. In particular, there are no examples or pseudocode. 799: 568: 90: 2016:. Section 6.2: Number field sieve, pp. 278–301. 1453:)—it will typically be represented as an irrational 2504: 2466: 2433: 2390: 2334: 2291: 2195: 2157: 2066: 1080: 1045: 1014: 979:over the rationals. Similarly, one may define the 940: 778: 741: 465: 326: 425:. The running time of the number field sieve is 372:(i.e. numbers with small prime factors) of order 1784:. Vol. 43, no. 12. pp. 1473–1485. 1689:and Richard Wackerbarth of Texas were involved. 559:. This allows us to define the complex product: 353:(which are trivial to factor by taking roots). 1704:Polynomial selection is normally performed by 2041: 8: 1211:for a polynomial, consider the expansion of 1123:. There might be a discussion about this on 1370:relative to the chosen basis of primes. If 2048: 2034: 2026: 1826:Australian Computer Science Communications 393:The size of the input to the algorithm is 1890: 1457:. Similarly, the product of the factors 1143:Learn how and when to remove this message 1065: 1064: 1062: 1030: 1029: 1027: 997: 996: 995: 991: 990: 987: 931: 930: 915: 896: 887: 878: 868: 855: 845: 820: 804: 798: 763: 762: 760: 668: 569: 567: 459: 458: 456: 305: 301: 289: 272: 258: 250: 228: 224: 188: 184: 134: 130: 118: 91: 89: 1015:{\textstyle \mathbb {O} _{\mathbb {Q} }} 1762: 752:In general, this leads directly to the 1088:. However, there are many exceptions. 1386:will be small too, about the size of 786:, which can be defined as the set of 498:as a linear combination of powers of 492:, which can be rearranged to express 7: 1862:Kleinjung, Thorsten (October 2006). 427:super-polynomial but sub-exponential 1912:Paul Leyland (December 12, 2003). 1401:, one can get products of certain 25: 2257:Special number field sieve (SNFS) 2251:General number field sieve (GNFS) 1820:Murphy, B.; Brent, R. P. (1998), 1657:and over leading coefficients of 2596:Integer factorization algorithms 1941:. April 23, 2007. Archived from 1673:techniques, such as used in the 1397:Having enough such pairs, using 1265:Consider the number field rings 1100: 368:, it is necessary to search for 345:. It is a generalization of the 1846:On RSA 200 and larger projects 1311:are integers, then so will be 1303:with integer coefficients, if 1193:, and which, when interpreted 1075: 1069: 1040: 1034: 1007: 1001: 773: 767: 726: 708: 702: 684: 661: 652: 643: 625: 606: 591: 588: 573: 298: 283: 156: 150: 127: 112: 1: 1892:10.1090/S0025-5718-06-01870-9 1287:are roots of the polynomials 2215:Lenstra elliptic curve (ECM) 1230:) for a number of different 550: + 1 = 0 473:(the rational numbers), and 1661:which are divisible by 60. 1606:Improving polynomial choice 408:. Any element of the order 2612: 2522:Exponentiation by squaring 2205:Continued fraction (CFRAC) 1871:Mathematics of Computation 1751:Special number field sieve 1671:special number field sieve 1222:(allowing digits between − 436: 429:in the size of the input. 347:special number field sieve 36:general number field sieve 2569: 1795:Ribenboim, Paulo (1972). 1405:and of the corresponding 1359:that simultaneously make 1081:{\textstyle \mathbb {Z} } 1046:{\textstyle \mathbb {Q} } 779:{\textstyle \mathbb {Q} } 466:{\textstyle \mathbb {Q} } 66:for factoring an integer 1914:"NFSNET: the first year" 1200:, have a common integer 451:-degree polynomial over 2435:Greatest common divisor 1588:greatest common divisor 27:Factorization algorithm 2546:Modular exponentiation 1799:. Wiley-Interscience. 1775:"A Tale of Two Sieves" 1082: 1047: 1016: 977:irreducible polynomial 942: 780: 754:algebraic number field 743: 541:is the imaginary unit 467: 328: 2273:Shanks's square forms 2197:Integer factorization 2172:Sieve of Eratosthenes 2004:Richard Crandall and 1843:Franke, Jens (2006), 1083: 1048: 1017: 943: 781: 744: 477:is a complex root of 468: 329: 81:bits) is of the form 2551:Montgomery reduction 2425:Function field sieve 2400:Baby-step giant-step 2246:Quadratic sieve (QS) 1647:, and searches over 1399:Gaussian elimination 1113:confusing or unclear 1061: 1026: 986: 797: 759: 566: 455: 88: 2561:Trachtenberg system 2527:Integer square root 2468:Modular square root 2187:Wheel factorization 2139:Quadratic Frobenius 2119:Lucas–Lehmer–Riesel 1945:on October 22, 2007 1939:"Welcome to NFSNET" 1883:2006MaCom..75.2037K 1121:clarify the section 1053:which are roots of 2453:Extended Euclidean 2392:Discrete logarithm 2321:Schönhage–Strassen 2177:Sieve of Pritchard 1999:H. W. Lenstra, Jr. 1877:(256): 2037–2047. 1782:Notices of the AMS 1698:Jason Papadopoulos 1675:Cunningham project 1627:Thorsten Kleinjung 1490:is a root of both 1078: 1043: 1012: 938: 776: 739: 737: 522:. For example, if 463: 418:is exponential in 324: 322: 52:factoring integers 18:Number Field Sieve 2583: 2582: 2182:Sieve of Sundaram 1806:978-0-471-71804-8 1797:Algebraic Numbers 1773:(December 1996). 1327:), which we call 1153: 1152: 1145: 1055:monic polynomials 1022:as the subset of 890: 889: where 16:(Redirected from 2603: 2532:Integer relation 2505:Other algorithms 2410:Pollard kangaroo 2301:Ancient Egyptian 2159:Prime-generating 2144:Solovay–Strassen 2057:Number-theoretic 2050: 2043: 2036: 2027: 1995:Arjen K. Lenstra 1981: 1980: 1978: 1976: 1967:. Archived from 1961: 1955: 1954: 1952: 1950: 1935: 1929: 1928: 1926: 1924: 1909: 1903: 1902: 1900: 1899: 1894: 1868: 1859: 1853: 1852: 1851: 1840: 1834: 1833: 1817: 1811: 1810: 1792: 1786: 1785: 1779: 1767: 1660: 1656: 1650: 1646: 1617: 1613: 1455:algebraic number 1378:are small, then 1148: 1141: 1137: 1134: 1128: 1104: 1103: 1096: 1087: 1085: 1084: 1079: 1068: 1052: 1050: 1049: 1044: 1033: 1021: 1019: 1018: 1013: 1011: 1010: 1000: 994: 981:ring of integers 974: 970: 966: 956: 947: 945: 944: 939: 934: 926: 925: 901: 900: 891: 888: 883: 882: 873: 872: 860: 859: 850: 849: 831: 830: 815: 814: 785: 783: 782: 777: 766: 748: 746: 745: 740: 738: 677: 673: 672: 558: 551: 544: 540: 536: 521: 511: 505: 501: 497: 491: 480: 476: 472: 470: 469: 464: 462: 450: 446: 424: 417: 413: 407: 403: 385: 381: 377: 367: 333: 331: 330: 325: 323: 319: 315: 314: 313: 309: 293: 276: 263: 262: 251: 242: 238: 237: 236: 232: 223: 219: 197: 196: 192: 183: 179: 163: 159: 143: 142: 138: 122: 94: 80: 78: 69: 57: 21: 2611: 2610: 2606: 2605: 2604: 2602: 2601: 2600: 2586: 2585: 2584: 2579: 2565: 2500: 2462: 2429: 2386: 2330: 2287: 2191: 2153: 2126:Proth's theorem 2068:Primality tests 2062: 2054: 2019: 1990: 1985: 1984: 1974: 1972: 1963: 1962: 1958: 1948: 1946: 1937: 1936: 1932: 1922: 1920: 1911: 1910: 1906: 1897: 1895: 1866: 1861: 1860: 1856: 1849: 1842: 1841: 1837: 1819: 1818: 1814: 1807: 1794: 1793: 1789: 1777: 1771:Pomerance, Carl 1769: 1768: 1764: 1759: 1747: 1667: 1665:Implementations 1658: 1652: 1648: 1630: 1629:, which allows 1615: 1611: 1608: 1586:by finding the 1545: 1538: 1506:from the rings 1481:Block Wiedemann 1471:is a square in 1467: 1445:is a square in 1441: 1427: 1392:lattice sieving 1286: 1279: 1149: 1138: 1132: 1129: 1118: 1105: 1101: 1094: 1059: 1058: 1024: 1023: 989: 984: 983: 972: 968: 958: 952: 911: 892: 874: 864: 851: 841: 816: 800: 795: 794: 788:complex numbers 757: 756: 736: 735: 675: 674: 664: 609: 564: 563: 557: = −1 553: 546: 542: 538: 523: 513: 507: 503: 499: 493: 490:) = 0 482: 478: 474: 453: 452: 448: 444: 441: 435: 419: 415: 414:for a constant 409: 405: 398: 394: 383: 379: 373: 365: 362:quadratic sieve 321: 320: 297: 268: 264: 254: 252: 244: 243: 203: 199: 198: 169: 165: 164: 126: 111: 107: 106: 102: 86: 85: 76: 75: 71: 70:(consisting of 67: 55: 28: 23: 22: 15: 12: 11: 5: 2609: 2607: 2599: 2598: 2588: 2587: 2581: 2580: 2578: 2577: 2570: 2567: 2566: 2564: 2563: 2558: 2553: 2548: 2543: 2529: 2524: 2519: 2514: 2508: 2506: 2502: 2501: 2499: 2498: 2493: 2488: 2486:Tonelli–Shanks 2483: 2478: 2472: 2470: 2464: 2463: 2461: 2460: 2455: 2450: 2445: 2439: 2437: 2431: 2430: 2428: 2427: 2422: 2420:Index calculus 2417: 2415:Pohlig–Hellman 2412: 2407: 2402: 2396: 2394: 2388: 2387: 2385: 2384: 2379: 2374: 2369: 2367:Newton-Raphson 2364: 2359: 2354: 2349: 2343: 2341: 2332: 2331: 2329: 2328: 2323: 2318: 2313: 2308: 2303: 2297: 2295: 2293:Multiplication 2289: 2288: 2286: 2285: 2280: 2278:Trial division 2275: 2270: 2265: 2263:Rational sieve 2260: 2253: 2248: 2243: 2235: 2227: 2222: 2217: 2212: 2207: 2201: 2199: 2193: 2192: 2190: 2189: 2184: 2179: 2174: 2169: 2167:Sieve of Atkin 2163: 2161: 2155: 2154: 2152: 2151: 2146: 2141: 2136: 2129: 2122: 2115: 2108: 2103: 2098: 2093: 2091:Elliptic curve 2088: 2083: 2078: 2072: 2070: 2064: 2063: 2055: 2053: 2052: 2045: 2038: 2030: 2024: 2023: 2018: 2017: 2006:Carl Pomerance 2002: 1991: 1989: 1986: 1983: 1982: 1971:on May 9, 2008 1965:"About NFSNET" 1956: 1930: 1904: 1854: 1835: 1812: 1805: 1787: 1761: 1760: 1758: 1755: 1754: 1753: 1746: 1743: 1742: 1741: 1736: 1730: 1725: 1723:factor by gnfs 1720: 1715: 1687:United Kingdom 1666: 1663: 1607: 1604: 1543: 1536: 1525:(the integers 1465: 1439: 1425: 1284: 1277: 1151: 1150: 1108: 1106: 1099: 1093: 1090: 1077: 1074: 1071: 1067: 1042: 1039: 1036: 1032: 1009: 1006: 1003: 999: 993: 957:with exponent 949: 948: 937: 933: 929: 924: 921: 918: 914: 910: 907: 904: 899: 895: 886: 881: 877: 871: 867: 863: 858: 854: 848: 844: 840: 837: 834: 829: 826: 823: 819: 813: 810: 807: 803: 775: 772: 769: 765: 750: 749: 734: 731: 728: 725: 722: 719: 716: 713: 710: 707: 704: 701: 698: 695: 692: 689: 686: 683: 680: 678: 676: 671: 667: 663: 660: 657: 654: 651: 648: 645: 642: 639: 636: 633: 630: 627: 624: 621: 618: 615: 612: 610: 608: 605: 602: 599: 596: 593: 590: 587: 584: 581: 578: 575: 572: 571: 535: + 1 531:) = 512:with exponent 461: 437:Main article: 434: 431: 396: 370:smooth numbers 358:rational sieve 335: 334: 318: 312: 308: 304: 300: 296: 292: 288: 285: 282: 279: 275: 271: 267: 261: 257: 253: 249: 246: 245: 241: 235: 231: 227: 222: 218: 215: 212: 209: 206: 202: 195: 191: 187: 182: 178: 175: 172: 168: 162: 158: 155: 152: 149: 146: 141: 137: 133: 129: 125: 121: 117: 114: 110: 105: 101: 98: 95: 93: 73: 42:) is the most 26: 24: 14: 13: 10: 9: 6: 4: 3: 2: 2608: 2597: 2594: 2593: 2591: 2575: 2572: 2571: 2568: 2562: 2559: 2557: 2554: 2552: 2549: 2547: 2544: 2541: 2537: 2533: 2530: 2528: 2525: 2523: 2520: 2518: 2515: 2513: 2510: 2509: 2507: 2503: 2497: 2494: 2492: 2489: 2487: 2484: 2482: 2481:Pocklington's 2479: 2477: 2474: 2473: 2471: 2469: 2465: 2459: 2456: 2454: 2451: 2449: 2446: 2444: 2441: 2440: 2438: 2436: 2432: 2426: 2423: 2421: 2418: 2416: 2413: 2411: 2408: 2406: 2403: 2401: 2398: 2397: 2395: 2393: 2389: 2383: 2380: 2378: 2375: 2373: 2370: 2368: 2365: 2363: 2360: 2358: 2355: 2353: 2350: 2348: 2345: 2344: 2342: 2340: 2337: 2333: 2327: 2324: 2322: 2319: 2317: 2314: 2312: 2309: 2307: 2304: 2302: 2299: 2298: 2296: 2294: 2290: 2284: 2281: 2279: 2276: 2274: 2271: 2269: 2266: 2264: 2261: 2259: 2258: 2254: 2252: 2249: 2247: 2244: 2242: 2240: 2236: 2234: 2232: 2228: 2226: 2225:Pollard's rho 2223: 2221: 2218: 2216: 2213: 2211: 2208: 2206: 2203: 2202: 2200: 2198: 2194: 2188: 2185: 2183: 2180: 2178: 2175: 2173: 2170: 2168: 2165: 2164: 2162: 2160: 2156: 2150: 2147: 2145: 2142: 2140: 2137: 2135: 2134: 2130: 2128: 2127: 2123: 2121: 2120: 2116: 2114: 2113: 2109: 2107: 2104: 2102: 2099: 2097: 2094: 2092: 2089: 2087: 2084: 2082: 2079: 2077: 2074: 2073: 2071: 2069: 2065: 2061: 2058: 2051: 2046: 2044: 2039: 2037: 2032: 2031: 2028: 2021: 2020: 2015: 2014:0-387-25282-7 2011: 2007: 2003: 2000: 1996: 1993: 1992: 1987: 1970: 1966: 1960: 1957: 1944: 1940: 1934: 1931: 1919: 1915: 1908: 1905: 1893: 1888: 1884: 1880: 1876: 1872: 1865: 1858: 1855: 1848: 1847: 1839: 1836: 1831: 1827: 1823: 1816: 1813: 1808: 1802: 1798: 1791: 1788: 1783: 1776: 1772: 1766: 1763: 1756: 1752: 1749: 1748: 1744: 1740: 1737: 1734: 1731: 1729: 1726: 1724: 1721: 1719: 1716: 1714: 1711: 1710: 1709: 1707: 1702: 1699: 1695: 1690: 1688: 1684: 1680: 1676: 1672: 1664: 1662: 1655: 1645: 1642: + 1641: 1637: 1633: 1628: 1623: 1619: 1605: 1603: 1601: 1598: − 1597: 1593: 1589: 1585: 1581: 1578:divisible by 1577: 1574: − 1573: 1569: 1565: 1561: 1557: 1554: − 1553: 1549: 1542: 1535: 1532:), which map 1531: 1530: 1524: 1521: 1517: 1513: 1509: 1505: 1504:homomorphisms 1501: 1497: 1493: 1489: 1484: 1482: 1478: 1477:Block Lanczos 1474: 1470: 1464: 1461: − 1460: 1456: 1452: 1448: 1444: 1438: 1435: − 1434: 1430: 1424: 1421: − 1420: 1417:is a norm of 1416: 1412: 1408: 1404: 1400: 1395: 1393: 1389: 1385: 1381: 1377: 1373: 1369: 1366: 1362: 1358: 1354: 1350: 1346: 1342: 1338: 1334: 1331:. Similarly, 1330: 1326: 1322: 1318: 1314: 1310: 1306: 1302: 1299:is of degree 1298: 1294: 1290: 1283: 1276: 1272: 1268: 1263: 1261: 1258: − 1257: 1253: 1249: 1245: 1241: 1237: 1233: 1229: 1225: 1221: 1220: 1214: 1210: 1206: 1203: 1199: 1198: 1192: 1188: 1184: 1180: 1177: 1173: 1169: 1165: 1161: 1158: 1147: 1144: 1136: 1126: 1125:the talk page 1122: 1116: 1114: 1109:This section 1107: 1098: 1097: 1091: 1089: 1072: 1056: 1037: 1004: 982: 978: 965: 961: 955: 935: 927: 922: 919: 916: 912: 908: 905: 902: 897: 893: 884: 879: 875: 869: 865: 861: 856: 852: 846: 842: 838: 835: 832: 827: 824: 821: 817: 811: 808: 805: 801: 793: 792: 791: 789: 770: 755: 732: 729: 723: 720: 717: 714: 711: 705: 699: 696: 693: 690: 687: 681: 679: 669: 665: 658: 655: 649: 646: 640: 637: 634: 631: 628: 622: 619: 616: 613: 611: 603: 600: 597: 594: 585: 582: 579: 576: 562: 561: 560: 556: 549: 534: 530: 526: 520: 516: 510: 496: 489: 485: 440: 433:Number fields 432: 430: 428: 423: 412: 402: 391: 389: 388:number fields 376: 371: 363: 359: 354: 352: 348: 344: 340: 316: 310: 306: 302: 294: 290: 286: 280: 277: 273: 269: 265: 259: 255: 247: 239: 233: 229: 225: 220: 216: 213: 210: 207: 204: 200: 193: 189: 185: 180: 176: 173: 170: 166: 160: 153: 147: 144: 139: 135: 131: 123: 119: 115: 108: 103: 99: 96: 84: 83: 82: 65: 61: 60:Heuristically 53: 49: 45: 41: 37: 33: 32:number theory 19: 2573: 2255: 2250: 2238: 2230: 2149:Miller–Rabin 2131: 2124: 2117: 2112:Lucas–Lehmer 2110: 1973:. Retrieved 1969:the original 1959: 1947:. Retrieved 1943:the original 1933: 1921:. Retrieved 1917: 1907: 1896:. Retrieved 1874: 1870: 1857: 1845: 1838: 1829: 1825: 1815: 1796: 1790: 1781: 1765: 1703: 1691: 1683:Paul Leyland 1668: 1653: 1643: 1639: 1635: 1631: 1624: 1620: 1609: 1599: 1595: 1591: 1583: 1579: 1575: 1571: 1567: 1563: 1559: 1555: 1551: 1547: 1540: 1533: 1528: 1522: 1519: 1515: 1514:to the ring 1511: 1507: 1502:, there are 1499: 1495: 1491: 1487: 1485: 1472: 1468: 1462: 1458: 1450: 1446: 1442: 1436: 1432: 1428: 1422: 1418: 1414: 1406: 1402: 1396: 1387: 1383: 1379: 1375: 1371: 1364: 1360: 1356: 1352: 1348: 1344: 1340: 1336: 1332: 1328: 1324: 1320: 1316: 1312: 1308: 1304: 1300: 1296: 1292: 1288: 1281: 1274: 1270: 1266: 1264: 1259: 1255: 1251: 1247: 1243: 1239: 1235: 1231: 1227: 1223: 1218: 1212: 1208: 1204: 1196: 1182: 1178: 1171: 1167: 1163: 1159: 1154: 1139: 1130: 1119:Please help 1110: 963: 959: 953: 950: 751: 554: 547: 532: 528: 524: 518: 514: 508: 494: 487: 483: 442: 439:Number field 426: 421: 410: 400: 392: 374: 355: 351:prime powers 336: 54:larger than 39: 35: 29: 2405:Pollard rho 2362:Goldschmidt 2096:Pocklington 2086:Baillie–PSW 1483:are used. 1238:, and pick 1187:irreducible 1174:) of small 1157:polynomials 343:L-notations 2517:Cornacchia 2512:Chakravala 2060:algorithms 1988:References 1898:2007-12-13 1115:to readers 790:given by: 502:less than 64:complexity 50:known for 46:classical 2491:Berlekamp 2448:Euclidean 2336:Euclidean 2316:Toom–Cook 2311:Karatsuba 1975:August 9, 1949:August 9, 1923:August 9, 1832:: 199–213 1234:of order 1191:rationals 1189:over the 928:∈ 920:− 906:… 836:⋯ 825:− 809:− 694:− 420:log 214:⁡ 208:⁡ 174:⁡ 100:⁡ 48:algorithm 44:efficient 2590:Category 2458:Lehmer's 2352:Chunking 2339:division 2268:Fermat's 1745:See also 1728:CADO-NFS 1713:NFS@Home 1679:Internet 1614:in base 1295:. Since 1273:, where 1133:May 2021 481:. Then, 443:Suppose 2574:Italics 2496:Kunerth 2476:Cipolla 2357:Fourier 2326:Fürer's 2220:Euler's 2210:Dixon's 2133:Pépin's 1879:Bibcode 1685:of the 1570:, with 1527:modulo 1176:degrees 1111:may be 545:, then 2556:Schoof 2443:Binary 2347:Binary 2283:Shor's 2101:Fermat 2012: 1803: 1739:kmGNFS 1733:msieve 1486:Since 1368:smooth 1166:) and 1092:Method 975:is an 399: 62:, its 34:, the 2377:Short 2106:Lucas 1867:(PDF) 1850:(PDF) 1778:(PDF) 1757:Notes 1718:GGNFS 1411:norms 1254:) as 1217:base 552:, or 447:is a 79:⌋ + 1 2372:Long 2306:Long 2010:ISBN 1997:and 1977:2011 1951:2011 1925:2011 1801:ISBN 1638:) = 1594:and 1566:and 1558:mod 1539:and 1510:and 1498:mod 1494:and 1382:and 1374:and 1363:and 1355:and 1307:and 1291:and 1280:and 1269:and 1226:and 1202:root 1195:mod 1181:and 1155:Two 537:and 341:and 72:⌊log 40:GNFS 2536:LLL 2382:SRT 2241:+ 1 2233:− 1 2081:APR 2076:AKS 1887:doi 1706:GPL 1694:CWI 1590:of 1546:to 1479:or 1215:in 395:log 360:or 337:in 211:log 205:log 171:log 97:exp 30:In 2592:: 2540:KZ 2538:; 1916:. 1885:. 1875:75 1873:. 1869:. 1830:20 1828:, 1824:, 1780:. 1681:. 1640:ax 1602:. 1556:mb 1335:= 1262:. 962:≥ 517:≥ 287:64 116:64 58:. 56:10 2542:) 2534:( 2239:p 2231:p 2049:e 2042:t 2035:v 1979:. 1953:. 1927:. 1901:. 1889:: 1881:: 1809:. 1659:f 1654:d 1649:a 1644:b 1636:x 1634:( 1632:g 1616:m 1612:n 1600:y 1596:x 1592:n 1584:n 1580:n 1576:y 1572:x 1568:y 1564:x 1560:n 1552:a 1548:m 1544:2 1541:r 1537:1 1534:r 1529:n 1523:Z 1520:n 1518:/ 1516:Z 1512:Z 1508:Z 1500:n 1496:g 1492:f 1488:m 1473:Z 1469:b 1466:2 1463:r 1459:a 1451:Z 1447:Z 1443:b 1440:1 1437:r 1433:a 1429:b 1426:1 1423:r 1419:a 1415:r 1407:s 1403:r 1388:m 1384:s 1380:r 1376:b 1372:a 1365:s 1361:r 1357:b 1353:a 1349:b 1347:/ 1345:a 1343:( 1341:g 1339:· 1337:b 1333:s 1329:r 1325:b 1323:/ 1321:a 1319:( 1317:f 1315:· 1313:b 1309:b 1305:a 1301:d 1297:f 1293:g 1289:f 1285:2 1282:r 1278:1 1275:r 1271:Z 1267:Z 1260:m 1256:x 1252:x 1250:( 1248:g 1244:x 1242:( 1240:f 1236:n 1232:m 1228:m 1224:m 1219:m 1213:n 1209:d 1205:m 1197:n 1183:e 1179:d 1172:x 1170:( 1168:g 1164:x 1162:( 1160:f 1146:) 1140:( 1135:) 1131:( 1127:. 1076:] 1073:r 1070:[ 1066:Z 1041:] 1038:r 1035:[ 1031:Q 1008:] 1005:r 1002:[ 998:Q 992:O 973:f 969:k 964:k 960:e 954:r 936:. 932:Q 923:1 917:k 913:a 909:, 903:, 898:0 894:a 885:, 880:0 876:r 870:0 866:a 862:+ 857:1 853:r 847:1 843:a 839:+ 833:+ 828:1 822:k 818:r 812:1 806:k 802:a 774:] 771:r 768:[ 764:Q 733:. 730:i 727:) 724:c 721:b 718:+ 715:d 712:a 709:( 706:+ 703:) 700:d 697:b 691:c 688:a 685:( 682:= 670:2 666:i 662:) 659:d 656:b 653:( 650:+ 647:i 644:) 641:c 638:b 635:+ 632:d 629:a 626:( 623:+ 620:c 617:a 614:= 607:) 604:i 601:d 598:+ 595:c 592:( 589:) 586:i 583:b 580:+ 577:a 574:( 555:i 548:i 543:i 539:r 533:x 529:x 527:( 525:f 519:k 515:e 509:r 504:k 500:r 495:r 488:r 486:( 484:f 479:f 475:r 460:Q 449:k 445:f 422:n 416:c 411:n 406:n 401:n 397:2 384:n 380:n 375:n 366:n 339:O 317:] 311:3 307:/ 303:1 299:) 295:9 291:/ 284:( 281:, 278:3 274:/ 270:1 266:[ 260:n 256:L 248:= 240:) 234:3 230:/ 226:2 221:) 217:n 201:( 194:3 190:/ 186:1 181:) 177:n 167:( 161:) 157:) 154:1 151:( 148:o 145:+ 140:3 136:/ 132:1 128:) 124:9 120:/ 113:( 109:( 104:( 77:n 74:2 68:n 38:( 20:)

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.