Knowledge (XXG)

123: − 1 has at least one large prime factor. Most sufficiently large primes are strong; if a prime used for cryptographic purposes turns out to be non-strong, it is much more likely to be through malice than through an accident of 941: 489: 1930: 1058: 240: 1934: 1442: 135: 322: 1475: 854: 416: 1990: 1799: 1435: 56: 279: − 1 by making it a number with very many prime factors; generally, we take the product of all prime powers less than some limit 1667: 1411: 971: 1609: 1428: 1273: 794: 132: 1538: 1715: 1513: 1662: 1599: 1543: 1506: 1804: 1695: 1614: 1604: 1480: 1632: 1286: 1885: 1880: 1809: 1710: 1309: 100: 1847: 116: 48: 1761: 1926: 1916: 1875: 1651: 1645: 1619: 1490: 181: 160: 1911: 1852: 1814: 1687: 1533: 1485: 124: 1829: 1720: 1397: 259: 1940: 1890: 1870: 848:. After completing the first stage, which is the same as the basic algorithm, instead of computing a new 1591: 1566: 1495: 41: 1950: 290: 1945: 1837: 1819: 1794: 1756: 1500: 1375: 1330: 746: 94: 1955: 1921: 1842: 1746: 1705: 1700: 1677: 1581: 771: 1786: 1733: 1730: 1571: 1470: 1346: 328: 250: 71: 1527: 1520: 112: 1906: 1862: 1576: 1553: 1407: 1197: 1751: 1383: 1338: 1741: 1640: 936:{\displaystyle M'=\prod _{{\text{primes }}q\leq B_{2}}q^{\lfloor \log _{q}B_{2}\rfloor }} 809: = 2 will find a quarter of all 64-bit factors and 1/27 of all 96-bit factors. 1379: 1334: 1771: 1672: 1657: 1561: 1462: 1388: 1359: 1984: 1766: 1451: 1350: 67: 38: 1776: 105: 1276:, use a modified version of the p - 1 algorithm to eliminate potential candidates. 484:{\displaystyle M=\prod _{{\text{primes}}~q\leq B}q^{\lfloor \log _{q}{B}\rfloor }} 51: 1420: 1342: 817: 360: − 1 is divisible by small primes, at which point the Pollard 86: 1454: 70:; the essential observation is that, by working in the multiplicative group 44: 801: − 1 method once the factors are at all large; running the 17: 1321: 774:, the probability that the largest factor of such a number is less than ( 128: 62: 1401: 1265: 1255: 52: 1053:{\displaystyle Q=\prod _{{\text{primes }}q\in (B_{1},B_{2}]}(H^{q}-1)} 1269: 1177: 1406:. Providence, RI: American Mathematical Society. pp. 138–141. 1156: 825:, we require it to have all but one of its factors less than some 1310: 732: 78:, we are also working in the multiplicative groups modulo all of 55: 1424: 782:; so there is a probability of about 3 = 1/27 that a 653: 676: 305: 761:, can be modelled as a random number of size less than  629: 85: 1971: 633:-powersmooth, but in rare cases it could indicate that 1089:. As before, exponentiations can be done modulo  974: 857: 607: 419: 293: 275: 184: 139: 104:— in current recommendations for cryptographic 1258: 1899: 1861: 1828: 1785: 1729: 1686: 1590: 1552: 1461: 1186:will all be relatively small. It is suggested that 1323:Proceedings of the Cambridge Philosophical Society 1052: 935: 641:. Additionally, when the maximum prime factors of 483: 316: 234: 1110:, …} be successive prime numbers in the interval 27:Special-purpose algorithm for factoring integers 376:The basic algorithm can be written as follows: 536:(note: exponentiation can be done modulo  364: − 1 algorithm simply returns 348:It is possible that for all the prime factors 1436: 821: − 1 has all its factors less than 518:= 2, random selection here is not imperative) 235:{\displaystyle a^{K(p-1)}\equiv 1{\pmod {p}}} 8: 1358:Montgomery, P. L.; Silverman, R. D. (1990). 928: 902: 476: 455: 1443: 1429: 1421: 832:, and the remaining factor less than some 1387: 1035: 1017: 1004: 986: 985: 973: 922: 909: 901: 889: 874: 873: 856: 729:Since 1 < 13 < 299, thus return 13. 471: 462: 454: 431: 430: 418: 308: 304: 298: 292: 216: 189: 183: 155:be a composite integer with prime factor 1302: 1245:, saving the need for exponentiations. 57:algebraic-group factorisation algorithm 656:The running time of this algorithm is 1085:produces a nontrivial factor of  7: 1274:Great Internet Mersenne Prime Search 93: − 1 is two times a 224: 805: − 1 method up to 514:is odd, then we can always select 498:randomly pick a positive integer, 272:will be divisible by that factor. 131:by the cryptography industry: the 127:. This terminology is considered 25: 1652:Special number field sieve (SNFS) 1646:General number field sieve (GNFS) 1389:10.1090/S0025-5718-1990-1011444-3 778: − 1) is roughly 1991:Integer factorization algorithms 1229:) can be stored in a table, and 757:is the smallest prime factor of 684:If we want to factor the number 317:{\displaystyle x^{w}{\bmod {n}}} 163:, we know that for all integers 287:, and repeatedly replace it by 217: 1272:, the official clients of the 1047: 1028: 1023: 997: 637:had a small order modulo  228: 218: 205: 193: 171:and for all positive integers 35: − 1 algorithm 1: 491:(note: explicitly evaluating 1610:Lenstra elliptic curve (ECM) 1262: − 1 method. 790:will yield a factorisation. 753: − 1, where 117:necessary but not sufficient 797:is faster than the Pollard 591:and go to step 2 or return 571:and go to step 2 or return 506:(note: we can actually fix 2007: 1917:Exponentiation by squaring 1600:Continued fraction (CFRAC) 1368:Mathematics of Computation 407:select a smoothness bound 372:Algorithm and running time 1964: 1360:"An FFT extension to the 1343:10.1017/S0305004100049252 1312:, RSA Laboratories (2007) 393:: a nontrivial factor of 89:, being primes for which 66: − 1, is 1364:− 1 factoring algorithm" 1225:, … (mod  340:is not equal to 1. 125:random number generation 1830:Greatest common divisor 1398:Samuel S. Wagstaff, Jr. 1207:. Hence, the values of 645:for each prime factors 283:. Start with a random 161:Fermat's little theorem 1941:Modular exponentiation 1054: 937: 587:then select a smaller 502:, which is coprime to 485: 318: 236: 1668:Shanks's square forms 1592:Integer factorization 1567:Sieve of Eratosthenes 1055: 938: 795:elliptic curve method 567:then select a larger 495:may not be necessary) 486: 319: 237: 42:integer factorization 1946:Montgomery reduction 1820:Function field sieve 1795:Baby-step giant-step 1641:Quadratic sieve (QS) 1403:The Joy of Factoring 972: 855: 739:Methods of choosing 417: 387:: a composite number 291: 182: 95:Sophie Germain prime 1956:Trachtenberg system 1922:Integer square root 1863:Modular square root 1582:Wheel factorization 1534:Quadratic Frobenius 1514:Lucas–Lehmer–Riesel 1380:1990MaCom..54..839M 1335:1974PCPS...76..521P 672:; larger values of 74:a composite number 1848:Extended Euclidean 1787:Discrete logarithm 1716:Schönhage–Strassen 1572:Sieve of Pritchard 1050: 1027: 933: 896: 619:-powersmooth. If 481: 449: 314: 249:is congruent to 1 232: 1978: 1977: 1577:Sieve of Sundaram 1413:978-1-4704-1048-3 1235:be computed from 989: 981: 877: 869: 813:Two-stage variant 793:In practice, the 438: 434: 426: 16:(Redirected from 1998: 1927:Integer relation 1900:Other algorithms 1805:Pollard kangaroo 1696:Ancient Egyptian 1554:Prime-generating 1539:Solovay–Strassen 1452:Number-theoretic 1445: 1438: 1431: 1422: 1417: 1393: 1391: 1374:(190): 839–854. 1354: 1313: 1307: 1244: 1234: 1224: 1218: 1212: 1206: 1176: 1165: 1127: 1084: 1072: 1059: 1057: 1056: 1051: 1040: 1039: 1026: 1022: 1021: 1009: 1008: 990: 987: 964: 942: 940: 939: 934: 932: 931: 927: 926: 914: 913: 895: 894: 893: 878: 875: 865: 847: 769: 768: 671: 628: 606: 586: 566: 553: 535: 490: 488: 487: 482: 480: 479: 475: 467: 466: 448: 436: 435: 432: 344:Multiple factors 339: 323: 321: 320: 315: 313: 312: 303: 302: 271: 241: 239: 238: 233: 231: 209: 208: 39:number theoretic 21: 2006: 2005: 2001: 2000: 1999: 1997: 1996: 1995: 1981: 1980: 1979: 1974: 1960: 1895: 1857: 1824: 1781: 1725: 1682: 1586: 1548: 1521:Proth's theorem 1463:Primality tests 1457: 1449: 1414: 1396: 1357: 1320: 1317: 1316: 1308: 1304: 1299: 1283: 1251: 1249:Implementations 1236: 1230: 1220: 1214: 1208: 1205: 1195: 1187: 1185: 1175: 1167: 1163: 1157: 1155: 1145: 1136: 1125: 1118: 1111: 1109: 1102: 1074: 1064: 1031: 1013: 1000: 970: 969: 954: 952: 918: 905: 897: 885: 858: 853: 852: 846: 839: 833: 831: 815: 772:Dixon's theorem 764: 762: 744: 682: 657: 620: 601: 578: 561: 544: 522: 458: 450: 415: 414: 374: 346: 329: 294: 289: 288: 258: 185: 180: 179: 149: 28: 23: 22: 15: 12: 11: 5: 2004: 2002: 1994: 1993: 1983: 1982: 1976: 1975: 1973: 1972: 1965: 1962: 1961: 1959: 1958: 1953: 1948: 1943: 1938: 1924: 1919: 1914: 1909: 1903: 1901: 1897: 1896: 1894: 1893: 1888: 1883: 1881:Tonelli–Shanks 1878: 1873: 1867: 1865: 1859: 1858: 1856: 1855: 1850: 1845: 1840: 1834: 1832: 1826: 1825: 1823: 1822: 1817: 1815:Index calculus 1812: 1810:Pohlig–Hellman 1807: 1802: 1797: 1791: 1789: 1783: 1782: 1780: 1779: 1774: 1769: 1764: 1762:Newton-Raphson 1759: 1754: 1749: 1744: 1738: 1736: 1727: 1726: 1724: 1723: 1718: 1713: 1708: 1703: 1698: 1692: 1690: 1688:Multiplication 1684: 1683: 1681: 1680: 1675: 1673:Trial division 1670: 1665: 1660: 1658:Rational sieve 1655: 1648: 1643: 1638: 1630: 1622: 1617: 1612: 1607: 1602: 1596: 1594: 1588: 1587: 1585: 1584: 1579: 1574: 1569: 1564: 1562:Sieve of Atkin 1558: 1556: 1550: 1549: 1547: 1546: 1541: 1536: 1531: 1524: 1517: 1510: 1503: 1498: 1493: 1488: 1486:Elliptic curve 1483: 1478: 1473: 1467: 1465: 1459: 1458: 1450: 1448: 1447: 1440: 1433: 1425: 1419: 1418: 1412: 1394: 1355: 1329:(3): 521–528. 1315: 1314: 1301: 1300: 1298: 1295: 1294: 1293: 1282: 1279: 1278: 1277: 1263: 1250: 1247: 1203: 1191: 1181: 1171: 1161: 1150: 1141: 1132: 1123: 1116: 1107: 1100: 1061: 1060: 1049: 1046: 1043: 1038: 1034: 1030: 1025: 1020: 1016: 1012: 1007: 1003: 999: 996: 993: 984: 980: 977: 950: 944: 943: 930: 925: 921: 917: 912: 908: 904: 900: 892: 888: 884: 881: 872: 868: 864: 861: 844: 837: 829: 814: 811: 743: 737: 736: 735: 734: 733: 730: 727: 713: 706: 699: 681: 678: 598: 597: 596: 595: 575: 558: 541: 519: 496: 478: 474: 470: 465: 461: 457: 453: 447: 444: 441: 429: 425: 422: 411: 402: 401: 388: 373: 370: 345: 342: 311: 307: 301: 297: 243: 242: 230: 227: 223: 220: 215: 212: 207: 204: 201: 198: 195: 192: 188: 148: 145: 47:, invented by 26: 24: 14: 13: 10: 9: 6: 4: 3: 2: 2003: 1992: 1989: 1988: 1986: 1970: 1967: 1966: 1963: 1957: 1954: 1952: 1949: 1947: 1944: 1942: 1939: 1936: 1932: 1928: 1925: 1923: 1920: 1918: 1915: 1913: 1910: 1908: 1905: 1904: 1902: 1898: 1892: 1889: 1887: 1884: 1882: 1879: 1877: 1876:Pocklington's 1874: 1872: 1869: 1868: 1866: 1864: 1860: 1854: 1851: 1849: 1846: 1844: 1841: 1839: 1836: 1835: 1833: 1831: 1827: 1821: 1818: 1816: 1813: 1811: 1808: 1806: 1803: 1801: 1798: 1796: 1793: 1792: 1790: 1788: 1784: 1778: 1775: 1773: 1770: 1768: 1765: 1763: 1760: 1758: 1755: 1753: 1750: 1748: 1745: 1743: 1740: 1739: 1737: 1735: 1732: 1728: 1722: 1719: 1717: 1714: 1712: 1709: 1707: 1704: 1702: 1699: 1697: 1694: 1693: 1691: 1689: 1685: 1679: 1676: 1674: 1671: 1669: 1666: 1664: 1661: 1659: 1656: 1654: 1653: 1649: 1647: 1644: 1642: 1639: 1637: 1635: 1631: 1629: 1627: 1623: 1621: 1620:Pollard's rho 1618: 1616: 1613: 1611: 1608: 1606: 1603: 1601: 1598: 1597: 1595: 1593: 1589: 1583: 1580: 1578: 1575: 1573: 1570: 1568: 1565: 1563: 1560: 1559: 1557: 1555: 1551: 1545: 1542: 1540: 1537: 1535: 1532: 1530: 1529: 1525: 1523: 1522: 1518: 1516: 1515: 1511: 1509: 1508: 1504: 1502: 1499: 1497: 1494: 1492: 1489: 1487: 1484: 1482: 1479: 1477: 1474: 1472: 1469: 1468: 1466: 1464: 1460: 1456: 1453: 1446: 1441: 1439: 1434: 1432: 1427: 1426: 1423: 1415: 1409: 1405: 1404: 1399: 1395: 1390: 1385: 1381: 1377: 1373: 1369: 1365: 1363: 1356: 1352: 1348: 1344: 1340: 1336: 1332: 1328: 1324: 1319: 1318: 1311: 1306: 1303: 1296: 1292: 1291:+ 1 algorithm 1290: 1285: 1284: 1280: 1275: 1271: 1267: 1264: 1261: 1257: 1253: 1252: 1248: 1246: 1243: 1239: 1233: 1228: 1223: 1217: 1211: 1202: 1199: 1194: 1190: 1184: 1180: 1174: 1170: 1160: 1153: 1149: 1146: −  1144: 1140: 1137: =  1135: 1131: 1122: 1115: 1106: 1099: 1094: 1092: 1088: 1082: 1078: 1073:and check if 1071: 1067: 1044: 1041: 1036: 1032: 1018: 1014: 1010: 1005: 1001: 994: 991: 982: 978: 975: 968: 967: 966: 965:, we compute 962: 958: 953:and checking 949: 923: 919: 915: 910: 906: 898: 890: 886: 882: 879: 870: 866: 862: 859: 851: 850: 849: 843: 836: 828: 824: 820: 812: 810: 808: 804: 800: 796: 791: 789: 785: 781: 777: 773: 767: 760: 756: 752: 747: 742: 738: 731: 728: 725: 721: 717: 714: 711: 707: 704: 700: 697: 693: 692: 691: 690: 689: 687: 679: 677: 675: 669: 665: 661: 654: 652: 648: 644: 640: 636: 632: 627: 623: 618: 614: 610: 604: 594: 590: 585: 581: 576: 574: 570: 564: 559: 557: 552: 548: 542: 539: 533: 529: 525: 520: 517: 513: 509: 505: 501: 497: 494: 472: 468: 463: 459: 451: 445: 442: 439: 427: 423: 420: 412: 410: 406: 405: 404: 403: 400: 396: 392: 389: 386: 382: 379: 378: 377: 371: 369: 367: 363: 359: 355: 351: 343: 341: 337: 333: 327: 309: 299: 295: 286: 282: 278: 273: 269: 265: 261: 256: 252: 248: 225: 221: 213: 210: 202: 199: 196: 190: 186: 178: 177: 176: 174: 170: 166: 162: 158: 154: 147:Base concepts 146: 144: 142: 138: 134: 130: 126: 122: 118: 114: 111: 107: 106:strong primes 103: 99: 96: 92: 88: 83: 81: 77: 73: 69: 65: 60: 58: 54: 50: 46: 43: 40: 36: 34: 19: 1968: 1650: 1633: 1625: 1624: 1544:Miller–Rabin 1526: 1519: 1512: 1507:Lucas–Lehmer 1505: 1402: 1371: 1367: 1361: 1326: 1322: 1305: 1288: 1259: 1241: 1237: 1231: 1226: 1221: 1215: 1209: 1200: 1192: 1188: 1182: 1178: 1172: 1168: 1158: 1151: 1147: 1142: 1138: 1133: 1129: 1120: 1113: 1104: 1097: 1095: 1090: 1086: 1080: 1076: 1069: 1065: 1062: 988:primes  960: 956: 947: 945: 876:primes  841: 834: 826: 822: 818: 816: 806: 802: 798: 792: 787: 783: 779: 775: 765: 758: 754: 750: 749:Assume that 748: 745: 740: 723: 719: 715: 709: 705:= 2 × 3 × 5. 702: 695: 685: 683: 673: 667: 663: 659: 655: 650: 646: 642: 638: 634: 630: 625: 621: 616: 612: 608: 602: 599: 592: 588: 583: 579: 572: 568: 562: 555: 554:then return 550: 546: 537: 531: 527: 523: 515: 511: 507: 503: 499: 492: 408: 398: 394: 390: 384: 380: 375: 365: 361: 357: 353: 349: 347: 335: 331: 325: 284: 280: 276: 274: 267: 263: 254: 253:a factor of 246: 245:If a number 244: 172: 168: 164: 156: 152: 150: 140: 136: 120: 109: 101: 97: 90: 84: 79: 75: 63: 61: 49:John Pollard 32: 30: 29: 1800:Pollard rho 1757:Goldschmidt 1491:Pocklington 1481:Baillie–PSW 1287:Williams's 334:− 1, 266:− 1, 257:, then the 167:coprime to 87:safe primes 82:s factors. 68:powersmooth 18:Pollard P-1 1912:Cornacchia 1907:Chakravala 1455:algorithms 1297:References 708:We select 694:We select 611:for which 510:, e.g. if 113:ANSI X9.31 31:Pollard's 1886:Berlekamp 1843:Euclidean 1731:Euclidean 1711:Toom–Cook 1706:Karatsuba 1351:122817056 1042:− 995:∈ 983:∏ 929:⌋ 916:⁡ 903:⌊ 883:≤ 871:∏ 786:value of 477:⌋ 469:⁡ 456:⌊ 443:≤ 428:∏ 211:≡ 200:− 115:), it is 45:algorithm 1985:Category 1853:Lehmer's 1747:Chunking 1734:division 1663:Fermat's 1400:(2013). 1281:See also 863:′ 521:compute 129:obsolete 53:integers 1969:Italics 1891:Kunerth 1871:Cipolla 1752:Fourier 1721:Fürer's 1615:Euler's 1605:Dixon's 1528:Pépin's 1376:Bibcode 1331:Bibcode 1266:Prime95 1256:GMP-ECM 763:√ 726:) = 13. 688:= 299. 680:Example 593:failure 573:failure 545:1 < 413:define 399:failure 1951:Schoof 1838:Binary 1742:Binary 1678:Shor's 1496:Fermat 1410:  1349:  1270:MPrime 1164:> 2 1063:where 780:ε 718:= gcd( 666:× log 662:× log 526:= gcd( 437:  433:primes 391:Output 381:Inputs 251:modulo 159:. By 102:unsafe 72:modulo 1772:Short 1501:Lucas 1347:S2CID 1096:Let { 959:− 1, 770:. By 722:− 1, 701:Thus 549:< 530:− 1, 119:that 37:is a 1767:Long 1701:Long 1408:ISBN 1268:and 1254:The 1128:and 1075:gcd( 955:gcd( 946:for 712:= 2. 698:= 5. 330:gcd( 151:Let 110:e.g. 1931:LLL 1777:SRT 1636:+ 1 1628:− 1 1476:APR 1471:AKS 1384:doi 1339:doi 907:log 649:of 643:p-1 615:is 613:p-1 605:= 1 600:If 577:if 565:= 1 560:if 543:if 460:log 397:or 352:of 324:as 306:mod 260:gcd 222:mod 141:p-1 133:ECM 1987:: 1935:KZ 1933:; 1382:. 1372:54 1370:. 1366:. 1345:. 1337:. 1327:76 1325:. 1219:, 1213:, 1198:ln 1196:≤ 1166:, 1154:−1 1119:, 1103:, 1093:. 1079:, 1068:= 840:≫ 658:O( 624:= 582:= 383:: 368:. 356:, 175:: 143:. 80:N' 59:. 1937:) 1929:( 1634:p 1626:p 1444:e 1437:t 1430:v 1416:. 1392:. 1386:: 1378:: 1362:P 1353:. 1341:: 1333:: 1289:p 1260:p 1242:H 1240:⋅ 1238:H 1232:H 1227:n 1222:H 1216:H 1210:H 1204:2 1201:B 1193:n 1189:d 1183:n 1179:d 1173:n 1169:d 1162:1 1159:B 1152:n 1148:q 1143:n 1139:q 1134:n 1130:d 1126:] 1124:2 1121:B 1117:1 1114:B 1112:( 1108:2 1105:q 1101:1 1098:q 1091:n 1087:n 1083:) 1081:n 1077:Q 1070:a 1066:H 1048:) 1045:1 1037:q 1033:H 1029:( 1024:] 1019:2 1015:B 1011:, 1006:1 1002:B 998:( 992:q 979:= 976:Q 963:) 961:n 957:a 951:2 948:B 924:2 920:B 911:q 899:q 891:2 887:B 880:q 867:= 860:M 845:1 842:B 838:2 835:B 830:1 827:B 823:B 819:p 807:B 803:p 799:p 788:n 784:B 776:p 766:n 759:n 755:p 751:p 741:B 724:n 720:a 716:g 710:a 703:M 696:B 686:n 674:B 670:) 668:n 664:B 660:B 651:n 647:p 639:n 635:a 631:B 626:n 622:g 617:B 609:p 603:g 589:B 584:n 580:g 569:B 563:g 556:g 551:n 547:g 540:) 538:n 534:) 532:n 528:a 524:g 516:a 512:n 508:a 504:n 500:a 493:M 473:B 464:q 452:q 446:B 440:q 424:= 421:M 409:B 395:n 385:n 366:n 362:p 358:p 354:n 350:p 338:) 336:n 332:x 326:w 310:n 300:w 296:x 285:x 281:B 277:p 270:) 268:n 264:x 262:( 255:n 247:x 229:) 226:p 219:( 214:1 206:) 203:1 197:p 194:( 191:K 187:a 173:K 169:p 165:a 157:p 153:n 137:p 121:p 108:( 98:q 91:p 76:N 64:p 33:p 20:)