Pollards p-1 is an “algebraic-group factoring algorithm” Trial Division is a factoring method involving testing various invented by John Pollard in 1974 and used to find primes less than the largest integer less than the square root of a prime factors of a composite integer n for which p-1 non-prime integer until a factor is found. Participants: Alexander Melton, Peter Rodriguez, Paul Mayer, Brandon Huynh considered “smooth” with respect to a small bound B, In our example, we are testing a composite number “n” and Supervised by: where p is the prime factor. A number is “B-smooth” assigning the square root of n to “b”. We test each consecutive Frank Madrid, Dr. Charles Lam when all of its prime factors are less than B. prime number starting from 2, and output the number if it evenly divides n.
100 Integer/Prime Factorization trialDiv := proc (n) 90 -Breaking down a composite integer into its prime factors, which when local b, i, d; 80 70 multiplied together results in the original number. d := 0; 14 60 -There are several special methods used known as factorization algorithms. b := floor(sqrt(n)); 50 pollPmo := proc (o) x := 1; 40 local a, b, d, l, i; 12 Time (Seconds) Time (Seconds) while x < 2 to b do 30 a := `mod`(rand(), o-2)+1; 20 print(a); 10 x := nextprime(x); 10 Example of Prime Factorization: b := 56; if modp(n,x) = 0 then 0 01234567 d := gcd(a, o); return x, n/x; Fun fact-or: The largest semi prime number 8 Magnitude of Integer if 2 <= d then fi; ever factorized was RSA-768, a 768 bit number Here, each integer and the time it took to find its first non-trivial return d od; Fun fact-or: There is a $200,000 cash prize for the 232 digits long! 6 factor is are plotted. This plot displays how trial division takes 715 else for i from 2 to b do ()Seconds Time end proc; considerably longer each time the number factored is expanded successful factorization of a number known as RSA- if type(i, prime) then another digit and how it is slower than both the other methods. 2048 ( its 617 decimal digits long)! l := floor(ln(o)/ln(i)); 4 The simulation follows an exponential growth curve. It would take over 2,000 years on a 2.2 GHz AMD Opteron processor. a := `mod`(a^(i^l), o); d := gcd(a-1, o); 2 if d = 1 or d = o then print("EPC FAIL") 65 11 0 else return d 0123456789 10 Pros Cons end if Magnitude of Integers (1*10^x) Information about the tests: end if Fun fact-or: Semi-prime end do Works best for smaller numbers Loses efficiency with larger All the tests conducted, while using The relationship between magnitude of numbers. different methods of factoring, use numbers are difficult to end if end proc integers tested and the time in seconds to 88% of all composite numbers The most resource intensive the same procedural method of find. 88% of all integers factor closely follows an exponential growth choosing the numbers to be factored 5 13 11 model; in other words, it takes considerably have a prime factor under 100 procedure for factoring have a factor under 100, to maintain the integrity of the and 92% have a factor longer each time the number is expanded 92% of all composite numbers Takes the most time. experiment. The magnitude of than the previous time. have a prime factor under 1000 integer axis on the graphs, for If you did not know, we are part of the computer science group, under 1000. Therefore, example, represents the range of specifically Explorations in Number Theory (the study of integers) and precautions must be Will always find a prime factor Must check every prime from 2 to random prime numbers p and q Cryptography (the art of studying and writing codes), aka the Krypto-Kids. made to choose semi the square root of the number being chosen by the computer. The range of primes that are not factored x x+1 each is (1*10 …1*10 ). These two made up of smaller, primes are then multiplied together to What do these two completely get the number that will be factored more easily tested Pros Cons by each method (p*q). primes. different subjects have anything to The longer the number, the larger The longer the number, the longer the chance the algorithm will yield the algorithm takes do with each other? a factor Pollard’s Rho Algorithm, invented by John Pollard in 1975, is used to Considerably faster and less Each successive trial takes longer find small, non-trivial factors for composite integers. This is done by resource intensive than Trial and uses more resources creating a function that loops until a collision occurs within itself. A Division collision is defined as an area the function has already encountered. Can be run incrementally for Does not always yield a non-trivial increasing values of “b” prime factor of the original number
Can be modified to find a prime This does require a modification. larger than “B” And a separate algorithm pollRho := proc (m) 10 Factoring large composite numbers into its prime factors has long been a goal of mathematicians. While several methods do exist with local a, b, i, d; 9 a := 2; a variability in the degree of success, no definitive way has emerged as superior to all for factoring each number. Rather, different cases 8 b := 2; require different methods to break these numbers down. 7 for i to infinity do a := mod`(a^2+1, m); 6 Not all large composites (at least 9 digits long) can easily be factored into smaller prime numbers. For example, semi-prime numbers b := mod`(b^2+1, m); 5 b := mod`(b^2+1, m); are difficult to factorize because they are the product of two primes. While testing all primes up to the square root of a number is feasible 4 As one can see, each of the three factoring methods d := gcd(a-b, m); (seconds) Time for smaller numbers, RSA encryption schemes recommend 232 or more digits, a process that can take years with this method, even when if 1 < d and d < m then 3 dis�ussed, Trial Di�isio�, Pollard’s Rho a�d Pollard’s P-1, all return d; 2 using hundreds of computers simultaneously. Therefore other practical methods must be discovered to factor these numbers. elif d = m then 1 have their own unique strengths and weaknesses. Trial return 0; 0 There are two types of factoring methods, general purpose and special purpose. The time taken by general purpose algorithms depends end if; 123456789 10 Di�isio�, for e�a�ple, takes lo�ger tha� �oth Pollard’s Rho end do; Magnitude of Integer solely on the size of the integer to be factored, while that of special purpose algorithms depend on the size of the smallest prime factor. end proc; a�d Pollard’s P-1, however it yields more results. Many The security of many cryptographic systems, such as the RSA encryption/decryption algorithms, depend on factoring large numbers other methods also exist, and many more are currently in due to this difficulty. If a way was produced to easily factor large composites, especially semi-primes, RSA and other such methods would development. Obviously, the need for factoring still be rendered obsolete. Pros Cons re�ai�s, a�d it �ill still re�ai� a �pri�e� goal of �a��
Can yield a number very quickly Can take a very long time to Eve mathematicians. RSA Algorithm: depending on the chosen random yield simple factors based on Key Generation: numbers chosen numbers • Choose 2 large primes (P) and (Q). Alice Bob Considerably more efficient than Will not always yield a prime • Compute n=(p)(q). trial division factor • Compute φ(n)=(p-1)(q-1). • Select a public exponent e, where 1 ≤ e ≤ φ(n) -1 and gcd(e, φ(n))=1. • Random square factoring Offers a good balance between Multiple tests may be • Compute private exponent (d) such that (e)(d)≡1(mod φ(n)). running time and probability of necessary to generate a prime • Alice’s public key is (n,e) and her private key is d. • Quadratic sieve factoring success factor Encryption: Convert message to an integer m, where 1 ≤ m ≤ n. Running multiple tests is easy; • • Number field sieve factoring Compute c=me (mod n). variables can be manipulated easily • • The encrypted message is c. Bob sends c to Alice. Decryption: Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Handbook of Applied d (mod n). • • Compute m’=c Cryptography The decrypted message is m’=m. • • Randall Munroe. XKCD
This material is based upon work supported by the National Science Foundation under Grant No. 1241636. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.