DOCSLIB.ORG

Integer Factorization Algorithms

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

INTEGER FACTORIZATION ALGORITHMS Thesis for a Bachelor’s degree in mathematics Joakim Nilsson Supervisor Examiner Klas Markström Gerold Jäger 0 Integer factorization algorithms Abstrakt Det matematiska området heltalsfaktorisering har kommit en lång väg sedan de tidiga åren av Pierre de Fermat och med enklare algoritmer som utvecklats under det förra seklet med exempel som Trial division och Pollards rho algoritm till de mer komplexa metoderna som det Kvadratiska sållet har vi nu kommit till Det generella talkroppssållet vilket har blivit erkänt som den snabbaste algoritmen för att faktorisera väldigt stora heltal. Idag har forskningen kring heltalsfaktorisering många användningsområden, exempelvis inom säkerhet kring krypteringsmetoder som exempelvis den kända RSA algoritmen. I denna uppsats kommer jag att beskriva och ge exempel på de heltalsfaktoriseringsmetoder som jag nämnt. Jag kommer även att göra en jämförelse av hur snabbheten för Trial division, Pollards rho metod samt Fermats metod. För programmeringen i denna uppsats kommer jag att använda mig av Python. För exemplet med tidskomplexitet kommer jag att använda Wolfram Mathematica. Abstract The mathematical area of integer factorization has gone a long way since the early days of Pierre de Fermat, and with simpler algorithms developed in the last century such as the Trial division and Pollards rho algorithm to the more complex method of the Quadratic sieve algorithm (QS), we have now arrived at the General Number Field Sieve (GNFS) which has been recognized as the fastest integer factorization algorithm for very large numbers. Today the research of integer factorization has many applications, among others in the security systems of encryption methods like the famous RSA algorithm. In this thesis I will describe and give calculated examples of the various integer factorization methods mentioned. I will also make a comparison of the speed of factorization for the Trial division, Pollards rho method and the Fermat method. For the programming part of this thesis I will be using the Python programming language. For the time complexity comparison, I will use Wolfram Mathematica. 1 Table of contents 1.Introduction………………………………………………………………………3 2.Definitions………………………………………………………………………..4 3. Background………………………………………………………………………6 4.Integer factorization……………………………………………………………....9 1. Sieve of Eratosthenes…………………………………………..…………………………10 2. B-smooth numbers………………………………………………………………………..11 5.Trial division…………………………………………………………………….12 1. Time complexity……………………………………………………………………………..12 6.Fermats method………………………………………………………………….14 1. Kraitchik-Fermat method…………………………………………………………………15 7.Pollards rho method………………………………………………………….….17 8.The Quadratic Sieve…………………………………………………………......20 9.The general number field sieve……………………………………………….....23 1. Set up of GNFS……………………………………………………………………….…..24 10. Comparison…………………………………………………………………....26 11. Applications…………………………………………………………………...29 12. Summary………………………………………………………………………31 List of references……………………………………………………………….....34 Appendix………………………………………………………………………….35 2 Chapter 1. Introduction In integer factorization we are trying to write an integer as a product of prime numbers. The study of integer factorization has a very long history and the studies have a wide range of applications. I will in this thesis focus on the applications of integer factorization on the area of cryptography. Although there are many different integer factorization algorithms to choose from, I have chosen to focus on five different integer factorization algorithms. Firstly, I will describe the most fundamental three algorithms that are easy to understand and implement, these are the Trial division method, Fermat’s method and the Pollard rho method. Then I will focus on the more mathematically challenging integer factorization method called Quadratic Sieve that led up to the fastest method today to factorize integers larger than 10100 called the General Number Field Sieve. There are also other factorization methods based on lattice basis reduction such as the Schnorr’s method [푆푐ℎ푛표푟푟, 퐶. 푃] and the continued fraction factorization method, CFRAC [퐿푒ℎ푚푒푟, 퐷. 퐻, 푃표푤푒푟푠, 푅. 퐸] described as early as 1931 and later made into a computer algorithm by Michael A. Morrison and John Brillhart in 1975 [푀표푟푟푖푠표푛. 푀, 퐵푟푖푙푙ℎ푎푟푡. 퐽]. Integer factorization plays an important role in cryptography and I have chosen to particularly focus on the RSA public-key cryptosystem in this thesis. The RSA public-key cryptosystem relies on the difficulty of solving equations of the form 푥푒 ≡ 푐(푚표푑 푁), where now the quantities 푒, 푐 and 푁 are known and 푥 is the unknown [Hoffstein, J. p119]. However, not all numbers are equally difficult to factorize. The most difficult kinds of number to factorize are called semiprimes. We will also see how another special kind of numbers called Carmichael numbers can play an important role when implementing the RSA cryptosystem. In order to fully comprehend this thesis, I will begin with a section of definitions where I will give short explanations needed to fully understand the rest of this thesis. I will also give a short introduction to the various theorems that I will use in this thesis. 3 Chapter 2. Definitions A few commonly used mathematical notations that will be used in this thesis: ℝ: The set of all rational and irrational numbers ℕ: The set of all nonnegative integers 0,1,2, … ℤ: The set of all integers … , −2, −1,0,1,2, … ℚ: The set of all rational numbers, 3/2, -15/3… ∀: For all… ∃: There exists an element… Definition 1. Greatest common divisor: Let a and b be integers, not both zero. The largest positive integer d such that d|a and d|b is called the greatest common divisor of a and b. The greatest common divisor of a and b is denoted by 푔푐푑(푎, 푏). Definition 2. Congruence: If a and b are integers and m is a positive integer, then a is congruent to b modulo m if m divides a-b. We use the notation 푎 ≡ 푏(푚표푑 푚) to indicate that a is congruent to b modulo m. 푎 ≡ 푏(푚표푑 푚) <=> 푚|(푎 − 푏) Definition 3. Semiprimes is a number that is a product of two prime numbers. Examples of two easy semiprimes are 4 = 2 ∗ 2 and 6 = 2 ∗ 3. When these numbers are sufficently large even the fastest prime factorization algorithms will take such a long time to factor that it is infeasible. Definition 4. Polynomial: A function of a single variable 푡 is a polynomial if we can put it in 푛 푛−1 the form 푎푛푡 + 푎푛−1푡 + ⋯ + 푎1푡 + 푎0 where 푎푛, 푎푛−1, … , 푎1, 푎0 are constants [Barbeau, E.J. p1]. Definition 5. Ring: A ring in the mathematical sense is a set S together with two binary operators + and * satisfying the following conditions: 1. Additive associativity: ∀ 푎, 푏, 푐 ∈ 푆, (푎 + 푏) + 푐 = 푎 + (푏 + 푐). 2. Additive commutativity: ∀ 푎, 푏 ∈ 푆, 푎 + 푏 = 푏 + 푎. 3. Additive identity: ∃ an element 0 ∈ 푆, 푠. 푡. ∀푎 ∈ 푆, 0 + 푎 = 푎 + 0 = 푎. 4. Additive inverse: ∀푎 ∈ 푆, ∃ − 푎 ∈ 푆 푠. 푡. 푎 + (−푎) = (−푎) + 푎 = 0. 5. Left and right distributivity: ∀ 푎, 푏, 푐 ∈ 푆, 푎 ∗ (푏 + 푐) = (푎 ∗ 푏) + (푎 ∗ 푐)&(푏 + 푐) ∗ 푎 = (푏 ∗ 푎) + (푐 ∗ 푎). 6. Multiplicative associativity:∀ 푎, 푏, 푐 ∈ 푆, (푎 ∗ 푏) ∗ 푐 = 푎 ∗ (푏 ∗ 푐). Definition 6. Field: A (commutative) ring in which every nonzero element has a multiplicative inverse is called a field [Hoffstein, J, p96]. Definition 7. 풪(푛)-notation: also called the Big O notation, describes the limiting behaviour of a function when the argument tends toward a specific value or towards infinity. for example, 풪(푛2) denotes something that grows as fast as 푛2 when 푛 increases. In complexity theory it is used to describe the effectiveness of algorithms. 4 Definition 8. B-smooth numbers: A positive integer 푛 is said to be y-smooth if it does not have any prime factor exceeding y [Pomerance, C. p48]. Definition 9. Fix an integer 푛. Then an integer 푎 is called a witness for the compositeness of 푛 if 푎푛 ≢ 푎(푚표푑 푛). Definition 10. Continued fraction: An infinite continued fraction is an expression of the form 1 푎0 + 1 푎1+ 1 푎2+ 푎3+⋯ where 푎0, 푎1, 푎2 … ∈ ℤ. 1 A finite continued fraction is an expression of the form [푎0: 푎1, 푎2, … , 푎푛] = 1 푎0+ 1 푎1+ +⋯ 푎2 where 푎0, 푎1 … ∈ ℤ and 푎1, … , 푎푛 being positive. 5 Chapter 3. Background Fundamental Theorem of Arithmetic: 푎1 푎2 푎푘 For each natural number 푛 there is a unique factorization 푛 = 푝1 푝2 … 푝푘 , where exponents 푎푖 are positive integers and 푝1 < 푝2 < ⋯ < 푝푘 are primes. Proof: This theorem can be proven by a false assumption. Assume there are integers that can be represented as a product of primes in more than one way. Let 푛 be such a positive integer and assume there are two ways to represent the integer 푛 as a product of primes, such that: 푝1푝2 … 푝푘 = 푞1푞2 … 푞푖 = 푛. Some of the primes 푝 can then be identical to prime numbers 푞. If we then divide these primes we obtain 푝푖1푝푖2푝푖3 … = 푞푗1푞푗2 푞푗3 = 푚, where no factor of 푝푖푟 = 푞푗푠. Then the prime number 푝푖1 must be a divisor of one of the primes 푞푗푘 since it divides 푚. Since this is impossible the assumption that there were positive integers that could be represented as the product of primes in more than one way was false. Chinese Remainder Theorem: 푟=1 Let 푚0, … , 푚푟−1 be positive, pairwise coprime moduli with product 푀 = ∏푖=0 푚푖. Let 푟 respective residues 푛푖 also be given. Then the system comprising the 푟 relations and inequality 푛 ≡ 푛푖(푚표푑 푚푖), 0 ≤ 푛 < 푀 has a unique solution. Furthermore, this solution is 푟−1 given explicitly by the least nonnegative residue modulo M of ∑푖=0 푛푖푣푖푀푖, where 푀푖 = 푀/푚푖, and the 푣푖 are inverses defined by 푣푖푀푖 ≡ 1(푚표푑 푚푖) [Pomerance, C,p87]. Proof: −1 −1 Let 푝1 = 푝 (푚표푑 푞) and 푞1 = 푞 (푚표푑 푝). This must hold since 푝 and 푞 are coprime. Then we can state that if 푦 is an integer such that 푦 = 푎푞푞1 + 푏푝푝1(푚표푑 푝푞) then 푦 satisfies both of the equations: modulo 푝 we have 푦 = 푎푞푞1 = 푎(푚표푑 푝) since 푞푞1 = 1(푚표푑 푝).
Recommended publications
  • Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster

    Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster

    THE OPEN BOOK SERIES 2 ANTS XIII Proceedings of the Thirteenth Algorithmic Number Theory Symposium Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster msp THE OPEN BOOK SERIES 2 (2019) Thirteenth Algorithmic Number Theory Symposium msp dx.doi.org/10.2140/obs.2019.2.411 Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW-challenge pseudoprimes with two or three prime factors up to 280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n 1 1 .mod n/ so n is a base-2 Fermat pseudoprime, Á (2) .5 n/ 1 so n is not a square modulo 5, and j D (3) Fn 1 0 .mod n/ so n is a Fibonacci pseudoprime, C Á or to prove that no such n exists. We call composites that satisfy these conditions PSW-challenge pseudo- primes. In[PSW80] they credit R. Baillie with the discovery that combining a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test[BW80].
  • The Quadratic Sieve - Introduction to Theory with Regard to Implementation Issues

    The Quadratic Sieve - Introduction to Theory with Regard to Implementation Issues

    The Quadratic Sieve - introduction to theory with regard to implementation issues RNDr. Marian Kechlibar, Ph.D. April 15, 2005 Contents I The Quadratic Sieve 3 1 Introduction 4 1.1 The Quadratic Sieve - short description . 5 1.1.1 Polynomials and relations . 5 1.1.2 Smooth and partial relations . 7 1.1.3 The Double Large Prime Variation . 8 1.1.4 Problems to solve . 10 2 Quadratic Sieve Implementation 12 2.1 The Factor Base . 12 2.2 The sieving process . 15 2.2.1 Interval sieving and solution of polynomials . 16 2.2.2 Practical implementation . 16 2.3 Generation of polynomials . 17 2.3.1 Desirable properties of polynomials . 17 2.3.2 Assessment of magnitude of coecients . 18 2.3.3 MPQS - The Silverman Method . 20 2.3.4 SIQS principle . 21 2.3.5 Desirable properties of b . 22 2.3.6 SIQS - Generation of the Bi's . 23 2.3.7 Generation of b with Gray code formulas . 24 2.3.8 SIQS - General remarks on a determination . 26 2.3.9 SIQS - The bit method for a coecient . 27 2.3.10 SIQS - The Carrier-Wagsta method for a coecient . 28 2.4 Combination of the relations, partial relations and linear algebra 30 2.5 Linear algebra step . 31 2.6 The Singleton Gap . 32 1 3 Experimental Results 36 3.1 Sieving speed - dependence on FB size . 36 3.2 Sieving speed - dependence on usage of 1-partials . 38 3.3 Singletons - dependence on log(N) and FB size . 39 3.4 Properties of the sieving matrices .
  • Primality Testing and Integer Factorisation

    Primality Testing and Integer Factorisation

    Primality Testing and Integer Factorisation Richard P. Brent, FAA Computer Sciences Laboratory Australian National University Canberra, ACT 2601 Abstract The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the Rivest-Shamir-Adelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60-decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several recent algorithms for primality testing and factorisation, give examples of their use and outline some applications. 1. Introduction It has been known since Euclid’s time (though first clearly stated and proved by Gauss in 1801) that any natural number N has a unique prime power decomposition α1 α2 αk N = p1 p2 ··· pk (1.1) αj (p1 < p2 < ··· < pk rational primes, αj > 0). The prime powers pj are called αj components of N, and we write pj kN. To compute the prime power decomposition we need – 1. An algorithm to test if an integer N is prime. 2. An algorithm to find a nontrivial factor f of a composite integer N. Given these there is a simple recursive algorithm to compute (1.1): if N is prime then stop, otherwise 1. find a nontrivial factor f of N; 2.
  • Computing Prime Divisors in an Interval

    Computing Prime Divisors in an Interval

    MATHEMATICS OF COMPUTATION Volume 84, Number 291, January 2015, Pages 339–354 S 0025-5718(2014)02840-8 Article electronically published on May 28, 2014 COMPUTING PRIME DIVISORS IN AN INTERVAL MINKYU KIM AND JUNG HEE CHEON Abstract. We address the problem of finding a nontrivial divisor of a com- posite integer when it has a prime divisor in an interval. We show that this problem can be solved in time of the square root of the interval length with a similar amount of storage, by presenting two algorithms; one is probabilistic and the other is its derandomized version. 1. Introduction Integer factorization is one of the most challenging problems in computational number theory. It has been studied for centuries, and it has been intensively in- vestigated after introducing the RSA cryptosystem [18]. The difficulty of integer factorization has been examined not only in pure factoring situations but also in various modified situations. One such approach is to find a nontrivial divisor of a composite integer when it has prime divisors of special form. These include Pol- lard’s p − 1 algorithm [15], Williams’ p + 1 algorithm [20], and others. On the other hand, owing to the importance and the usage of integer factorization in cryptog- raphy, one needs to examine this problem when some partial information about divisors is revealed. This side information might be exposed through the proce- dures of generating prime numbers or through some attacks against crypto devices or protocols. This paper deals with integer factorization given the approximation of divisors, and it is motivated by the above mentioned research.
  • By Sieving, Primality Testing, Legendre's Formula and Meissel's

    By Sieving, Primality Testing, Legendre's Formula and Meissel's

    Computation of π(n) by Sieving, Primality Testing, Legendre’s Formula and Meissel’s Formula Jason Eisner, Spring 1993 This was one of several optional small computational projects assigned to undergraduate mathematics students at Cambridge University in 1993. I’m releasing my code and writeup in 2002 in case they are helpful to anyone—someone doing research in this area wrote to me asking for them. My linear-time version of the Sieve of Eratosthenes may be original; I have not seen that algorithm anywhere else. But the rest of this work is straightforward implementation and exposition of well-known methods. A good reference is H. Riesel, Prime Numbers and Computer Methods for Factorization. My Common Lisp implementation is in the file primes.lisp. The standard language reference (now available online for free) is Guy L. Steele, Jr., Common Lisp: The Language, 2nd ed., Digital Press, 1990. Note: In my discussion of running time, I have adopted the usual ideal- ization of a machine that can perform addition and multiplication operations in constant time. Real computers obviously fall short of this ideal; for exam- ple, when n and m are represented in base 2 by arbitrary length bitstrings, it takes time O(log n log m) to compute nm. Introduction: In this project we’ll look at several approaches for find- ing π(n), the numberof primes less than n. Each approach has its advan- tages. • Sieving produces a complete list of primes that can be further analyzed. For instance, after sieving, we may easily identify the 8169 pairs of twin primes below 106.
  • Fast Generation of RSA Keys Using Smooth Integers

    Fast Generation of RSA Keys Using Smooth Integers

    1 Fast Generation of RSA Keys using Smooth Integers Vassil Dimitrov, Luigi Vigneri and Vidal Attias Abstract—Primality generation is the cornerstone of several essential cryptographic systems. The problem has been a subject of deep investigations, but there is still a substantial room for improvements. Typically, the algorithms used have two parts – trial divisions aimed at eliminating numbers with small prime factors and primality tests based on an easy-to-compute statement that is valid for primes and invalid for composites. In this paper, we will showcase a technique that will eliminate the first phase of the primality testing algorithms. The computational simulations show a reduction of the primality generation time by about 30% in the case of 1024-bit RSA key pairs. This can be particularly beneficial in the case of decentralized environments for shared RSA keys as the initial trial division part of the key generation algorithms can be avoided at no cost. This also significantly reduces the communication complexity. Another essential contribution of the paper is the introduction of a new one-way function that is computationally simpler than the existing ones used in public-key cryptography. This function can be used to create new random number generators, and it also could be potentially used for designing entirely new public-key encryption systems. Index Terms—Multiple-base Representations, Public-Key Cryptography, Primality Testing, Computational Number Theory, RSA ✦ 1 INTRODUCTION 1.1 Fast generation of prime numbers DDITIVE number theory is a fascinating area of The generation of prime numbers is a cornerstone of A mathematics. In it one can find problems with cryptographic systems such as the RSA cryptosystem.
  • Algorithmic Factorization of Polynomials Over Number Fields

    Algorithmic Factorization of Polynomials Over Number Fields

    Rose-Hulman Institute of Technology Rose-Hulman Scholar Mathematical Sciences Technical Reports (MSTR) Mathematics 5-18-2017 Algorithmic Factorization of Polynomials over Number Fields Christian Schulz Rose-Hulman Institute of Technology Follow this and additional works at: https://scholar.rose-hulman.edu/math_mstr Part of the Number Theory Commons, and the Theory and Algorithms Commons Recommended Citation Schulz, Christian, "Algorithmic Factorization of Polynomials over Number Fields" (2017). Mathematical Sciences Technical Reports (MSTR). 163. https://scholar.rose-hulman.edu/math_mstr/163 This Dissertation is brought to you for free and open access by the Mathematics at Rose-Hulman Scholar. It has been accepted for inclusion in Mathematical Sciences Technical Reports (MSTR) by an authorized administrator of Rose-Hulman Scholar. For more information, please contact [email protected]. Algorithmic Factorization of Polynomials over Number Fields Christian Schulz May 18, 2017 Abstract The problem of exact polynomial factorization, in other words expressing a poly- nomial as a product of irreducible polynomials over some field, has applications in algebraic number theory. Although some algorithms for factorization over algebraic number fields are known, few are taught such general algorithms, as their use is mainly as part of the code of various computer algebra systems. This thesis provides a summary of one such algorithm, which the author has also fully implemented at https://github.com/Whirligig231/number-field-factorization, along with an analysis of the runtime of this algorithm. Let k be the product of the degrees of the adjoined elements used to form the algebraic number field in question, let s be the sum of the squares of these degrees, and let d be the degree of the polynomial to be factored; then the runtime of this algorithm is found to be O(d4sk2 + 2dd3).
  • Primes and Primality Testing

    Primes and Primality Testing

    Primes and Primality Testing A Technological/Historical Perspective Jennifer Ellis Department of Mathematics and Computer Science What is a prime number? A number p greater than one is prime if and only if the only divisors of p are 1 and p. Examples: 2, 3, 5, and 7 A few larger examples: 71887 524287 65537 2127 1 Primality Testing: Origins Eratosthenes: Developed “sieve” method 276-194 B.C. Nicknamed Beta – “second place” in many different academic disciplines Also made contributions to www-history.mcs.st- geometry, approximation of andrews.ac.uk/PictDisplay/Eratosthenes.html the Earth’s circumference Sieve of Eratosthenes 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 Sieve of Eratosthenes We only need to “sieve” the multiples of numbers less than 10. Why? (10)(10)=100 (p)(q)<=100 Consider pq where p>10. Then for pq <=100, q must be less than 10. By sieving all the multiples of numbers less than 10 (here, multiples of q), we have removed all composite numbers less than 100.
  • The Quadratic Sieve Factoring Algorithm

    The Quadratic Sieve Factoring Algorithm

    The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 1 Introduction Mathematicians have been attempting to find better and faster ways to fac- tor composite numbers since the beginning of time. Initially this involved dividing a number by larger and larger primes until you had the factoriza- tion. This trial division was not improved upon until Fermat applied the factorization of the difference of two squares: a2 b2 = (a b)(a + b). In his method, we begin with the number to be factored:− n. We− find the smallest square larger than n, and test to see if the difference is square. If so, then we can apply the trick of factoring the difference of two squares to find the factors of n. If the difference is not a perfect square, then we find the next largest square, and repeat the process. While Fermat's method is much faster than trial division, when it comes to the real world of factoring, for example factoring an RSA modulus several hundred digits long, the purely iterative method of Fermat is too slow. Sev- eral other methods have been presented, such as the Elliptic Curve Method discovered by H. Lenstra in 1987 and a pair of probabilistic methods by Pollard in the mid 70's, the p 1 method and the ρ method. The fastest algorithms, however, utilize the− same trick as Fermat, examples of which are the Continued Fraction Method, the Quadratic Sieve (and it variants), and the Number Field Sieve (and its variants). The exception to this is the El- liptic Curve Method, which runs almost as fast as the Quadratic Sieve.
  • Subclass Discriminant Nonnegative Matrix Factorization for Facial Image Analysis

    Subclass Discriminant Nonnegative Matrix Factorization for Facial Image Analysis

    Pattern Recognition 45 (2012) 4080–4091 Contents lists available at SciVerse ScienceDirect Pattern Recognition journal homepage: www.elsevier.com/locate/pr Subclass discriminant Nonnegative Matrix Factorization for facial image analysis Symeon Nikitidis b,a, Anastasios Tefas b, Nikos Nikolaidis b,a, Ioannis Pitas b,a,n a Informatics and Telematics Institute, Center for Research and Technology, Hellas, Greece b Department of Informatics, Aristotle University of Thessaloniki, Greece article info abstract Article history: Nonnegative Matrix Factorization (NMF) is among the most popular subspace methods, widely used in Received 4 October 2011 a variety of image processing problems. Recently, a discriminant NMF method that incorporates Linear Received in revised form Discriminant Analysis inspired criteria has been proposed, which achieves an efficient decomposition of 21 March 2012 the provided data to its discriminant parts, thus enhancing classification performance. However, this Accepted 26 April 2012 approach possesses certain limitations, since it assumes that the underlying data distribution is Available online 16 May 2012 unimodal, which is often unrealistic. To remedy this limitation, we regard that data inside each class Keywords: have a multimodal distribution, thus forming clusters and use criteria inspired by Clustering based Nonnegative Matrix Factorization Discriminant Analysis. The proposed method incorporates appropriate discriminant constraints in the Subclass discriminant analysis NMF decomposition cost function in order to address the problem of finding discriminant projections Multiplicative updates that enhance class separability in the reduced dimensional projection space, while taking into account Facial expression recognition Face recognition subclass information. The developed algorithm has been applied for both facial expression and face recognition on three popular databases.
  • Sieve Algorithms for the Discrete Logarithm in Medium Characteristic Finite Fields Laurent Grémy

    Sieve Algorithms for the Discrete Logarithm in Medium Characteristic Finite Fields Laurent Grémy

    Sieve algorithms for the discrete logarithm in medium characteristic finite fields Laurent Grémy To cite this version: Laurent Grémy. Sieve algorithms for the discrete logarithm in medium characteristic finite fields. Cryptography and Security [cs.CR]. Université de Lorraine, 2017. English. NNT : 2017LORR0141. tel-01647623 HAL Id: tel-01647623 https://tel.archives-ouvertes.fr/tel-01647623 Submitted on 24 Nov 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. AVERTISSEMENT Ce document est le fruit d'un long travail approuvé par le jury de soutenance et mis à disposition de l'ensemble de la communauté universitaire élargie. Il est soumis à la propriété intellectuelle de l'auteur. Ceci implique une obligation de citation et de référencement lors de l’utilisation de ce document. D'autre part, toute contrefaçon, plagiat, reproduction illicite encourt une poursuite pénale. Contact : [email protected] LIENS Code de la Propriété Intellectuelle. articles L 122. 4 Code de la Propriété Intellectuelle. articles L 335.2- L 335.10 http://www.cfcopies.com/V2/leg/leg_droi.php
  • Primality Testing for Beginners

    Primality Testing for Beginners

    STUDENT MATHEMATICAL LIBRARY Volume 70 Primality Testing for Beginners Lasse Rempe-Gillen Rebecca Waldecker http://dx.doi.org/10.1090/stml/070 Primality Testing for Beginners STUDENT MATHEMATICAL LIBRARY Volume 70 Primality Testing for Beginners Lasse Rempe-Gillen Rebecca Waldecker American Mathematical Society Providence, Rhode Island Editorial Board Satyan L. Devadoss John Stillwell Gerald B. Folland (Chair) Serge Tabachnikov The cover illustration is a variant of the Sieve of Eratosthenes (Sec- tion 1.5), showing the integers from 1 to 2704 colored by the number of their prime factors, including repeats. The illustration was created us- ing MATLAB. The back cover shows a phase plot of the Riemann zeta function (see Appendix A), which appears courtesy of Elias Wegert (www.visual.wegert.com). 2010 Mathematics Subject Classification. Primary 11-01, 11-02, 11Axx, 11Y11, 11Y16. For additional information and updates on this book, visit www.ams.org/bookpages/stml-70 Library of Congress Cataloging-in-Publication Data Rempe-Gillen, Lasse, 1978– author. [Primzahltests f¨ur Einsteiger. English] Primality testing for beginners / Lasse Rempe-Gillen, Rebecca Waldecker. pages cm. — (Student mathematical library ; volume 70) Translation of: Primzahltests f¨ur Einsteiger : Zahlentheorie - Algorithmik - Kryptographie. Includes bibliographical references and index. ISBN 978-0-8218-9883-3 (alk. paper) 1. Number theory. I. Waldecker, Rebecca, 1979– author. II. Title. QA241.R45813 2014 512.72—dc23 2013032423 Copying and reprinting. Individual readers of this publication, and nonprofit libraries acting for them, are permitted to make fair use of the material, such as to copy a chapter for use in teaching or research. Permission is granted to quote brief passages from this publication in reviews, provided the customary acknowledgment of the source is given.