DOCSLIB.ORG

An Investigation on Integer Factorization Applied to Public Key Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Universit`adegli Studi di Trento DIPARTIMENTO DI MATEMATICA Corso di Dottorato di Ricerca in Matematica XXXI CICLO A thesis submitted for the degree of Doctor of Philosophy An investigation on Integer Factorization applied to Public Key Cryptography Supervisor: Ph.D. Candidate: Prof. Massimiliano Sala Giordano Santilli “I was just guessing at numbers and figures, pulling your puzzles apart...” (The Scientist - Coldplay) To all the people that told me their secrets and asked me their questions. Contents Introduction VII 1 Preliminaries 1 1.1 Historical Overview . .1 1.1.1 RSA . .2 1.1.2 A quick review on Factorization Methods . .2 1.1.3 Factorization Records . .5 1.2 Preliminaries on Elementary Number Theory . .6 1.2.1 Basics on Floor and Ceiling . .6 1.2.2 Definitions and basic properties . .6 1.2.3 Integer solutions of a General Quadratic Diophantine Equation having as discriminant a square . 11 1.3 Algebraic Number Theory Background . 13 1.3.1 Number Fields and Ring of Integers . 13 1.3.2 Norm of an element . 15 1.3.3 Ideals in the Ring of Integers . 16 1.4 Groebner Bases Theory . 20 1.4.1 Multivariate polynomials . 20 1.4.2 Monomial Orderings . 22 1.4.3 Groebner Bases . 24 1.4.4 Elimination Theory . 27 2 An elementary approach to factorization 29 2.1 Successive moduli . 29 2.2 A formula for successive moduli . 36 2.3 Successive moduli in factorization . 39 2.4 Interpolation . 42 2.4.1 Successive Remainders and Interpolation . 42 III CONTENTS 2.4.2 A conjecture on interpolating polynomials . 44 3 The General Number Field Sieve 47 3.1 Choice of the polynomial . 48 3.1.1 Producing a difference of squares . 49 3.2 The Rational Factor Base . 50 3.2.1 The Rational Sieve . 51 3.3 The Algebraic Factor Base . 52 3.3.1 The Algebraic Sieve . 55 3.4 General Ring of Integers . 56 3.4.1 The Quadratic Characters Base . 59 3.5 Linear Algebra . 61 3.6 Finding The Square Roots . 63 3.7 Complexity of GNFS . 63 3.7.1 Some analytic considerations . 63 3.7.2 Heuristic Complexity . 65 3.8 Further Developments in GNFS for the Polynomial Choice . 66 3.8.1 Homogeneous polynomials . 66 3.8.2 GNFS with multiple polynomials . 68 3.8.3 How to choose polynomials . 69 3.9 Other sieving methods . 73 3.9.1 Lattice Sieving . 73 3.9.2 Line Sieving . 76 4 A first attempt to a bivariate GNFS 77 4.1 A bivariate version for GNFS . 77 4.2 The Algebraic Factor Base . 79 4.2.1 The identification of first-degree prime ideals . 79 4.2.2 Divisibility of principal ideals . 84 4.3 The Quadratic Characters Base . 89 4.4 Further works and Limits of this approach . 90 5 Finding GNFS relations using Groebner bases 93 5.1 The generation of the system . 93 5.1.1 Inequalities on the parameters . 95 5.2 The Algorithm for finding Perfect Squares in the Number Field 97 5.2.1 An example of the Algorithm . 102 5.3 Related Systems . 113 5.4 Conclusion and future works . 115 IV CONTENTS Appendices 117 A MAGMA Code for the Bivariate Version of GNFS 119 B MAGMA Code for the System using Groebner Bases 127 Bibliography 141 V Introduction Public-key or asymmetric cryptography allows two or more users to com- municate in a secure way on an insecure channel, using two different keys: a public key, which has the function to encrypt the messages, and a pri- vate key, employed in the decryption of the ciphertexts. Because of the importance of these keys in the protocol, their generation is a sensible is- sue and it is often based on an underlying mathematical problem, which is considered hard to solve by the scientific community. Among the difficult number-theoretic problems, the Integer Factorization Problem (IFP) is one of the most famous: given a composite integer number, recovering its factors is commonly believed to be hard (worst-case complexity). Many asymmet- ric algorithms such as RSA ([RSA78]), Rabin’s cryptosystem ([Rab79]) or Goldwasser-Micali cryptosystem ([GM84]) found their mathematical secu- rity on IFP. Due to its rather simple formulation, IFP has been extensively examined ever since: many factorization methods have been developed to solve this problem, such as Dixon’s algorithm ([Dix81]) or the quadratic sieve ([Pom82]), but, at the moment, the most efficient one is the General Number Field Sieve (GNFS), which is fully described in [LLMP93a]. The aim of this thesis is to discuss some number-theoretic techniques to investigate IFP from new points of view. The thesis will be organized as follows: • in Chapter 1 we will present the factorization problem and discuss its involvement in Public-key Cryptography. We will also recall some of the most famous factorization methods, give a description of the state of the art and survey the actual records on integer factorization. Furthermore, the number-theoretic techniques we will employ belong to three main fields: firstly we will examine relevant properties of the floor function and the ceiling function, then we will recall some important VII INTRODUCTION results in Algebraic Number Theory about ring of integers and their ideals, while Groebner bases will be the main topic of the last part. • Starting from the results recalled in the first chapter, in Chapter 2 we will describe an original work on integer factorization based on some elementary properties of the remainders of a fixed positive integer N modulo successive numbers. We will show that it is possible to define a formula that computes all the remainders of N starting with just three initial consecutive remainders. Later, we will also prove that this formula does not change even as considering the second-degree inter- polating polynomial between the starting remainders. This interesting regularity was originally noticed and analysed by Dr. Matteo Piva. We will exihibit an equivalence between the integer factorization prob- lem and the solution of the aforementioned formula and we will finally explore the future developments of this approach, explaining with an example how we would like to generalize this approach. • The main theme of Chapter 3 is the General Number Field Sieve al- gorithm, depicted in great details. We will report the classical for- mulation of GNFS, including the Rational Factor Base, the Algebraic Factor Base and the Quadratic Characters Base, which permit to get a non-trivial factor of a semiprime N. Additionally, the complexity of the algorithm will be stated and analysed, employing some functions borrowed from Analytic Number Theory. By the end of the chapter, the successive improvements on GNFS will be inspected, especially the different strategies developed in the polynomial selection and in the sieving step. • The last two chapters will again contain some original material. In Chapter 4 we will examine a way to generalize GNFS to bivariate polynomials, based on a joint work with Dr. Daniele Taufer. The structure we will handle in this chapter is the following: we will con- sider two simple quadratic extensions of the rational numbers that do not have any intersection between them, except for the rational num- bers themselves, and a larger extension of degree 4 that contains both. We will prove that the first-degree prime ideals in the smaller exten- sions may be used to generate the same kind of ideals in the larger one and, adding some additional hypotheses, we will show that also the converse is true. Moreover, a potential scheme of an application to GNFS is theorized and we will explain at the end of the chapter why VIII INTRODUCTION this approach will not completely work for our situation in its present formulation. Finally, Chapter 5 addresses the issue of finding some elements for GNFS that lead to a successful factorization of N, through the solu- tion of some multivariate systems, solved using Groebner bases. We will provide this way an algorithm for integer factorization, also with a very detailed example. In Appendix A and Appendix B we will report MAGMA programs used to test some of our algorithms. IX Chapter 1 Preliminaries Notation. We will denote with N the set of natural numbers N = f0; 1; 2;:::g + and with N all the positive integers. 1.1 Historical Overview One of the most ancient and famous theorems about prime numbers is the Fundamental Theorem of Arithmetic, which was first described in Euclid’s Elements in Book IX, [Hea56]. + Theorem 1.1. Every positive integer N 2 N such that N > 1 can be represented in a unique way as a product of prime powers: e1 e2 ek N = p1 · p2 ··· pk ; + where k 2 N , p1 < p2 < : : : < pk are prime numbers and e1; e2; : : : ; ek 2 N. A natural problem arising from this theorem is, given a positive integer num- + ber N 2 N , to find its prime factorization. From a computational point of view, while there are several ways to decide (in polynomial-time) whether an integer is a prime, it is still unknown if there exist a non-quantum polynomial-time algorithm that finds its prime factors. This issue is called Integer Factorization Problem (IFP). The clarification “non-quantum” is needed, since in 1994 Schor ([Sho94]) presented an algo- 1 CHAPTER 1. PRELIMINARIES rithm for quantum computers that finds all prime factors of a given integer in polynomial-time. Since a classical polynomial-time algorithm that solves IFP might never be found, it is considered to be a hard problem. Due to this hardness, IFP guarantees the security of many public-key cryptography algorithms, starting from RSA.
Recommended publications
  • Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster

    Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster

    THE OPEN BOOK SERIES 2 ANTS XIII Proceedings of the Thirteenth Algorithmic Number Theory Symposium Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster msp THE OPEN BOOK SERIES 2 (2019) Thirteenth Algorithmic Number Theory Symposium msp dx.doi.org/10.2140/obs.2019.2.411 Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW-challenge pseudoprimes with two or three prime factors up to 280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n 1 1 .mod n/ so n is a base-2 Fermat pseudoprime, Á (2) .5 n/ 1 so n is not a square modulo 5, and j D (3) Fn 1 0 .mod n/ so n is a Fibonacci pseudoprime, C Á or to prove that no such n exists. We call composites that satisfy these conditions PSW-challenge pseudo- primes. In[PSW80] they credit R. Baillie with the discovery that combining a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test[BW80].
  • The Number Field Sieve for Discrete Logarithms

    The Number Field Sieve for Discrete Logarithms

    The Number Field Sieve for Discrete Logarithms Henrik Røst Haarberg Master of Science Submission date: June 2016 Supervisor: Kristian Gjøsteen, MATH Norwegian University of Science and Technology Department of Mathematical Sciences Abstract We present two general number field sieve algorithms solving the discrete logarithm problem in finite fields. The first algorithm pre- sented deals with discrete logarithms in prime fields Fp, while the second considers prime power fields Fpn . We prove, using the standard heuristic, that these algorithms will run in sub-exponential time. We also give an overview of different index calculus algorithms solving the discrete logarithm problem efficiently for different possible relations between the characteristic and the extension degree. To be able to give a good introduction to the algorithms, we present theory necessary to understand the underlying algebraic structures used in the algorithms. This theory is largely algebraic number theory. 1 Contents 1 Introduction 4 1.1 Discrete logarithms . .4 1.2 The general number field sieve and L-notation . .4 2 Theory 6 2.1 Number fields . .6 2.1.1 Dedekind domains . .7 2.1.2 Module structure . .9 2.1.3 Norm of ideals . .9 2.1.4 Units . 10 2.2 Prime ideals . 10 2.3 Smooth numbers . 13 2.3.1 Density . 13 2.3.2 Exponent vectors . 13 3 The number field sieve in prime fields 15 3.1 Overview . 15 3.2 Calculating logarithms . 15 3.3 Sieving . 17 3.4 Schirokauer maps . 18 3.5 Linear algebra . 20 3.5.1 A note about smooth t and g .............. 22 3.6 Run time .
  • Bound Estimation for Divisors of RSA Modulus with Small Divisor-Ratio

    Bound Estimation for Divisors of RSA Modulus with Small Divisor-Ratio

    International Journal of Network Security, Vol.23, No.3, PP.412-425, May 2021 (DOI: 10.6633/IJNS.202105 23(3).06) 412 Bound Estimation for Divisors of RSA Modulus with Small Divisor-ratio Xingbo Wang (Corresponding author: Xingbo Wang) Department of Mechatronic Engineering, Foshan University Guangdong Engineering Center of Information Security for Intelligent Manufacturing System, China Email: [email protected]; [email protected] (Received Nov. 16, 2019; Revised and Accepted Mar. 8, 2020; First Online Apr. 17, 2021) Abstract make it easier to find the small divisor; articles [2, 10] found out the distribution of an odd integer's square-root Through subtle analysis on relationships among ances- in the T3 tree; articles [11, 15, 17] investigated divisors' tors, symmetric brothers, and the square root of a node distribution of an RSA number, presenting in detail how on the T3 tree, the article puts a method forwards to cal- two divisors distribute on the levels of the T3 tree in terms culate an interval that contains a divisor of a semiprime of their divisor-ratio. whose divisor-ratio is less than 3/2. Concrete mathemat- This paper, following the studies in [11, 15, 17], and ical reasonings to derive the method and programming based on the inequalities proved in [12] as well as the procedure from realizing the calculations are shown in theorems proved in [13, 16], gives in detail a bound esti- detail. Numerical experiments are made by applying the mation to the divisors of an RSA number. The results in method on both ordinary small semiprimes and the RSA this paper are helpful to design algorithm to search the numbers.
  • Enhancing the Securing RSA Algorithm from Attack

    Enhancing the Securing RSA Algorithm from Attack

    Journal of Basic and Applied Engineering Research Print ISSN: 2350-0077; Online ISSN: 2350-0255; Volume 1, Number 10; October, 2014 pp. 48-63 © Krishi Sanskriti Publications http://www.krishisanskriti.org/jbaer.html Enhancing the Securing RSA Algorithm from Attack Swati Srivastava 1, Meenu 2 1M.Tech Student, Department of CSE, Madan Mohan Malaviya University of Technology, Gorakhpur, U.P. 2Department of CSE, Madan MohanMalaviya University of Technology, Gorakhpur, U.P. Abstract: The RSA public key and signature scheme is often used authenticity, integrity, and limited access to data. In in modern communications technologies; it is one of the firstly Cryptography we differentiate between private key defined public key cryptosystem that enable secure cryptographic systems (also known as conventional communicating over public unsecure communication channels. cryptography systems) and public key cryptographic systems. In praxis many protocols and security standards use the RSA, Private Key Cryptography, also known as secret-key or thus the security of the RSA is critical because any weaknesses in the RSA crypto system may lead the whole system to become symmetric-key encryption, has an old history, and is based on vulnerable against attacks. This paper introduce a security using one shared secret key for encryption and decryption. enhancement on the RSA cryptosystem, it suggests the use of The development of fast computers and communication randomized parameters in the encryption process to make RSA technologies did allow us to define many
  • Factorization of RSA-180

    Factorization of RSA-180

    Factorization of RSA-180 S. A. Danilov, I. A. Popovyan Moscow State University, Russia May 9, 2010∗ Abstract We present a brief report on the factorization of RSA-180, currently smallest unfactored RSA number. We show that the numbers of similar size could be factored in a reasonable time at home using open source factoring software running on a few Intel Core i7 PCs. 1 Introduction In 1991 RSA Labs published a list of semiprime numbers of different size and announced a reward for their factorization. The numbers from that list called RSA numbers became a measure of the quality of the factorization tools. We began working on our factorization project on November 2009. We started with the smallest unfactored RSA number for that moment, RSA-170, written in 170 decimal digits. The factorization was finished on 31 December 2009, then we found out that Dominik Bonenberger and Martin Krone [1] were ahead of us for two days and had already presented the RSA-170 prime de- compostion. Meanwhile the new world record in factorization was set [2] – the international team of scientists managed to factor the RSA-768, a 232 decimal digits long RSA number. On January 2010 after a short break we decided to continue the project and took the number RSA-180 = 191147927718986609689229466631454649812986246 276667354864188503638807260703436799058776201 365135161278134258296128109200046702912984568 752800330221777752773957404540495707851421041, the next smallest RSA number with unknown factorization. ∗Revised at 13.04.2010 1 2 Factorization of RSA-180 Our tools for factorization are essentially based on two open source implemen- tations of General Numebr Field Sieve (GNFS) algorithm – the community maintained GGNFS suite [3] and Jason Papadopoulos’s msieve [4].
  • Introducing Quaternions to Integer Factorisation

    Introducing Quaternions to Integer Factorisation

    Journal of Physical Science and Application 5 (2) (2015) 101-107 doi: 10.17265/2159-5348/2015.02.003 D DAVID PUBLISHING Introducing Quaternions to Integer Factorisation HuiKang Tong 4500 Ang Mo Kio Avenue 6, 569843, Singapore Abstract: The key purpose of this paper is to open up the concepts of the sum of four squares and the algebra of quaternions into the attempts of factoring semiprimes, the product of two prime numbers. However, the application of these concepts here has been clumsy, and would be better explored by those with a more rigorous mathematical background. There may be real immediate implications on some RSA numbers that are slightly larger than a perfect square. Key words: Integer factorisation, RSA, quaternions, sum of four squares, euler factorisation method. Nomenclature In Section 3, we extend the Euler factoring method to one using the sum of four squares and the algebra p, q: prime factors n: semiprime pq, the product of two primes of quaternions. We comment on the development of P: quaternion with norm p the mathematics in Section 3.1, and introduce the a, b, c, d: components of a quaternion integral quaternions in Section 3.2, and its relationship 1. Introduction with the sum of four squares in Section 3.3. In Section 3.4, we mention an algorithm to generate the sum of We assume that the reader know the RSA four squares. cryptosystem [1]. Notably, the ability to factorise a In Section 4, we propose the usage of concepts of random and large semiprime n (the product of two the algebra of quaternions into the factorisation of prime numbers p and q) efficiently can completely semiprimes.
  • The Factoring Dead: Preparing for the Cryptopocalypse

    The Factoring Dead: Preparing for the Cryptopocalypse

    THE FACTORING DEAD: PREPARING FOR THE CRYPTOPOCALYPSE Javed Samuel — javed[at]isecpartners[dot]com iSEC Partners, Inc 123 Mission Street, Suite 1020 San Francisco, CA 94105 https://www.isecpartners.com March 20, 2014 Abstract This paper will explain the latest breakthroughs in the academic cryptography community and look ahead at what practical issues could arise for popular cryptosystems. Specifically, we will focus on the recent major devel- opments in discrete mathematics and their potential ability to undermine our trust in the most basic asymmetric primitives, including RSA. We will explain the basic theories behind RSA and the state-of-the-art in large number- ing factoring, and how several recent papers may point the way to massive improvements in this area. The paper will then switch to the practical aspects of the doomsday scenario, and will answer the question “What happens the day after RSA is broken?” We will point out the many obvious and hidden uses of RSA and related algorithms and outline how software engineers and security teams can operate in a post-RSA world. We will also discuss the results of our survey of popular products and software, and point out the ways in which individuals can prepare for the “zombie cryptopocalypse”. 1 INTRODUCTION Over the past few years, there have been numerous attacks on the current SSL infrastructure. These have ranged from BEAST [97], CRIME [88], Lucky 13 [2][86], RC4 bias attacks [1][91] and BREACH [42]. These attacks all show the fragility of the current SSL architecture as vulnerabilities have been found in a variety of features ranging from compression, timing and padding [90].
  • Use of SIMD-Based Data Parallelism to Speed up Sieving in Integer-Factoring Algorithms ?

    Use of SIMD-Based Data Parallelism to Speed up Sieving in Integer-Factoring Algorithms ?

    Use of SIMD-Based Data Parallelism to Speed up Sieving in Integer-Factoring Algorithms ? Binanda Sengupta and Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology Kharagpur, West Bengal, PIN: 721302, India binanda.sengupta,[email protected] Abstract. Many cryptographic protocols derive their security from the appar- ent computational intractability of the integer factorization problem. Currently, the best known integer-factoring algorithms run in subexponential time. Effi- cient parallel implementations of these algorithms constitute an important area of practical research. Most reported implementations use multi-core and/or dis- tributed parallelization. In this paper, we use SIMD-based parallelization to speed up the sieving stage of integer-factoring algorithms. We experiment on the two fastest variants of factoring algorithms: the number-field sieve method and the multiple-polynomial quadratic sieve method. Using Intel’s SSE2 and AVX in- trinsics, we have been able to speed up index calculations in each core during sieving. This performance enhancement is attributed to a reduction in the pack- ing and unpacking overheads associated with SIMD registers. We handle both line sieving and lattice sieving. We also propose improvements to make our im- plementations cache-friendly. We obtain speedup figures in the range 5–40%. To the best of our knowledge, no public discussions on SIMD parallelization in the context of integer-factoring algorithms are available in the literature. Keywords: Integer Factorization, Sieving, Multiple-Polynomial Quadratic Sieve Method, Number-Field Sieve Method, Single Instruction Multiple Data, Stream- ing SIMD Extensions, Advanced Vector Extensions 1 Introduction Let n be a large composite integer having the factorization k v vp1 vp2 pk vpi n = p1 p2 ··· pk = ∏ pi : i=1 The integer factorization problem deals with the determination of all the prime divisors p1; p2;:::; pk of n and their corresponding multiplicities vp1 ;vp2 ;:::;vpk .
  • Question 1.1. What Is the RSA Laboratories' Frequently Asked

    Question 1.1. What Is the RSA Laboratories' Frequently Asked

    Copyright © 1996, 1998 RSA Data Security, Inc. All rights reserved. RSA BSAFE Crypto-C, RSA BSAFE Crypto-J, PKCS, S/WAN, RC2, RC4, RC5, MD2, MD4, and MD5 are trade- marks or registered trademarks of RSA Data Security, Inc. Other products and names are trademarks or regis- tered trademarks of their respective owners. For permission to reprint or redistribute in part or in whole, send e-mail to [email protected] or contact your RSA representative. RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0 2 Table of Contents Table of Contents............................................................................................ 3 Foreword......................................................................................................... 8 Section 1: Introduction .................................................................................... 9 Question 1.1. What is the RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography? ................................................................................................................ 9 Question 1.2. What is cryptography? ............................................................................................10 Question 1.3. What are some of the more popular techniques in cryptography? ................... 11 Question 1.4. How is cryptography applied? ............................................................................... 12 Question 1.5. What are cryptography standards? ......................................................................
  • Parallel Strategy to Factorize Fermat Numbers with Implementation in Maple Software

    Parallel Strategy to Factorize Fermat Numbers with Implementation in Maple Software

    Journal of Software Parallel Strategy to Factorize Fermat Numbers with Implementation in Maple Software Jianhui Li*, Manlan Liu Foshan Polytechnic, Foshan City, PRC, 528000, China. * Corresponding author. Tel.: +86075787263015; email: [email protected] Manuscript submitted October 08, 2020; accepted December 11, 2020. doi: 10.17706/jsw.16.4.167-173 Abstract: In accordance with the traits of parallel computing, the paper proposes a parallel algorithm to factorize the Fermat numbers through parallelization of a sequential algorithm. The kernel work to parallelize a sequential algorithm is presented by subdividing the computing interval into subintervals that are assigned to the parallel processes to perform the parallel computing. Maple experiments show that the parallelization increases the computational efficiency of factoring the Fermat numbers, especially to the Fermat number with big divisors. Key words: Integer factorization, fermat number, parallel computing, algorithm. 1. Introduction Factorization of big integer has been a hard problem and has been paid attention to in mathematics and cryptography. Any factoring algorithm is both scientifically valuable and practically applicable, as stated in [1]. Historically, factorization of big integer always took huge computing resources and involved in parallel computing. For example, it took half a year and 80 4-cored CPUs of AMD Opteron @ 2.2GHz to factorize RSA768 [2]. Actually, Brent R P began to study the possibility of parallel computing early in 1990 since Pollard Rho algorithm came into being [3]. And then parallel approaches for the elliptic curve method (ECM), continued fraction, quadric sieve (QS) and number field sieve (NFS) were developed respectively [4]-[7]. Now the NFS has been regarded to be the most efficient method.
  • Algorithms for Factoring Integers of the Form N = P * Q

    Algorithms for Factoring Integers of the Form N = P * Q

    Algorithms for Factoring Integers of the Form n = p * q Robert Johnson Math 414 Final Project 12 March 2010 1 Table of Contents 1. Introduction 3 2. Trial Division Algorithm 3 3. Pollard (p – 1) Algorithm 5 4. Lenstra Elliptic Curve Method 9 5. Continued Fraction Factorization Method 13 6. Conclusion 15 2 Introduction This paper is a brief overview of four methods used to factor integers. The premise is that the integers are of the form n = p * q, i.e. similar to RSA numbers. The four methods presented are Trial Division, the Pollard (p -1) algorithm, the Lenstra Elliptic Curve Method, and the Continued Fraction Factorization Method. In each of the sections, we delve into how the algorithm came about, some background on the machinery that is implemented in the algorithm, the algorithm itself, as well as a few eXamples. This paper assumes the reader has a little eXperience with group theory and ring theory and an understanding of algebraic functions. This paper also assumes the reader has eXperience with programming so that they might be able to read and understand the code for the algorithms. The math introduced in this paper is oriented in such a way that people with a little eXperience in number theory may still be able to read and understand the algorithms and their implementation. The goal of this paper is to have those readers with a little eXperience in number theory be able to understand and use the algorithms presented in this paper after they are finished reading. Trial Division Algorithm Trial division is the simplest of all the factoring algorithms as well as the easiest to understand.
  • Factorization of a 512–Bit RSA Modulus?

    Factorization of a 512–Bit RSA Modulus?

    Factorization of a 512{Bit RSA Modulus? Stefania Cavallar3,BruceDodson8,ArjenK.Lenstra1,WalterLioen3, Peter L. Montgomery10, Brian Murphy2, Herman te Riele3, Karen Aardal13, 4 11 9 5 View metadata, citation and similar papersJeff at core.ac.uk Gilchrist ,G´erard Guillerm ,PaulLeyland ,Jo¨el Marchand , brought to you by CORE 6 12 14 Fran¸cois Morain , Alec Muffett , Chris and Craig Putnamprovided,and by Infoscience - École polytechnique fédérale de Lausanne Paul Zimmermann7 1 Citibank, 1 North Gate Road, Mendham, NJ 07945–3104, USA [email protected] 2 Computer Sciences Laboratory, ANU, Canberra ACT 0200, Australia [email protected] 3 CWI, P.O. Box 94079, 1090 GB Amsterdam, The Netherlands {cavallar,walter,herman}@cwi.nl 4 Entrust Technologies Ltd., 750 Heron Road, Suite E08, Ottawa, ON, K1V 1A7, Canada [email protected] 5 Laboratoire Gage, Ecole´ Polytechnique/CNRS, Palaiseau, France [email protected] 6 Laboratoire d’Informatique, Ecole´ Polytechnique, Palaiseau, France [email protected] 7 Inria Lorraine and Loria, Nancy, France [email protected] 8 Lehigh University, Bethlehem, PA, USA [email protected] 9 Microsoft Research Ltd, Cambridge, UK [email protected] 10 780 Las Colindas Road, San Rafael, CA 94903–2346 USA Microsoft Research and CWI [email protected] 11 SITX (Centre of IT resources), Ecole´ Polytechnique, Palaiseau, France [email protected] 12 Sun Microsystems, Riverside Way, Watchmoor Park, Camberley, UK [email protected] 13 Dept. of Computer Science,