DOCSLIB.ORG

On the Number Field Sieve: Polynomial Selection and Smooth Elements in Number Fields

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

On the Number Field Sieve: Polynomial Selection and Smooth Elements in Number Fields Nicholas Vincent Coxon BSc (hons) A thesis submitted for the degree of Doctor of Philosophy at The University of Queensland in June 2012 School of Mathematics and Physics Abstract The number field sieve is the asymptotically fastest known algorithm for factoring large integers that are free of small prime factors. Two aspects of the algorithm are considered in this thesis: polynomial selection and smooth elements in number fields. The contributions to polynomial selection are twofold. First, existing methods of polynomial generation, namely those based on Montgomery's method, are extended and tools developed to aid in their analysis. Second, a new approach to polynomial generation is developed and realised. The development of the approach is driven by results obtained on the divisibility properties of univariate resultants. Examples from the literature point toward the utility of applying decoding algorithms for algebraic error-correcting codes to problems of finding elements in a ring with a smooth representation. In this thesis, the problem of finding algebraic integers in a number field with smooth norm is reformulated as a decoding problem for a family of error-correcting codes called NF-codes. An algorithm for solving the weighted list decoding problem for NF-codes is provided. The algorithm is then used to find algebraic integers with norm containing a large smooth factor. Bounds on the existence of such numbers are derived using algorithmic and combinatorial methods. ii Declaration by the Author This thesis is composed of my original work, and contains no material previously published or written by another person except where due reference has been made in the text. I have clearly stated the contribution by others to jointly-authored works that I have included in my thesis. I have clearly stated the contribution of others to my thesis as a whole, including statistical assistance, survey design, data analysis, significant technical procedures, professional editorial advice, and any other original research work used or reported in my thesis. The content of my thesis is the result of work I have carried out since the commencement of my research higher degree candidature and does not include a substantial part of work that has been submitted to qualify for the award of any other degree or diploma in any university or other tertiary institution. I have clearly stated which parts of my thesis, if any, have been submitted to qualify for another award. I acknowledge that an electronic copy of my thesis must be lodged with the University Library and, subject to the General Award Rules of The University of Queensland, immediately made available for research and study in accordance with the Copyright Act 1968. I acknowledge that copyright of all material contained in my thesis resides with the copyright holder(s) of that material. Where appropriate I have obtained copyright permission from the copyright holder to reproduce material in this thesis. iii Publications During Candidature [47] Nicholas Coxon. On nonlinear polynomial selection for the number field sieve. ArXiv e-Print archive, arXiv:1109.6398 [math.NT], September 2010. http://arxiv.org/abs/1109.6398. [48] Nicholas Coxon. List decoding of number field codes. Designs, codes and cryptography, 2013. doi:10.1007/s10623-013-9803-x. Publications Included in the Thesis Publications [47] and [48] have been incorporated into Chapter 3 and Chapter 5, respectively. Contributions by Others to the Thesis As supervisor, Victor Scharaschkin helped guide the research presented in the thesis. There has been no contribution by others to the writing of the thesis. Statement of Parts of the Thesis Submitted to Qualify for the Award of Another Degree None. iv Acknowledgements I am greatly indebted to Victor Scharaschkin for his supervision during my candidature. The support he has extended to me, and his informed guidance and advice, have been critically important through- out my postgraduate and undergraduate studies. I would like to thank Gary Carter, Eric Mortenson and Graham Norton for helpful discussions and their comments on draft chapters of this thesis. I would like to acknowledge financial support of the Australian Postgraduate Award. I have had the pleasure of working with and learning from many of the staff and students of the Mathematics Department. I am proud to call many of you my friends, and wish you all the best in your future endeavours. It would not have been possible to write this thesis without the help and encouragement of my fellow postgraduate students. In particular, I would like to thank Tristan Dunning, Peter Finch, Samuel Hambleton, Dejan Jovanovic, Geoff Martin, Thomas McCourt and Sian Stafford with whom daily conversations have been constructive, disruptive when needed most, and always greatly appreciated. To all the friends with whom I have shared many adventures whilst working on this thesis, thank you. Finally, to my family, thank you for always being there with love and support. v Keywords Integer factorisation, number field sieve, polynomial selection, smooth numbers, list decoding, number field codes, geometry of numbers, resultants. Australian and New Zealand Standard Research Classifications (ANZSRC) ANZSRC code: 010101, Algebra and Number Theory, 89:939% ANZSRC code: 080201, Analysis of Algorithms and Complexity, 10:061% Fields of Research (FoR) Classification FoR code: 0101, Pure Mathematics, 100:000% vi Contents List of Tables ix Nomenclature xi 1 Introduction 1 1.1 Congruence of Squares Factoring . .1 1.1.1 The Morrison{Brillhart Approach . .2 1.1.2 Finding Smooth Residues . .3 1.1.3 Complexity Estimates . .5 1.2 The Number Field Sieve . .6 1.2.1 Outline of the Number Field Sieve . .7 1.2.2 Complexity Estimates . 11 1.2.3 The Polynomial Selection Problem . 13 1.2.4 Smooth Elements in Number Fields . 14 1.3 Outline of the Thesis . 15 2 Preliminaries on Polynomial Selection 17 2.1 Quantifying Properties which Influence Polynomial Yield . 17 2.1.1 Quantifying Size Properties: Skewed Polynomial Norms . 18 2.1.2 Quantifying Root Properties . 22 2.1.3 Ranking Polynomials . 27 2.2 Number Field Sieve Polynomial Generation . 30 2.2.1 The Montgomery{Murphy Algorithm . 31 2.2.2 Kleinjung's Algorithm . 34 2.2.3 Nonlinear Algorithms . 40 vii 2.2.4 A Lower Bound on Polynomial Generation . 42 3 Nonlinear Polynomial Selection 45 3.1 Preliminaries on Lattices . 46 3.2 Nonlinear Polynomial Selection . 48 3.2.1 The Orthogonal Lattice . 48 3.2.2 Nonlinear Polynomial Generation in Detail . 52 3.2.3 Existing Algorithms . 54 3.3 Length d + 1 Construction Revisited . 57 3.3.1 Parameter Selection for Algorithm 3.3.3 . 59 3.4 The Koo{Jo{Kwon Length d + 2 Construction Revisited . 61 3.4.1 Parameter Selection for Algorithm 3.4.2 . 63 4 An Approach to Polynomial Selection 65 4.1 Overview of the Approach . 66 4.2 Divisibility Properties of Univariate Resultants . 69 4.2.1 Definition and Properties of Resultants . 70 4.2.2 Proof of Lemma 4.1.1 . 72 4.3 Combinatorial Bounds on Polynomial Selection . 79 4.4 An Initial Algorithm . 83 4.4.1 Parameter Selection for Algorithm 4.4.2 . 86 4.4.2 Algorithmic Bounds on Polynomial Selection . 93 4.5 Future Directions: Improvements and Generalisations . 95 4.5.1 Special-q ....................................... 96 4.5.2 Lattice Construction . 98 4.5.3 A Multivariate Generalisation . 105 5 Smooth Elements in Number Fields 111 5.1 Review of NF-codes . 113 5.2 Combinatorial Bounds on List Decoding . 115 5.3 Weighted List Decoding of NF-codes . 116 5.3.1 Additional Notes on Implementing Algorithm 5.3.2 . 119 viii 5.3.2 Analysis of the Decoding Algorithm . 120 5.3.3 Decoding with Integral Lattices . 123 5.3.4 Parameter Selection for Algorithm 5.3.2 . 124 5.4 Smooth Algebraic Integers in Number Fields . 127 5.4.1 Finding Smooth Algebraic Integers in Number Fields . 128 5.4.2 Bounds on Smooth Algebraic Integers in Number Fields . 131 6 Conclusions and Future Research 135 References 139 Appendix 153 A Appendices for Chapter 5 155 A.1 Number Field Codes with Known Rate . 155 A.2 Decoding with Nonzero Shift Parameters . 157 ix List of Tables 4.1 Bounds for Example 4.3.5. 82 4.2 Parameters for Example 4.4.10 . 92 4.3 Bounds for Example 4.4.12. 95 4.4 Parameters for Example 4.5.3 . 98 5.1 Bounds for Example 5.4.13 . 133 5.2 Bounds for Example 5.4.14 . 133 x Nomenclature The following is a list of abbreviations and symbols that appear in the thesis. Where possible, a page number is provided to indicate where an abbreviation or symbol first appears. The list of symbols is incomplete, with only those symbols that are not defined elsewhere in the thesis, or that appear in multiple chapters, being listed. All remaining symbols are possibly used for several different purposes throughout the thesis, but are always used consistently within the confines of a single chapter, where the relevant definition is found. List of Abbreviations CFRAC Continued fractions method, p. 1. GP Geometric progression, p. 41. NFS Number field sieve, p. 1. QS Quadratic Sieve, p. 1. SNFS Special number field sieve, p. 1. List of Symbols Z, Q, R, C The set of integers, rationals, real numbers and complex numbers, respectively. Fq The finite field of order q, where q is a prime power. Z=nZ The ring of integers modulo n. A× The group of units of a ring A. GLn(A) The general linear group of n × n invertible matrices with entries in a ring A.
Recommended publications
  • Integer Factoring

    Integer Factoring

    Designs, Codes and Cryptography, 19, 101–128 (2000) c 2000 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands. Integer Factoring ARJEN K. LENSTRA [email protected] Citibank, N.A., 1 North Gate Road, Mendham, NJ 07945-3104, USA Abstract. Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization. Keywords: Integer factorization, quadratic sieve, number field sieve, elliptic curve method, Morrison–Brillhart Approach 1. Introduction Factoring a positive integer n means finding positive integers u and v such that the product of u and v equals n, and such that both u and v are greater than 1. Such u and v are called factors (or divisors)ofn, and n = u v is called a factorization of n. Positive integers that can be factored are called composites. Positive integers greater than 1 that cannot be factored are called primes. For example, n = 15 can be factored as the product of the primes u = 3 and v = 5, and n = 105 can be factored as the product of the prime u = 7 and the composite v = 15. A factorization of a composite number is not necessarily unique: n = 105 can also be factored as the product of the prime u = 5 and the composite v = 21. But the prime factorization of a number—writing it as a product of prime numbers—is unique, up to the order of the factors: n = 3 5 7isthe prime factorization of n = 105, and n = 5 is the prime factorization of n = 5.
  • Prime Factorization and Cryptography a Theoretical Introduction to the General Number Field Sieve

    Prime Factorization and Cryptography a Theoretical Introduction to the General Number Field Sieve

    Prime Factorization and Cryptography A theoretical introduction to the General Number Field Sieve Barry van Leeuwen University of Bristol 10 CP Undergraduate Project Supervisor: Dr. Tim Dokchitser February 1, 2019 Acknowledgement of Sources For all ideas taken from other sources (books, articles, internet), the source of the ideas is mentioned in the main text and fully referenced at the end of the report. All material which is quoted essentially word-for-word from other sources is given in quotation marks and referenced. Pictures and diagrams copied from the internet or other sources are labelled with a reference to the web page,book, article etc. Signed: Barry van Leeuwen Dated: February 1, 2019 Abstract From a theoretical puzzle to applications in cryptography and computer sci- ence: The factorization of prime numbers. In this paper we will introduce a historical retrospect by observing different methods of factorizing primes and we will introduce a theoretical approach to the General Number Field Sieve building from a foundation in Algebra and Number Theory. We will in this exclude most considerations of efficiency and practical im- plementation, and instead focus on the mathematical background. In this paper we will introduce the theory of algebraic number fields and Dedekind domains and their importance in understanding the General Number Field Sieve before continuing to explain, step by step, the inner workings of the General Number Field Sieve. Page 1 of 73 Contents Abstract 1 Table of contents 2 1 Introduction 3 2 Prime Numbers and the Algebra of Modern Cryptography 5 2.1 Preliminary Algebra and Number Theory .
  • Integer Factorization - an Investigation of Methods and Implementation

    Integer Factorization - an Investigation of Methods and Implementation

    Integer Factorization - An Investigation of Methods and Implementation Josh Boone Southern Illinois University at Carbondale Carbondale, IL 62901 April 24, 2007 Abstract Integer factorization is the breaking down of a composite integer into its prime factors. This unique factorization is then used to ana- lyze the number, or in the case of most cryptographical applications, breaking the cryptoscheme. There are many methods of factorization, but we will focus on those based off of Fermat's Factorization Method. We will give a proof of correctness of this method, as well as an exam- ple. We will discuss Dixon's Factorization Method at length, with an example given to show how it works. Finally, we will give some insight on the Quadratic Sieve method, a factorization algorithm that uses quadratic congruences to reduce the amount of time needed to factor an integer. 1 Introduction Integer factorization has been a topic of study since the beginning of number theory. The French mathematicial Pierre de Fermat (1601-1665) is credited with one of the earliest algorithms, aptly named Fermat's Factorization Method. This method is based on a congruence of squares, which is the backbone of many factorization methods. We will prove the correctness and show the strength and weaknesses of this algorithm, and discuss the extensions of Fermat's Method that are more efficient: Dixon's Factorization Method and The Quadratic Sieve Method. Before we begin discussion of this and the other methods, we need some results and definitions from elementary number theory. 1 2 Some Number Theory All of our methods will rely upon the following important theorem, without which factorization would be unimportant.
  • Eindhoven University of Technology MASTER a Study of the General

    Eindhoven University of Technology MASTER a Study of the General

    Eindhoven University of Technology MASTER A study of the general number field sieve and a development of a CT2 plug-in using YAFU Querejeta Azurmendi, I. Award date: 2016 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain A study of the General Number Field Sieve and a development of a CT2 plug-in using YAFU A thesis submitted for the degree of Master of Science. Technical University of Eindhoven Department of Mathematics and Computer Science Supervisors: Prof. Dr. Tanja Lange Author: Henry de Valence I~nigoQuerejeta Azurmendi Advisors: 0870120 Cristina Balasoiu Prof. Bernhard Esslinger Armin Krauss July 28, 2016 ii Abstract The Number Field Sieve (NFS) is the fastest known algorithm for factoring general numbers having more than 100 decimal digits.
  • New Pragmatic Algorithms to Improve Factoring of Large Numbers

    New Pragmatic Algorithms to Improve Factoring of Large Numbers

    International Journal of Theoretical and Applied Mathematics 2017; 3(6): 199-202 http://www.sciencepublishinggroup.com/j/ijtam doi: 10.11648/j.ijtam.20170306.14 ISSN: 2575-5072 (Print); ISSN: 2575-5080 (Online) Methodology Article New Pragmatic Algorithms to Improve Factoring of Large Numbers Mohamed Zaki Abd El-Mageed 1, Hassan Hussein 2 1Department of Computer Since, Faculty of Engineering, Al-Zahra University, Cairo Egypt 2Research Development Center, National Defense Council, Cairo, Egypt Email address: [email protected] (M. Z. A. El-Mageed), [email protected] (H. Hussein) To cite this article: Mohamed Zaki Abd El-Mageed, Hassan Hussein. New Pragmatic Algorithms to Improve Factoring of Large Numbers. International Journal of Theoretical and Applied Mathematics . Vol. 3, No. 6, 2017, pp. 199-202. doi: 10.11648/j.ijtam.20170306.14 Received : September 28, 2017; Accepted : November 13, 2017; Published : December 5, 2017 Abstract: Rivest, Shamir, Adleman, RSA algorithm is a popular public key cryptosystem and is known to be secure, however, this fact relies on the difficulty of factoring large numbers. No algorithm has been published that can factor all integers in polynomial time. This paper proposes a new function that can be used to improve the process of factoring integer numbers. It gets the factor faster than known methods. By making use of such proposed function, corresponding two algorithms are proposed and pseudocoded. The utilization of these algorithms along with the basics of the theory of numbers led to three other new factoring algorithms. The five algorithms are implemented and verified using Python Language. The tabulated results that represent the time of factorization versus the number of digits of the large number have indicated the applicability of the last three algorithms.
  • Polynomial Selection for the Number Field Sieve

    Polynomial Selection for the Number Field Sieve

    Polynomial Selection for the Number Field Sieve Shi Bai 白石 Sep 2011 A thesis submitted for the degree of Doctor of Philosophy of the Australian National University Declaration The work in this thesis is my own except where otherwise stated. iii Dedicated to my parents for their love and inspiration. Acknowledgements It is difficult to overstate my gratitude to my Ph.D. supervisor, Richard Brent. Over the three-and-a-half years, Richard has provided tremendous help and encouragement, lots of interesting ideas and insightful advice, without which my Ph.D study and this thesis would not have been possible. His patience, valuable comments and careful proofreading for the thesis is deeply appreciated. Part of my research has been carried out during my visits to the CARAMEL group of INRIA Nancy. I was fortunate to be able to spend a few months working with Paul Zimmermann, from whom I learned much about the subject and to whom I must say thank you. I am also very grateful to Pierrick Gaudry and Emmanuel Thom´efor many suggestions and help. Many thanks go out to Thorsten Kleinjung, Peter Montgomery, Jason Papadopoulos and Herman te Riele for various discussions and instructions regarding the number field sieve, either face-to-face or via email. Many people in the Mathematical Sciences Institute (MSI) and the Research School of Computer Science (RSCS) of the Australian National University (ANU) assisted and encouraged me in various ways during my studies. I am particularly grateful to J¨org Arndt, Markus Hegland, Chin Khoo, Paul Leopardi, Weifa Liang, Jiakun Liu, Brendan Mckay, Sudi Mungkasi, Judy-anne Osborn, Srinivasa Subramanya Rao, Alistair Rendell, Peter Strazdins, Vikram Sunkara and Bin Zhou for various discussions and chatting; Nick Guoth, Joshua Rich and Warren Yang for helping me play around with the cluster.
  • Integer Factorization with the General Number Field Sieve

    Integer Factorization with the General Number Field Sieve

    Viet Pham Hoang INTEGER FACTORIZATION WITH THE GENERAL NUMBER FIELD SIEVE Rovaniemen ammattikorkeakoulun julkaisusarja B 12 Rovaniemi University of Applied Sciences School of Technology Degree Programme in Information Technology Thesis INTEGER FACTORIZATION WITH THE GENERAL NUMBER FIELD SIEVE Pham Hoang Viet 2008 Rovaniemi University of Applied Sciences Publications Jokiv¨ayl¨a11C 96300 Rovaniemi Finland tel. +358 20 798 4000 www.ramk.fi/julkaisutoiminta julkaisut@ramk.fi ISSN: 1239-7733 ISBN: 978-952-5153-77-4 (vol) ISBN: 978-952-5153-78-1 (PDF) Rovaniemi University of Applied Sciences Publication Serie B no. 12 c RAMK University of Applied Sciences Rovaniemi 2008 Tornion kirjapaino Abstract Since Fermat’s work on integer factorization, the mathematical commu- nity has experienced substantial research and improvements following his method of decomposing integers. This mathematical aspect has nowadays been utilized in a number of applications, such as in testing the security level of several encryption methods like the RSA algorithm. As the latest achieve- ment, the General Number Fields Sieve (GNFS) has recently been recognized as the fastest algorithm of this kind that is being used for factoring integers of size up to 800 bits in length. Considering the topic of this thesis, it concentrates on explaining the most significant details necessary for understanding and implementing the GNFS. In particular, it exploits the fact that this algorithm is a sieve-like process which factors general form integers using a variety of results from the number field theory. In this aspect, the thesis firstly addresses the underlying principle as well as many other important concepts used for constructing the GNFS.
  • Number Field Sieve with Provable Complexity

    Number Field Sieve with Provable Complexity

    Number Field Sieve with provable complexity Barry van Leeuwen Supervisor: Dr. A.R. Booker Chair: Dr. T. Dokchitser (University of Bristol) Examiners: Dr. J. Bober (University of Bristol) Dr. S. Siksek (University of Warwick) A dissertation submitted to the University of Bristol in accordance with the requirements for award of the degree of Master of Science by Research in Mathematics at the Faculty of Science arXiv:2007.02689v2 [math.NT] 11 Jul 2020 School of Mathematics July 14, 2020 Word count: 28557 Abstract In this thesis we give an in-depth introduction to the General Number Field Sieve, as it was used by Buhler, Lenstra, and Pomerance, [17], before looking at one of the modern developments of this algorithm: A randomized version with provable complexity. This version was posited in 2017 by Lee and Venkatesan, [14], and will be preceded by ample material from both algebraic and analytic number theory, Galois theory, and probability theory. Page 1 of 114 Dedication and Acknowledgements I want to thank Dr. Andrew Booker, who as my supervisor managed to find what I needed even though it may not have been what I wanted. I also want to thank Dr. James Milne, Dr. Florian Bouyer, and Dr. Lynne Walling for providing some of the material used. I also want to thank Dr. Dan Fretwell, who helped me find my footing when I just started (which feels very long ago) and my mother, Cokky van Leeuwen, who with her sorcery managed to find typos that I could not. To my wife, Sarah van Leeuwen, who with her continued support and motivation made possible what I thought impossible.
  • Implementation of the Quadratic Sieve

    Implementation of the Quadratic Sieve

    Page 1 of 28 Implementation of the Quadratic Sieve Mark Gordon Cryptography 475 November 30th, 2008 Introduction Finding the factorization of a number, n, is a computationally difficult problem that is at the heart of the security of the RSA encryption algorithm. The naïve solution, trial division, takes O(sqrt(n)) time and is ineffective for even moderately large n. The quadratic sieve offers an improvement on this algorithm and is currently the second asymptotically fastest algorithm for factoring integers. In this paper I present my implementation of the quadratic sieve and its results. The Quadratic Sieve The main idea behind the quadratic sieve is that if we have a and b such that a2=b2 (mod n) then we have a2-b2=n (mod n) which can be re-written as (a-b)(a+b)=n (mod n). Therefore we can take either a-b or a+b and test if it contains a non trivial factor of n using the Euclidean algorithm. One idea to find perfect squares is to find pairs (x, Q(x)), where Q(x) is x2-n (different polynomials are possible), and test if Q(x) is a perfect square. Note that x2=Q(x) mod n so if Q(x) happens to be a perfect square we have a congruence of squares which will allow us to factor n. Finding Squares Unfortunately there are very few x such that Q(x) will be a perfect square. An improvement on this concept would be to try and combine pairs (x, Q(x)) and (y, Q(y)) to yield (xy, Q(x)Q(y)).