Integer Factorization with a Neuromorphic Sieve John V. Monaco and Manuel M. Vindiola U.S. Army Research Laboratory Aberdeen Proving Ground, MD 21005 Email: [email protected], [email protected] Abstract—The bound to factor large integers is dominated by to represent n, the computational effort to factor n by trial the computational effort to discover numbers that are smooth, division grows exponentially. typically performed by sieving a polynomial sequence. On a Dixon’s factorization method attempts to construct a con- von Neumann architecture, sieving has log-log amortized time 2 2 complexity to check each value for smoothness. This work gruence of squares, x ≡ y mod n. If such a congruence presents a neuromorphic sieve that achieves a constant time is found, and x 6≡ ±y mod n, then gcd (x − y; n) must be check for smoothness by exploiting two characteristic properties a nontrivial factor of n. A class of subexponential factoring of neuromorphic architectures: constant time synaptic integration algorithms, including the quadratic sieve, build on Dixon’s and massively parallel computation. The approach is validated method by specifying how to construct the congruence of by modifying msieve, one of the fastest publicly available integer factorization implementations, to use the IBM Neurosynaptic squares through a linear combination of smooth numbers [5]. System (NS1e) as a coprocessor for the sieving stage. Given smoothness bound B, a number is B-smooth if it does not contain any prime factors greater than B. Additionally, let I. INTRODUCTION v = e1; e2; : : : ; eπ(B) be the exponents vector of a smooth number s, where s = Q pvi , p is the ith prime, and A number is said to be smooth if it is an integer composed 1≤i≤π(B) i i π (B) is the number of primes not greater than B. With a set of entirely of small prime factors. Smooth numbers play a critical π (B)+1 unique smooth numbers S = s ; s ; : : : ; s , role in many interesting number theoretic and cryptography 1 2 π(B)+1 a perfect square can be formed through some linear combina- problems, such as integer factorization [6]. The presumed 2 Q tion of the elements of S, y = si. The reason for this is difficulty of factoring large composite integers relies on the si2S that there exists at least one linear dependency among a subset difficultly of discovering many smooth numbers in a polyno- of the π (B)+1 exponents vectors that contain π (B) elements mial sequence, typically performed through a process called each. Gaussian elimination or block Lanczos algorithm can be sieving. The detection and generation of smooth numbers used to uncover this linear dependency [4]. remains an ongoing multidisciplinary area of research which Smooth numbers are detected by sieving a polynomial has seen both algorithmic and implementation advances in sequence. Sieving relies on the fact that for each prime p, if recent years [2]. p j f (x) then p j f (x + ip) for any integer i and polynomial This work demonstrates how current and near future neuro- f. To sieve the values f (x), for 0 ≤ x < M, on a von morphic architectures can be used to efficiently detect smooth Neumann architecture, a length M array is initialized to all numbers in a polynomial sequence. The neuromorphic sieve zeros. For each polynomial root r of each prime p in the factor exploits two characteristic properties of neuromorphic archi- base, ln p is added to array locations r+ip for i = 0; 1;::: , M . tectures to achieve asymptotically lower bounds on smooth p This step can be performed using low precision arithmetic, number detection, namely constant time synaptic integration such as with integer approximations to ln p. After looping and massively parallel computation. Sieving is performed by through each prime in the factor base, array values above a a population of leaky integrate-and-fire (LIF) neurons whose certain threshold will correspond to polynomial values that dynamics are simple enough to be implemented on a range of arXiv:1703.03768v2 [cs.NE] 23 Apr 2018 are smooth with high probability2. This process is referred to current and future architectures. Unlike the traditional CPU- hereafter as CPU-based sieving. based sieve, the factor base is represented in space (as spiking Due to errors resulting from low precision arithmetic, some neurons) and the sieving interval in time (as successive time of the array values above the threshold will end up being not steps). Integer factorization is achieved using a neuromorphic smooth and some values that are smooth will remain below the coprocessor for the sieving stage, alongside a CPU. threshold. The threshold controls a tradeoff between the false positive rate (FPR) and false negative rate (FNR), from which II. INTEGER FACTORIZATION a receiver operating characteristic (ROC) curve is obtained. Integer factorization is presumed to be a difficult task when Since the actual factorizations are lost after sieving, the smooth the number to be factored is the product of two large primes. candidates must subsequently be factored over F, which also Such a number n = pq is said to be a semiprime1 for primes serves as a definite check for smoothness. Factoring a number p and q, p 6= q. As log2 n grows, i.e., the number of bits with small prime factors can be done efficiently, and this effort 1Not to be confused with pseudoprime, which is a probable prime. 2By exploiting the fact that ln ab = ln a + ln b. 2 2 3 3 2 2 can be neglected as long as there are not too many false 20 30 32 33 35 33 314 51 54 516 524 positives [1]. The quadratic sieve [5] detects smooth numbers of the form p 2 f (x) = x + d ne − n (1) 2 3 2 where x = − M ;:::; M −1. The factor base F contains primes ln 2 ln 3 ln 3 ln 3 ln 5 ln 5 2 2 p up to B such that n is a quadratic residue modulo p, i.e., r2 ≡ n mod p for some integer r. This ensures that each Excitatory prime in the factor base (with the exception of 2) has two S(t) Inhibitory modular roots to the equation f (x) ≡ 0 mod p, increasing Fig. 1: Example neuromorphic sieve network. Top layer con- the probability that p j f (x). If F contains b primes, then at tains tonic spiking neurons; middle layer selects the highest least b+1 smooth numbers are needed to form the congruence prime power; bottom layer performs the test for smoothness. of squares. It is the sieving stage of the quadratic sieve that is the focus of this work. Sieving comprises the bulk of the computational structure (Figure 1). The top layer contains tonic spiking neu- effort in the quadratic sieve and the relatively more complex rons for each prime in the factor base as well as prime powers, number field sieve (NFS) [1]. On a von Neumann architecture, up to the magnitude of the polynomial. The middle layer 1 P 2 sieving requires at least 2 M + M p2Fn2 p memory updates selects the highest prime power that divides the polynomial where F n 2 is the set of factor base primes excluding 2. value. The bottom layer contains a single neuron that performs Given likelihood u−u of any single polynomial value being a test for smoothness by integrating the log-weighted factors. smooth, where u = 1 ln n , an optimal choice of B is The middle and bottom layers are stateless, while the dynamics p 2 ln B exp 1 ln n ln ln n [1]. This yields a total runtime of B2, in the top layer encode successive polynomial values. 2 For each modular root r of each prime power pe (including where the amortized time to sieve each value in the interval factor base primes, for which e = 1), designate a neuron is ln ln B. that will spike with period pe and phase r (Figure 1, top layer, given by pe, where subscripts denote the modular root). III. NEUROMORPHIC SIEVE r Due to the equivalence between t and f (x), this neuron will The neuromorphic sieve represents the factor base in space, spike only when pejf (x). It is also the case that if pejf (x) as tonic spiking neurons, and the sieving interval in time then pejf (x + ipe) for any integer i, thus only tonic spiking through a one-to-one correspondence between time and the behavior for each modular root is required. polynomial sequence. Let t ≡ (x − xmin), where t is time, x The tonic spiking neurons are connected through excitatory is the sieving location that corresponds to t, and xmin is the synapses to a postsynaptic neuron that spikes if either modular e first sieving value. Then polynomial values can be calculated root spikes, i.e., if p jf (x) for modular roots r1 and r2 of e by f (x) = f (t + xmin). Each tonic neuron corresponds to a prime p (Figure 1, middle layer). Using a LIF neuron model, prime (or a power of a prime) in the factor base and spikes this behavior is achieved using synapse weights of the same only when it divides the current polynomial value. If enough magnitude as the postsynaptic neuron threshold. Inhibitory neurons spike at time t, then f (x) is likely smooth since each connections are formed between the prime powers in the top neuron represents a factor of f (x). This formulation reverses layer and lower prime powers in the middle layer so that higher the roles of space and time from the CPU-based sieve, in which powers suppress the spiking activity of the lower powers.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages4 Page
-
File Size-