Shanks' square forms factorization

Shanks' square forms factorization

Shanks' square forms factorization is a method for integer factorization, which was devised by Daniel Shanks as an improvement on Fermat's factorization method.

The success of Fermat's method depends on finding integers "x", and "y" such that "x"2 − "y"2 = "N", where "N" is the integer to be factored, and a possible improvement (noticed by Kraitchik), is to look for integers "x" and "y" such that x^2equiv y^2 pmod{N}. Finding a pair ("x","y") does not guarantee a factorization of "N", but it implies that "N" is a factor of "x"2 − "y"2 = ("x"-"y")("x"+"y"), and there is a good chance that the prime divisors of "N" are distributed between these two factors, so that calculation of the highest common factor of "N" and "x"-"y" will give a non-trivial factor of "N".

A practical algorithm for finding pairs ("x","y") which satisfy x^2equiv y^2 pmod{N} was developed by Shanks and was named "Square Forms Factorization" or "SQUFOF". The algorithm can be couched either in terms of continued fractions or in terms of quadratic forms, and although there are now much more efficient factorization methods available, SQUFOF has the advantage that it is small enough to be implemented on a programmable calculator.

Algorithm

Input: "N", the integer to be factored, which must be neither a prime number nor a perfect square.

Output: a non-trivial factor of "N".

The algorithm:

Initialize P_0=lfloorsqrt{N} floor,Q_0=1,Q_1=N-P_0^2

Repeat

b_i=leftlfloorfrac{lfloorsqrt{N} floor+P_{i-1{Q_i} ight floor,P_i=b_iQ_i-P_{i-1},Q_{i+1}=Q_{i-1}+b_i(P_{i-1}-P_i)

until Q_i is a perfect square.

Initialize b_0=leftlfloorfrac{lfloorsqrt{N} floor-P_{i-1{sqrt{Q_i ight floor,P_0=b_0sqrt{Q_i}+P_{i-1},Q_0=sqrt{Q_i},Q_1=frac{N-P_0^2}{Q_0}

Repeat

b_i=leftlfloorfrac{lfloorsqrt{N} floor+P_{i-1{Q_i} ight floor,P_i=b_iQ_i-P_{i-1},Q_{i+1}=Q_{i-1}+b_i(P_{i-1}-P_i)

until P_{i+1}=P_i.

Then gcd(N,P_i) is a non-trivial factor of N. Shanks' method has time complexity O(sqrt [4] {N}).

Stephen S. McMasters (see link in External Link section) wrotea more detailed discussion of the mathematics of Shanks' method,together with a proof of its correctness.

Example

N = 11111

P0 = 105 Q0 = 1 Q1 = 86

P1 = 67 Q1 = 86 Q2 = 77

P2 = 87 Q2 = 77 Q3 = 46

P3 = 97 Q3 = 46 Q4 = 37

P4 = 88 Q4 = 37 Q5 = 91

P5 = 94 Q5 = 91 Q6 = 25

Here Q6 is a perfect square

P0 = 104 Q0 = 5 Q1 = 59

P1 = 73 Q1 = 59 Q2 = 98

P2 = 25 Q2 = 98 Q3 = 107

P3 = 82 Q3 = 107 Q4 = 41

P4 = 82

Here P3 = P4

gcd(11111, 82) = 41, which is a factor of 11111.

References

*cite book | author = D. A. Buell | title = Binary Quadratic Forms | publisher = Springer-Verlag | year = 1989 | id=ISBN 0-387-97037-1
*cite book | author = D. M. Bressoud | title = Factorisation and Primality Testing | publisher = Springer-Verlag | year = 1989 | id=ISBN 0-387-97040-1

External links

* [http://cadigweb.ew.usna.edu/~wdj/mcmath/TridentFinal.pdf 2005, Stephen S. McMath]


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Daniel Shanks — Born January 17, 1917(1917 01 17) Chicago, Illinois Died …   Wikipedia

  • Integer factorization — In number theory, integer factorization is the way of breaking down a composite number into smaller non trivial divisors, which when multiplied together equal the original integer.When the numbers are very large, no efficient integer… …   Wikipedia

  • Dixon's factorization method — In number theory, Dixon s factorization method (also Dixon s random squares method[1] or Dixon s algorithm) is a general purpose integer factorization algorithm; it is the prototypical factor base method, and the only factor base method for which …   Wikipedia

  • Continued fraction factorization — In number theory, the continued fraction factorization method (CFRAC) is an integer factorization algorithm. It is a general purpose algorithm, meaning that it is suitable for factoring any integer n, not depending on special form or properties.… …   Wikipedia

  • List of mathematics articles (S) — NOTOC S S duality S matrix S plane S transform S unit S.O.S. Mathematics SA subgroup Saccheri quadrilateral Sacks spiral Sacred geometry Saddle node bifurcation Saddle point Saddle surface Sadleirian Professor of Pure Mathematics Safe prime Safe… …   Wikipedia

  • Binäre quadratische Form — Eine binäre quadratische Form (in diesem Artikel oft kurz nur Form genannt), ist in der Mathematik eine quadratische Form in zwei Variablen x,y, also ein Polynom der Gestalt , wobei a,b,c die Koeffizienten der Form sind. Die Form f mit schreibt… …   Deutsch Wikipedia

  • Quadratic sieve — The quadratic sieve algorithm (QS) is a modern integer factorization algorithm and, in practice, the second fastest method known (after the general number field sieve). It is still the fastest for integers under 100 decimal digits or so, and is… …   Wikipedia

  • Discrete logarithm — In mathematics, specifically in abstract algebra and its applications, discrete logarithms are group theoretic analogues of ordinary logarithms. In particular, an ordinary logarithm loga(b) is a solution of the equation ax = b over the… …   Wikipedia

  • Computational number theory — In mathematics, computational number theory, also known as algorithmic number theory, is the study of algorithms for performing number theoretic computations. The best known problem in the field is integer factorization. See also Computational… …   Wikipedia

  • Sieve of Eratosthenes — Sieve of Eratosthenes: algorithm steps for primes below 121 (including optimization of starting from prime s square). In mathematics, the sieve of Eratosthenes (Greek: κόσκινον Ἐρατοσθένους), one of a number of prime number sieves, is a simple,… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”