Congruence of squares

Congruence of squares

In number theory, a congruence of squares is a congruence commonly used in integer factorization algorithms.

Derivation

Given a positive integer n, Fermat's factorization method relies on finding numbers x, y satisfying the equality

x^2 - y^2 = n\,\!

We can then factor n = x2 − y2 = (x + y) (x − y). However, this algorithm is slow in practice because we need to search many such numbers, and only a few satisfy this strict equation. However, n can also be factored if we satisfy the weaker congruence of squares

x^2 \equiv y^2 \pmod{n} \hbox{ , } x \not\equiv \pm y \pmod{n}.

From here we easily deduce

x^2 - y^2 \equiv 0 \pmod{n} \hbox{ , } (x + y)(x - y) \equiv 0 \pmod{n}

This means that n divides (x + y) (x − y). However we have required that x ≠ ±y (mod n), so n divides neither (x+y) nor (x−y) alone. Thus (x+y) and (x−y) each contain proper factors of n. Computing the greatest common divisors of (x + yn) and of (x − yn) will give us these factors; this can be done quickly using the Euclidean algorithm.

Congruences of squares are extremely useful in integer factorization algorithms. This congruence is extensively used in, for example, the quadratic sieve, general number field sieve, continued fraction factorization, Dixon's factorization, and so on. Conversely, because finding square roots modulo a composite number is probabilistic polynomial-time equivalent to factoring that number, any integer factorization algorithm can be used to efficiently identify a congruence of squares.

Example

We take n = 35. We find that

\textstyle 6^2 = 36 \equiv 1 \equiv 1^2 \pmod{n}.

We can thus factor 35 as gcd(6 − 1, 35) = 5 and gcd(6 + 1, 35) = 7.

Further generalizations

We can also use factor bases to help us find congruences of squares more quickly. Instead of looking for \textstyle x^2 \equiv y^2 \pmod{n} from the outset, we find many \textstyle x^2 \equiv y \pmod{n} where the y have small prime factors, and try to multiply a few of these together to get a square on the right-hand side.


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Congruence — is the state achieved by coming together, the state of agreement. The Latin congruō meaning “I meet together, I agree”. As an abstract term, congruence means similarity between objects. Congruence, as opposed to equivalence or approximation, is a …   Wikipedia

  • Congruence de carrés — En arithmétique modulaire, une congruence de carrés modulo un entier n est une équation de la forme Utilisation Une telle équation apporte des informations utiles pour essayer de factoriser l entier n. En effet, Ceci veut dire que n divise le… …   Wikipédia en Français

  • Proofs of Fermat's theorem on sums of two squares — Fermat s theorem on sums of two squares asserts that an odd prime number p can be expressed as: p = x^2 + y^2with integer x and y if and only if p is congruent to 1 (mod 4). The statement was announced by Fermat in 1640, but he supplied no proof …   Wikipedia

  • Matrix congruence — In mathematics, two matrices A and B over a field are called congruent if there exists an invertible matrix P over the same field such that PTAP = B where T denotes the matrix transpose. Matrix congruence is an equivalence relation. Matrix… …   Wikipedia

  • Quadratic sieve — The quadratic sieve algorithm (QS) is a modern integer factorization algorithm and, in practice, the second fastest method known (after the general number field sieve). It is still the fastest for integers under 100 decimal digits or so, and is… …   Wikipedia

  • Quadratic residue — In number theory, an integer q is called a quadratic residue modulo n if it is congruent to a perfect square modulo n; i.e., if there exists an integer x such that: Otherwise, q is called a quadratic nonresidue modulo n. Originally an abstract… …   Wikipedia

  • Dixon's factorization method — In number theory, Dixon s factorization method (also Dixon s random squares method[1] or Dixon s algorithm) is a general purpose integer factorization algorithm; it is the prototypical factor base method, and the only factor base method for which …   Wikipedia

  • List of mathematics articles (C) — NOTOC C C closed subgroup C minimal theory C normal subgroup C number C semiring C space C symmetry C* algebra C0 semigroup CA group Cabal (set theory) Cabibbo Kobayashi Maskawa matrix Cabinet projection Cable knot Cabri Geometry Cabtaxi number… …   Wikipedia

  • List of number theory topics — This is a list of number theory topics, by Wikipedia page. See also List of recreational number theory topics Topics in cryptography Contents 1 Factors 2 Fractions 3 Modular arithmetic …   Wikipedia

  • Factor base — In computational number theory, the factor base is a mathematical tool commonly used in, as its name suggests, integer factorization algorithms, more specifically algorithms involving extensive sieving of potential factors. Usage The factor base… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”