Prime Factoring Algorithms - PowerPoint PPT Presentation

1 / 17

About This Presentation

Title:

Prime Factoring Algorithms

Description:

Number of Views:344

Avg rating:3.0/5.0

Slides: 18

Provided by: gurka2

Category:

Tags: algorithms | factoring | pollard | prime

Transcript and Presenter's Notes

Title: Prime Factoring Algorithms

1
Prime Factoring Algorithms

2
Outline

3
Background and Motivation

The problem of finding the prime factors of large
composite numbers has always been of mathematical
interest
Factoring numbers is what is called a HARD task
With the advent of public key cryptosystems it is
also of practical importance.(For example RSA)

4
Trial Division Algorithm

Often called the naive method of factoring
Trial division works by dividing the modulus by
numbers between two and its square-root. If there
is no remainder,the number is the factor of the
modulus.
This method is good for relatively small moduli,
usually below ten thousand or up to one million
on a very fast machine

5
Trial Division Continue

The simplest version of this algorithm is brute
force trial division
Every number between two and the square-root of
the modulus is tried.
Some heuristics are applied to the algorithm such
as only trying odd numbers,only using prime
numbers.

6
Problems with Trial Division

The main deficiency of this algorithms is its
speed.
Without any heuristics, this algorithm requires
the maximum number of operations for
factorization and uses division, an operation
that is very costly on any computer architecture
Even when optimized, division is still used, and
the algorithms will still be slow because of its
dependence on division

7
Probabilistic Algorithms

Probabilistic algortihms work on the principal
that not finding a factor with a probability
greater than zero will take a fraction of time it
would to take to find a factor with complete
certainty.
Every time the algorithm is run, it multiples the
overall certainty of not finding a factor by the
ceratinty of running it once, decreasing the
certainty even more

8
Probabilistic Algorithm Continue

Let probability p of not finding a factor, if it
is n/m time to run, (n is the run time of the
deterministic version and m is some constant)
then if the algorithm is rum m/2 times, it will
find a factor in n/2 time with probability with
1-p(m/2).
If p is somewhat small and m is somewhat large,
after m/2 operations or m/c operations where c is
bigger than two, it is possible to get a speedup
of some constant when the algorithm works with
certainty that is very high.

9
Problems with Probabilistic Algorithms

It is not deterministic, so it will not work all
of the time
This is acceptable because the probability of the
failure can be set to whatever tolerance is
allowable.
If there are multiple parts of the algorithm that
are probabilistic, determining a good balance
between them is very hard.
It is difficult to give a value to a
probabilistic algorithm that fails to find a
factor for a ceratin run.

10
Geometric Algorithms

This is a large class of algorithms based on a
mixture of algebra,number theory, and geometry.
The premise behind this algorithm is that some
functions under the real numbers reduced modulo a
number can form a group under an operation as
long as there is closure, an identity element,
and inverse elements for each member.
Certain functions such as the ray function and
the function that measure elliptical curve
arc-length are groups under certain operations

11
Geometric Algorithms Continue

12
Problems with Geometric Algorithms

They are difficult to implement, especially in an
optimal way.
Since the group operation requires finding a
point on the graph given two previous points, it
is usually necessary to do some complicated
calculations based upon high order functions
Despite this, optimized geometric algorithms are
some of the fastest known factoring methods

13
Number Sieving Algorithms

Number sieving is based upon the elimination of
multiple numbers for each factor that is tried.
If a number is not a factor of the modulus, it
implies that other numbers are not factors
either for each non-factor found, other
non-factors can be eliminated in some ways.
The sieve of Eratosthenes and the quadratic-sieve
do this using linear and quadratic functions of
non-factors, respectively.
This cuts down the number of trials by a linear
amount.

14
Number Sieving Continue

15
Problems with Number Sieving

It is very difficult to implement and has still
not been proven to work for all numbers
Thus, the only truely efficient number sieve is
not one that can be readily used

16
Running Time Analysis of Prime Factoring
Algorithms

Most useful factorisation algorithms fall into
one of the two classes
The run time depends mainly on the size of N, the
number being factored, and is not strongly
dependent on the size of the factor found.
Examples of this group Lehmans Algorithm which
has a rigorous worst-case run time bound O(N1/3)
Shankss SQUFOF algorithm which has expected run
time O(N1/4)
Multiple Polynomial Quadratic Sieve Algorithm
which under plausible assumptions have expected
run time O(exp(c(logNloglogN)1/2)) where c is a
constant(depending on the details of the
algorithm)

17
Running Time Analysis Continue

The run time depends mainly on the size of f, the
factor found. (We can assume that flt N1/2)
The examples are
The trial division algorithm, which has run time
O(f.(logN)2)
The Pollard rho algorithm which under plausible
assumptions has expected run time O(f1/2.
(logN)2)
Lenstras Elliptic Curve Method which under
plausible assumptions has expected run time
O(exp(c(loglogf)1/2). (logN)2) where c is a
constant
In these examples the term . (logN)2 is a
generous allowance for the cost of performing
arithmetic operations on numbers of size O(N) or
O(N2 ) and could theoritically replaced by
(logN)e1 for any egt0