prime factorization implementations in a functional language

Prime factorization implementations in a functional language

Introduction

Goal: Get a better understanding of

the implementation and application of different factorization algorithms (Fermat’s, Pollard’s rho, Quadratic sieve, Elliptic curve)

Introduction

Fermat’salgorithm

Pollard’s rhoalgorithm

Elliptic curvefactorization

Summary

Fermat’s algorithm

Observation: All composite numbers can

be written as the difference between two squared numbers, i.e.

Introduction

Fermat’salgorithm



Summary

q)½(pq)½(ppqn


Algorithm:1. Assume n is an odd number

(otherwise, factor out 2 until is odd).2. Define ,3. Iteratively find .

If is a square , then and are factors of .

If then stop and report as a prime.

nr ceiling1

Introduction

Fermat’salgorithm



Summary

nrm ii 2

ims sri sri

n

2

1n

ri

n1:1 1 ii rri

n


Is the algorithm correct?Does it terminate?

Introduction

Fermat’salgorithm



Summary


Correctness:The algorithm is correct iff

Assume . Then

2

1;22 n

nceilingrsrn

Introduction

Fermat’salgorithm



Summary

nr

02222 ssnsnn

2

1n

rNow assume . Then

222

2

2

1

2

1

n

ssn

n

Leading to the factor nnn

sr

2

1

2

1


Termination: Termination follows trivially

from the fact that we iterate over a finite range.

Introduction

Fermat’salgorithm



Summary


Code:Introduction

Fermat’salgorithm



Summary

(define (fermat-single n) (let* ((s (get-sqrt n)) (r (cdr s)) (m (- (expt r 2) n)) (r-stop (/ (+ n 1) 2))) (letrec ((iterator (lambda () (if (>= r r-stop) (cons n '()) (begin (set! s (get-sqrt m)) (if (car s) (cons (+ r (cdr s)) (- r (cdr s))) (begin (set! m (+ m (* 2 r) 1)) (set! r (+ r 1)) (iterator)))))))) (if (car s) (cons r r) (iterator)))))


Running times:Introduction

Fermat’salgorithm



Summary

Factorization (Time pr bit)

y = 0,0889e0,5081x

R2 = 0,9169

0

200000

400000

600000

800000

1000000

1200000

1400000

1600000

1800000

0 5 10 15 20 25 30 35

bits(sqrt(n) - Min(x : x > n))

tim

e (

ms

)

Series1

Expon. (Series1)

Pollard’s rho algorithm

Observation: If and are in different

residue class modulo , but in the same class modulo a proper divisor of ,then will result in a proper divisor of .

Introduction

Fermat’salgorithm



Summary

kxjxn

n nxx kj ,gcd n


Algorithm:1. Choose a “random” function2. Define , , ,

and 3. Iteratively find

If then is a factorIf then go to step 1or report as “maybe prime”

Introduction

Fermat’salgorithm



Summary

f20 a 20 b 1 ii afa

1 ii bffb nbad iii ,gcd

nd i ;1 idnd i n

Pollard’s rho algorithmIntroduction

Fermat’salgorithm



SummaryIs the algorithm correct?Does it terminate?


Correctness: Since the range of is

finite,the and values must cycle.It should be clear that cycles twice as fast as , so if we go through a cycle with then , so .If, however, , then is a non-trivial factor of .

Introduction

Fermat’salgorithm



Summary

fia ib

ibia

ia ii ba nnba ii ,gcd nd i ;1 id

n


Termination: Termination follows from

the cycling of the values and guaranteed termination when cycling has happened.

Introduction

Fermat’salgorithm



Summary


Code:(define (pollard-rho-single n) (let ((a 2) (b 2) (c 1)) (letrec ((iterator (lambda () (begin (set! a (modulo (+ (expt a 2) c) n)) (set! b (modulo (+ (expt b 2) c) n)) (set! b (modulo (+ (expt b 2) c) n)) (let ((d (gcd (- a b) n))) (cond ((and (> d 1) (< d n)) (cons d (quotient n d))) ((= d n) (if (= c 2) (cons n '()) (begin (set! a 2) (set! b 2) (set! c (+ c 1)) (iterator)))) (else (iterator)))))))) (iterator))))

Introduction

Fermat’salgorithm



Summary



Fermat’salgorithm



Summary

?The algorithm is too fast

even without optimizationswhen the number has any “small” factors

(smaller than 10 digits).I have had problems finding

enough values to analyse onthat give non-eligible running times,

but are still feasible to factorize.

(It factors 47189479742142798147947497147589257979528526917505641

into3012764903 x 15663180255171340247104404464575395373798447

in 2,5s)



Fermat’salgorithm



Summary

Elliptic curve factorization

Observation:Iteratively applying a group

function to a series of points starting on a random point in a group defined by an elliptic curve modulo the number we are factorizing we will eventually find a generator for the subgroup we iterate over. Using the order of this subgroup, we can determine a factor of n.

Introduction

Fermat’salgorithm



Summary

Elliptic curve factorizationCode:

Introduction

Fermat’salgorithm



Summary

(define (elliptic-curve-single n) (let ((a 1) (p (cons 0 5)) (e 2)) (letrec ((iterator (lambda () (begin (set! p (point-expt p e a)) (set! e (+ e 1)) (if (not (pair? p)) (if (symbol? p) (cons n '()) (cons p (quotient n p))) (iterator)))))) (iterator)))))

Elliptic curve factorizationRunning times:

Introduction

Fermat’salgorithm



Summary

Summary

The following insight was gained through the project

The elliptic curve algorithm is not fast in it’s ”natural form”, but becomes fast as elliptic curve knowledge is applied as optimizations.

The implementation of the sieving process in quadratic sieve is complex and confusing

A better understanding of the implemented algorithms

Introduction

Fermat’salgorithm



Summary

prime factorization implementations in a functional language

Documents

fermats algorithm algorithm

fermats algorithm termination

fermats algorithm observation

fermats algorithm correctness

fermats algorithm code

car s cons r r iterator

introduction goal

expt r