mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   Number Theory Discussion Group (https://www.mersenneforum.org/forumdisplay.php?f=132)
-   -   alternative 2nd stage of p-1 factoring algorithm (https://www.mersenneforum.org/showthread.php?t=26021)

jshort 2020-09-30 02:11

alternative 2nd stage of p-1 factoring algorithm
 
Suppose we're factoring an integer via the p-1 method and we've already completed the first stage ie. [TEX]L = a^{B!} mod(n)[/TEX] where [TEX]n[/TEX] is the composite we wish to factor.

In the 2nd stage, we assume that there is one prime factor remaining [TEX]q > B[/TEX] and go on to compute [TEX]L^{p}[/TEX] for various prime integers.

If [TEX]q-1[/TEX] is fairly smooth, would it not be more worthwhile to consider the set [TEX](L^{2^{b!}}, L^{3^{b!}}, L^{4^{b!}},. . .,L^{a^{b!}})[/TEX] for some considerably smaller integer [TEX]b < B[/TEX] and then compute [TEX]gcd(L^{i^{b!}} - L^{j^{b!}},n)[/TEX] for all [TEX]1 < i < j < a[/TEX]?

Keep in mind that we can perform another kind of "2nd stage" on this as well. ie assume that [TEX]b![/TEX] captures most of the prime factors of [TEX]q-1[/TEX] and then use a 2nd stage (3rd stage?) by computing [TEX](L^{2^{p(b!)}}, L^{3^{p(b!)}}, L^{4^{p(b!)}},. . . ,L^{a^{p(b!)}})[/TEX] for various primes [TEX]p > b[/TEX] and again computing [TEX]gcd(L^{i^{p(b!)}} - L^{j^{p(b!)}},n)[/TEX] for all [TEX]1 < i < j < a[/TEX].

bhelmes 2020-09-30 17:38

A peaceful night for you,


you are right, but this is not really new for me.


You can transform the polynom for pollard rho in a 2x2 matrix
and calculate the 2x2 matrix with fast exponentation for the

primes < 10^9 for example.


You can use a subgroup either a vektor consisting of a pythagoraic triple
either a vektor base on the pell equation.


Nevertheless it is either a p-1 or a p+1 test,


I think with 40 digits it will go.


But elliptic curves are better because of its various group structure.


Nice greetings from the factoring part :hello: :cmd: :whistle:

Bernhard

jshort 2020-09-30 20:05

What your describing is something completely different altogether and it isn't the Pollard rho factoring algorithm;

This is the Pollard-rho factoring algorithm;

rho(n)=
{
local(x,y);

x=2; y=5;
while(gcd(y-x,n)==1,
x=(x^2+1)%n;
y=(y^2+1)%n; y=(y^2+1)%n
);
gcd(n,y-x)
}

jshort 2020-10-01 20:15

[QUOTE=jshort;558295]Suppose we're factoring an integer via the p-1 method and we've already completed the first stage ie. [TEX]L = a^{B!} mod(n)[/TEX] where [TEX]n[/TEX] is the composite we wish to factor.

In the 2nd stage, we assume that there is one prime factor remaining [TEX]q > B[/TEX] and go on to compute [TEX]L^{p}[/TEX] for various prime integers.

If [TEX]q-1[/TEX] is fairly smooth, would it not be more worthwhile to consider the set [TEX](L^{2^{b!}}, L^{3^{b!}}, L^{4^{b!}},. . .,L^{a^{b!}})[/TEX] for some considerably smaller integer [TEX]b < B[/TEX] and then compute [TEX]gcd(L^{i^{b!}} - L^{j^{b!}},n)[/TEX] for all [TEX]1 < i < j < a[/TEX]?

Keep in mind that we can perform another kind of "2nd stage" on this as well. ie assume that [TEX]b![/TEX] captures most of the prime factors of [TEX]q-1[/TEX] and then use a 2nd stage (3rd stage?) by computing [TEX](L^{2^{p(b!)}}, L^{3^{p(b!)}}, L^{4^{p(b!)}},. . . ,L^{a^{p(b!)}})[/TEX] for various primes [TEX]p > b[/TEX] and again computing [TEX]gcd(L^{i^{p(b!)}} - L^{j^{p(b!)}},n)[/TEX] for all [TEX]1 < i < j < a[/TEX].[/QUOTE]

I know its bad form to write answers to your own question. To be honest I don't have a straightforward answer as to whether or not this way of conducting a 2nd-stage to the p-1 method is faster than the standard way.

However I also think that we can easily implement both.

25% of all prime integers have the form [TEX]1 + 12k[/TEX]. This can be proved using Dirichlet's theorem on arithmetic progressions -

[url]https://en.wikipedia.org/wiki/Dirichlet's_theorem_on_arithmetic_progressions[/url]

Thus we could set the [TEX]b = 4! / 2 = 12[/TEX] and compute [TEX](L^{2^{12p}}, L^{3^{12p}}, L^{4^{12p}},. . . ,L^{a^{12p}})[/TEX] for various primes [TEX]p[/TEX] up to some limit. Most programs search for primes [TEX]100 < p < 1000[/TEX] in the 2nd stage of the p-1 test. If we did the same here and if we're only checking for primes of the form [TEX]1 + 12k[/TEX] in the range [TEX](100,1000)[/TEX]than [TEX]p[/TEX] would only have to be a prime up in the range [TEX](11,83)[/TEX].

One thing I should mention is that obviously you'd want to start at 11 and then work your way up since just as in the standard 2nd stage of the test, you can use previous terms to save time in computing future terms.

For example, let [TEX]T_{11} = (L^{2^{11(12)}}, L^{3^{11(12)}}, L^{4^{11(12)}},. . . ,L^{a^{11(12)}}) = (s_{1}, s_{2}, . . . , s_{a})[/TEX].

Then [TEX]T_{13} = (s_{1}^{2^{12(13-11)}}, s_{2}^{3^{12(13-11)}}, . . . , s_{a}^{a^{12(13-11)}}[/TEX] and so on.

As for the other 75% of the primes in the range [TEX](100,1000)[/TEX], we could either run this same alternative 2nd stage as we just did. However if this proves to be slower, we can just use the standard 2nd stage that is commonly used to check the remaining primes individually.


All times are UTC. The time now is 04:27.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.