integer factorization
DESCRIPTION
Integer Factorization. By: Josh Tuggle & Kyle Johnson. What Is It?. Integer Factorization - T he decomposition of a composite number into its primes. Not much of an actual problem until the number becomes very large. No efficient algorithm exists yet. Goal: Factor in polynomial time. - PowerPoint PPT PresentationTRANSCRIPT
Integer Factorization
By:Josh Tuggle & Kyle Johnson
What Is It?
• Integer Factorization - The decomposition of a composite number into its primes.
• Not much of an actual problem until the number becomes very large.
• No efficient algorithm exists yet.• Goal: Factor in polynomial time.
What Is It?
• Hardest instance for I.F.: semiprimes.– Product of two prime numbers.
• An algorithm that can efficiently factor any integer would compromise RSA Cryptography.
Statistics
• Sept. 1993 – April 1994: RSA-129 becomes first large distributed factorization.
• Jan – Aug. 1999: RSA-155 is factored using GNFS.• April 2003: RSA-160 factored using 100 CPUs.• Dec. 2003 – May 2005: RSA-200 factored using 80
Opteron processors in Germany.• Dec. 2009: RSA-768 becomes largest semiprime
factored (232 digits) after two years and the equivalent of 2000 years of processing.
Running Time
• There are many bounds on this problem based on what is known about the integer to be factored.
• The algorithm with the best running time is the General Number Field Sieve:
• However, there is an algorithm out there that has a better factoring time, with a major difference.
Running Time
• Shor’s Algorithm currently has the best runtime for this problem: O((log N)3).– N is the input’s size.
• Only works with a quantum computer.
Algorithms
• There exists multiple algorithms for this particular problem.
• Which one to use depends on what is known about the input.
• These algorithms can be grouped into two classes: Special-Purpose and General-Purpose.
Special-Purpose (Category 1)
• These algorithms’ runtimes depend on the size of the smallest prime factor.
• General procedure is to use these algorithms on an integer first to remove the more manageable factors.
• Examples: Trial Division, Wheel Factorization, Euler’s factorization method.
Trial Division
• Requires most work, but easiest to understand.
• Given an integer n:– Start at 2– Move up number line towards n.– Divide n by each number– Check if the number went into n with no remainders– Repeat until all factors are prime.
General-Purpose (Category 2)
• The runtime for these algorithms depends only on the size of the integer being factored.
• RSA numbers are factored using algorithms in this class.
• Examples: Dixon’s Algorithm, Shank’s Square Forms Factorization, General Number Field Sieve.
General Number Field Sieve (GNFS)
• Arbitrarily select two polynomials f(x) and g(x) that must fit several conditions.– Small degrees d and e.– Integer coefficients– Irreducible over rationals–Must yield same integer root when modded by the
initial number n.
General Number Field Sieve (GNFS)
• Subject the two polynomials to number field rings to find values of two integers a and b that satisfy:– r = bdf(a/b) and s = beg(a/b)– r and s must be numbers that factor into primes only.
• Homomorphisms are then used to find two values x and y such that x2 – y2 is divisible by n.
• These values are used to find a factor of n by taking the gcd of n and x – y.
Shor’s Algorithm
• Algorithm developed by Peter Shor in 1994.• Can factor in polynomial time, but requires a
quantum computer.• Placed in complexity class BQP– Bounded-Error Quantum Polynomial Time
Shor’s Process
• The algorithm consists of two key parts:– A change of the problem from factoring to order-
finding.– Solving the order-finding problem.
• The problem change portion can be done on a traditional computer, but the order-finding portion requires a quantum computer.
Traditional Half
• Pick a random integer a that is less than N, the integer being factored.
• Find the gcd of the two integers.• If this value isn’t 1, then there is a factor of N,
and the algorithm is finished.• If the value is 1, we must go to the quantum
half of the algorithm.
Quantum Half
• Known as the period-finding subroutine.• Used to find an r value that represents the period of
the function: f(x) = ax mod N.• Quantum circuits used are custom made for each (a,
N) pair.• r cannot be odd and ar/2 and -1 cannot be congruent
modulo N.• If these conditions are both met, then gcd(ar/2 ± 1, N)
is a nontrivial factor of N and the algorithm finishes.
Quantum Half
• Heavily depends on a quantum computer’s superposition property.
• Evaluates the function at all points simultaneously.
• The algorithm’s runtime (O(log N)3) stems from Shor solving three quantum problems in O(log N) time each.– Superposition, function as a quantum transform,
and quantum Fourier transform.
Questions?