shubham sahai srivastava - cse factorization_ shubham sahai srivastava (iitk) factoring integers...
If you can't read please download the document
Post on 17-Jun-2020
0 views
Embed Size (px)
TRANSCRIPT
Factoring Integers via Diophantine Approximation
Shubham Sahai Srivastava
Indian Institute of Technology, Kanpur
ssahai@cse.iitk.ac.in
January 16, 2014
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 1 / 14
Introduction and Surview
The task of factoring large composite integer N has a long history and is still a challenging problem.
Here, this task is reduced to the following diophantine approximation :
Definition (Problem)
Find atleast t + 2 integer vectors (e1, e2, ...et) ∈ Zt satisfying:
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2 log pt
where, c > 1 and p1, ...pt are first t prime numbers.
Whats next ??
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 2 / 14
Introduction and Surview
The task of factoring large composite integer N has a long history and is still a challenging problem.
Here, this task is reduced to the following diophantine approximation :
Definition (Problem)
Find atleast t + 2 integer vectors (e1, e2, ...et) ∈ Zt satisfying:
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2 log pt
where, c > 1 and p1, ...pt are first t prime numbers.
Whats next ??
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 2 / 14
Introduction and Surview
The task of factoring large composite integer N has a long history and is still a challenging problem.
Here, this task is reduced to the following diophantine approximation :
Definition (Problem)
Find atleast t + 2 integer vectors (e1, e2, ...et) ∈ Zt satisfying:
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2 log pt
where, c > 1 and p1, ...pt are first t prime numbers.
Whats next ??
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 2 / 14
Introduction and Surview
Given these t + 2 diophantine approximations of log N, we can factorize N as follows:
The integer u := ∏
ej>0 p ej j must be close approximation to vN, where
v := ∏
ej 1, β, γ ≥ 0 be fixed and let pt < N. If (e1, ..., et) ∈ Zt satisfies the inequalities
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp β+o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2δ log pt
then we have for u := ∏
ej>0 p ej j , v :=
∏ ej
Introduction and Surview
Given these t + 2 diophantine approximations of log N, we can factorize N as follows:
The integer u := ∏
ej>0 p ej j must be close approximation to vN, where
v := ∏
ej 1, β, γ ≥ 0 be fixed and let pt < N. If (e1, ..., et) ∈ Zt satisfies the inequalities
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp β+o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2δ log pt
then we have for u := ∏
ej>0 p ej j , v :=
∏ ej
Introduction and Surview
Given these t + 2 diophantine approximations of log N, we can factorize N as follows:
The integer u := ∏
ej>0 p ej j must be close approximation to vN, where
v := ∏
ej 1, β, γ ≥ 0 be fixed and let pt < N. If (e1, ..., et) ∈ Zt satisfies the inequalities
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp β+o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2δ log pt
then we have for u := ∏
ej>0 p ej j , v :=
∏ ej
Introduction and Surview
So, we have |u − vN| ≤ p1+o(1)t
Hence, the residue u (mod N) factorizes completely over the primes p1, ..., pt
And we obtain a non-trivial congruence∏ ej>0
p ej j = ±
∏t j=1 p
ej j (mod N).
Given t + 2 of these congruences we compute x , y satisfying x2 = y2
(mod N)
So, we can compute a factor of N as gcd(x+y, N).
This gives us one factor and thus we can reduce N, by divinding N with this factor and continuing till we completely factorize N.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 4 / 14
Introduction and Surview
So, we have |u − vN| ≤ p1+o(1)t Hence, the residue u (mod N) factorizes completely over the primes p1, ..., pt
And we obtain a non-trivial congruence∏ ej>0
p ej j = ±
∏t j=1 p
ej j (mod N).
Given t + 2 of these congruences we compute x , y satisfying x2 = y2
(mod N)
So, we can compute a factor of N as gcd(x+y, N).
This gives us one factor and thus we can reduce N, by divinding N with this factor and continuing till we completely factorize N.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 4 / 14
Introduction and Surview
So, we have |u − vN| ≤ p1+o(1)t Hence, the residue u (mod N) factorizes completely over the primes p1, ..., pt
And we obtain a non-trivial congruence∏ ej>0
p ej j = ±
∏t j=1 p
ej j (mod N).
Given t + 2 of these congruences we compute x , y satisfying x2 = y2
(mod N)
So, we can compute a factor of N as gcd(x+y, N).
This gives us one factor and thus we can reduce N, by divinding N with this factor and continuing till we completely factorize N.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 4 / 14
Introduction and Surview
So, we have |u − vN| ≤ p1+o(1)t Hence, the residue u (mod N) factorizes completely over the primes p1, ..., pt
And we obtain a non-trivial congruence∏ ej>0
p ej j = ±
∏t j=1 p
ej j (mod N).
Given t + 2 of these congruences we compute x , y satisfying x2 = y2
(mod N)
So, we can compute a factor of N as gcd(x+y, N).
This gives us one factor and thus we can reduce N, by divinding N with this factor and continuing till we completely factorize N.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 4 / 14
Introduction and Surview
So, we have |u − vN| ≤ p1+o(1)t Hence, the residue u (mod N) factorizes completely over the primes p1, ..., pt
And we obtain a non-trivial congruence∏ ej>0
p ej j = ±
∏t j=1 p
ej j (mod N).
Given t + 2 of these congruences we compute x , y satisfying x2 = y2
(mod N)
So, we can compute a factor of N as gcd(x+y, N).
This gives us one factor and thus we can reduce N, by divinding N with this factor and continuing till we completely factorize N.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 4 / 14
Reduction to Lattice problem
So, we are good to go, if we are able to solve the following problem:
Definition (Diophantine Approximation Problem)
Find atleast t + 2 integer vectors (e1, e2, ...et) ∈ Zt satisfying:
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2 log pt
where, c > 1 and p1, ...pt are first t prime numbers.
The above problem can be formulated as a nearly closest vector problem in the 1-norm.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 5 / 14
Reduction to Lattice problem
So, we are good to go, if we are able to solve the following problem:
Definition (Diophantine Approximation Problem)
Find atleast t + 2 integer vectors (e1, e2, ...et) ∈ Zt satisfying:
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2 log pt
where, c > 1 and p1, ...pt are first t prime numbers.
The above problem can be formulated as a nearly closest vector problem in the 1-norm.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 5 / 14
Reduction to Lattice problem
So, we are good to go, if we are able to solve the following problem:
Definition (Diophantine Approximation Problem)
Find atleast t + 2 integer vectors (e1, e2, ...et) ∈ Zt satisfying:
1. | ∑t
i=1 ei log pi − log N| ≤ N−cp o(1) t
2. | ∑t
i=1 ei log pi | ≤ (2c − 1) log N + 2 log pt
where, c > 1 and p1, ...pt are first t prime numbers.
The above problem can be formulated as a nearly closest vector problem in the 1-norm.
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 5 / 14
Reduction to Lattice problem
We associate with N a point N ∈ Rt+1
and with the primes p1, ..., pt a lattice L ⊂ Rt+1 of rank t and basis B.
B =
log p1 0 · · · 0
... . . .
...
0 . . . 0
0 0 · · · log pt Nc log p1 N
c log p2 · · · Nc log pt
, N =
0 0 ... 0
Nc ln N ′
, c ≥ 1
Shubham Sahai Srivastava (IITK) Factoring Integers January 16, 2014 6 / 14
Reduction to Lattice problem
We associate with N a point N ∈ Rt+1 and with the primes p