Integer Factorization By: Josh Tuggle & Kyle Johnson
What Is It? Integer Factorization - The decomposition of a composite number into its primes. Not much of an actual problem until the number becomes very large. No efficient algorithm exists yet. Goal: Factor in polynomial time.
What Is It? Hardest instance for I.F.: semiprimes. – Product of two prime numbers. An algorithm that can efficiently factor any integer would compromise RSA Cryptography.
Statistics Sept. 1993 – April 1994: RSA-129 becomes first large distributed factorization. Jan – Aug. 1999: RSA-155 is factored using GNFS. April 2003: RSA-160 factored using 100 CPUs. Dec. 2003 – May 2005: RSA-200 factored using 80 Opteron processors in Germany. Dec. 2009: RSA-768 becomes largest semiprime factored (232 digits) after two years and the equivalent of 2000 years of processing.
Running Time There are many bounds on this problem based on what is known about the integer to be factored. The algorithm with the best running time is the General Number Field Sieve: However, there is an algorithm out there that has a better factoring time, with a major difference.
Running Time Shor’s Algorithm currently has the best runtime for this problem: O((log N) 3 ). – N is the input’s size. Only works with a quantum computer.
Algorithms There exists multiple algorithms for this particular problem. Which one to use depends on what is known about the input. These algorithms can be grouped into two classes: Special-Purpose and General- Purpose.
Special-Purpose (Category 1) These algorithms’ runtimes depend on the size of the smallest prime factor. General procedure is to use these algorithms on an integer first to remove the more manageable factors. Examples: Trial Division, Wheel Factorization, Euler’s factorization method.
Trial Division Requires most work, but easiest to understand. Given an integer n: – Start at 2 – Move up number line towards n. – Divide n by each number – Check if the number went into n with no remainders – Repeat until all factors are prime.
General-Purpose (Category 2) The runtime for these algorithms depends only on the size of the integer being factored. RSA numbers are factored using algorithms in this class. Examples: Dixon’s Algorithm, Shank’s Square Forms Factorization, General Number Field Sieve.
General Number Field Sieve (GNFS) Arbitrarily select two polynomials f(x) and g(x) that must fit several conditions. – Small degrees d and e. – Integer coefficients – Irreducible over rationals – Must yield same integer root when modded by the initial number n.
General Number Field Sieve (GNFS) Subject the two polynomials to number field rings to find values of two integers a and b that satisfy: – r = b d f(a/b) and s = b e g(a/b) – r and s must be numbers that factor into primes only. Homomorphisms are then used to find two values x and y such that x 2 – y 2 is divisible by n. These values are used to find a factor of n by taking the gcd of n and x – y.
Shor’s Algorithm Algorithm developed by Peter Shor in 1994. Can factor in polynomial time, but requires a quantum computer. Placed in complexity class BQP – Bounded-Error Quantum Polynomial Time
Shor’s Process The algorithm consists of two key parts: – A change of the problem from factoring to order- finding. – Solving the order-finding problem. The problem change portion can be done on a traditional computer, but the order-finding portion requires a quantum computer.
Traditional Half Pick a random integer a that is less than N, the integer being factored. Find the gcd of the two integers. If this value isn’t 1, then there is a factor of N, and the algorithm is finished. If the value is 1, we must go to the quantum half of the algorithm.
Quantum Half Known as the period-finding subroutine. Used to find an r value that represents the period of the function: f(x) = a x mod N. Quantum circuits used are custom made for each (a, N) pair. r cannot be odd and a r/2 and -1 cannot be congruent modulo N. If these conditions are both met, then gcd(a r/2 ± 1, N) is a nontrivial factor of N and the algorithm finishes.
Quantum Half Heavily depends on a quantum computer’s superposition property. Evaluates the function at all points simultaneously. The algorithm’s runtime (O(log N) 3 ) stems from Shor solving three quantum problems in O(log N) time each. – Superposition, function as a quantum transform, and quantum Fourier transform.