Download presentation
Presentation is loading. Please wait.
1
Parallel Quadratic Sieve
Factoring and other adventures done in parallel Daniel Ron 11/24/2018
2
Background Factoring is hard Many different algorithms
Background – Algorithm – Results – Moving Forward Factoring is hard Many different algorithms Daniel Ron 11/24/2018
3
Background Factoring is hard Many different algorithms Trial division
Background – Algorithm – Results – Moving Forward Factoring is hard Many different algorithms Trial division Pullard’s 𝜌 Method Quadratic Number Field Sieve General Number Field Sieve Daniel Ron 11/24/2018
4
Background Factoring is hard Many different algorithms Trial division
Background – Algorithm – Results – Moving Forward Factoring is hard Many different algorithms Trial division Pullard’s 𝜌 Method Quadratic Number Field Sieve General Number Field Sieve 𝑛 2 4 𝑛 𝑝𝑜𝑙𝑦𝑙𝑜𝑔 𝑛 exp 1+𝑜 log 𝑛 log log 𝑛 exp 𝑜 log 𝑛 log log 𝑛 Daniel Ron 11/24/2018
5
Background: Goals Where can we parallelize?
Background – Algorithm – Results – Moving Forward Where can we parallelize? What sub-problems can we improve in parallel? Daniel Ron 11/24/2018
6
Background: Goals Primality checking Modular square root GCD
Background – Algorithm – Results – Moving Forward Primality checking Modular square root GCD “Small” number factoring Nullspace over 𝐹 2 Daniel Ron 11/24/2018
7
Background: Goals Primality checking Miller-Rabin
Background – Algorithm – Results – Moving Forward Primality checking Miller-Rabin Modular square root Tonelli-Shanks GCD Lehmer “Small” number factoring Pullard’s 𝜌 method Nullspace over 𝐹 Block Lanczos Daniel Ron 11/24/2018
8
Background: Goals Good at Parallel Primality checking
Background – Algorithm – Results – Moving Forward Good at Parallel Primality checking Small number factoring Nullspace over 𝐹 2 Bad at Parallel Modular square root GCD Daniel Ron 11/24/2018
9
Miller-Rabin Primality test
Algorithm Background – Algorithm – Results – Moving Forward Primality Testing Miller-Rabin Primality test Daniel Ron 11/24/2018
10
Algorithm Given odd 𝑛, we have 𝑛−1= 2 𝑠 𝑑, 𝑑 odd
Background – Algorithm – Results – Moving Forward Given odd 𝑛, we have 𝑛−1= 2 𝑠 𝑑, 𝑑 odd ∀𝑎, either 𝑎 𝑑 ≡1 mod 𝑛 or 𝑎 2 𝑟 𝑑 ≡−1 mod 𝑛 If 𝑎 𝑑 ≠1 mod 𝑛 or 𝑎 2 𝑟 𝑑 ≠−1 mod 𝑛 𝑛 must be composite a is called a witness Daniel Ron 11/24/2018
11
Algorithm Try random 𝑎∈[2,𝑛−1] 𝑘 times 100% accuracy on primes
Background – Algorithm – Results – Moving Forward Try random 𝑎∈[2,𝑛−1] 𝑘 times 100% accuracy on primes 1− 4 −𝑘 on composites Embarrassingly parallel If we find any witness, abort all threads Daniel Ron 11/24/2018
![Algorithm Try random 𝑎∈[2,𝑛−1] 𝑘 times 100% accuracy on primes](http://slideplayer.com/slide/14789855/90/images/11/Algorithm+Try+random+%F0%9D%91%8E%E2%88%88%5B2%2C%F0%9D%91%9B%E2%88%921%5D+%F0%9D%91%98+times+100%25+accuracy+on+primes.jpg "Background – Algorithm – Results – Moving Forward. Try random 𝑎∈[2,𝑛−1] 𝑘 times. 100% accuracy on primes. 1− 4 −𝑘 on composites. Embarrassingly parallel. If we find any witness, abort all threads. Daniel Ron. 11/24/2018.")
12
“Small” Number Factoring Pullard’s 𝜌 Method
Algorithm Background – Algorithm – Results – Moving Forward “Small” Number Factoring Pullard’s 𝜌 Method Daniel Ron 11/24/2018
13
Algorithm Intelligently generate a pseudo-random sequence
Background – Algorithm – Results – Moving Forward Intelligently generate a pseudo-random sequence Based on finding cycles 𝑓 𝑥 = 𝑥 2 +𝑐 mod 𝑛 for some 𝑐, 𝑐≠0,−2 Iterate over 𝑥=𝑓 𝑥 , 𝑦=𝑓 𝑓 𝑦 until 𝐺𝐶𝐷 𝑥−𝑦 ,𝑛 ≠1 → Can run multiple iterations at once with different values of 𝑐 Daniel Ron 11/24/2018
14
Block Lanczos Algorithm
Background – Algorithm – Results – Moving Forward Nullspace over 𝐹 2 Block Lanczos Algorithm Daniel Ron 11/24/2018
15
Algorithm Works well on sparse matrices over small finite fields
Background – Algorithm – Results – Moving Forward Works well on sparse matrices over small finite fields Known to be very fast for this data, but doesn’t gain from being parallelized Daniel Ron 11/24/2018
16
Algorithm Quadratic Sieve
Background – Algorithm – Results – Moving Forward Quadratic Sieve Daniel Ron 11/24/2018
17
Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀
Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018
18
Algorithm Given 𝑛 →Choose bounds 𝑩 and 𝑴 Tunable Parameter
Background – Algorithm – Results – Moving Forward Given 𝑛 →Choose bounds 𝑩 and 𝑴 Tunable Parameter Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018
19
Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀
Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 → Find set of all 𝒑<𝑩 such that 𝒏 𝒑 =𝟏 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Brute force Daniel Ron 11/24/2018
20
Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀
Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 → Find all squares 𝒂 𝒊 𝟐 = 𝒃 𝒊 <𝑴 such that 𝒃 𝒊 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018
21
Algorithm Use polynomial 𝑓 𝑥 = 𝐴𝑥+𝐵 2 −n
Background – Algorithm – Results – Moving Forward Use polynomial 𝑓 𝑥 = 𝐴𝑥+𝐵 2 −n Note: 𝑓 𝑥 mod n ≡ 𝐴𝑥+𝐵 2 mod 𝑛 ⇒ 𝑎 𝑖 =(𝐴𝑥+𝐵) for some 𝑥 Solve 𝑓 𝑥 ≡0 mod 𝑝, call solution α 𝑝 factors f 𝛼+𝑘𝑝 , mark all these values Repeat for all 𝑝 in our base Daniel Ron 11/24/2018
22
Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀
Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set → Find subset of 𝒃 𝒊 such that 𝚷 𝒃 𝒊 = 𝒄 𝟐 for some c Calculate 𝐺𝐶𝐷(𝑎−𝑐, 𝑛), 𝐺𝐶𝐷(𝑎+𝑐, 𝑛) Daniel Ron 11/24/2018
23
Algorithm Write each 𝑏 𝑖 in prime power representation
Background – Algorithm – Results – Moving Forward Write each 𝑏 𝑖 in prime power representation 𝑏 𝑖 = 𝑝 𝑖0 𝑒 𝑖0 𝑝 𝑖1 𝑒 𝑖1 … 𝑝 𝑖𝑚 𝑒 𝑖𝑚 Can be represented as vector 𝑒 𝑖0 , 𝑒 𝑖1 ,…, 𝑒 𝑖𝑚 we set 𝑒 𝑖𝑚 , can set size of vector Consider these vectors in 𝐹 2 Choose subset of vectors whos sum is 0 Daniel Ron 11/24/2018
24
Algorithm This is a matrix operation!
Background – Algorithm – Results – Moving Forward This is a matrix operation! 𝑥 ⋅ =0↔ 𝑥 =0 Finding the nullspace gives us 𝑏 𝑖 s.t. Π 𝑏 𝑖 = 𝑐 2 mod 𝑛 Daniel Ron 11/24/2018
25
Algorithm Given 𝑛 Choose bounds 𝐵 and 𝑀
Background – Algorithm – Results – Moving Forward Given 𝑛 Choose bounds 𝐵 and 𝑀 Find set of all 𝑝<𝐵 such that 𝑛 𝑝 =1 Find all squares 𝑎 𝑖 2 = 𝑏 𝑖 <𝑀 such that 𝑏 𝑖 is a product of primes from our set Find subset of 𝑏 𝑖 such that Π 𝑏 𝑖 = 𝑐 2 for some c → Calculate 𝑮𝑪𝑫(𝒂−𝒄, 𝒏), 𝑮𝑪𝑫(𝒂+𝒄, 𝒏) Now we have two factors! Daniel Ron 11/24/2018
26
Results Background – Algorithm – Results – Moving Forward Improvement in primality testing for larger numbers ~1 order of magnitude on one core Primality testing: Linear speedup with cores Pollard’s Rho: faster than trial division for semiprimes Worse for small smooth numbers Slight parallel speedup Daniel Ron 11/24/2018
27
Results Background – Algorithm – Results – Moving Forward Daniel Ron
11/24/2018
28
Moving Forward Implement efficient blocking of matrix data
Background – Algorithm – Results – Moving Forward Implement efficient blocking of matrix data Where + when parallelization helps Parallel for loops Parallel polynomials in QS → 𝐴𝑥+𝐵 2 Parallel nullspace over 𝐹 2 etc Get QS working on bigints Determine proper cutoffs Daniel Ron 11/24/2018
Similar presentations
