Number Theory 21 JAN, 2010

Some integer factorization algorithms using elliptic curves

Some integer factorization algorithms using elliptic curves

Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order log(p), where p is the factor which is found. In practice the speedup is significant. We mention some refinements which give greater speedup, an alternative way of implementing a second phase, and the connection with Pollard’s “p-1” factorization algorithm.

💡 Research Summary

The paper revisits Lenstra’s elliptic‑curve factorization method (ECM) and proposes a concrete enhancement that adds a second phase to the standard algorithm. In the original ECM, a random elliptic curve (E) over (\mathbb{Z}_N) and a point (P) are chosen, and the algorithm repeatedly computes multiples (kP) where the integer (k) is the product of all prime powers up to a smoothness bound (B). If a prime factor (p) of (N) satisfies that (p-1) is (B)-smooth, the group order (|E(\mathbb{F}_p)|) divides (k) and the computation of (\gcd(N, x(kP)-x(P))) reveals (p). When (|E(\mathbb{F}_p)|) contains a prime factor slightly larger than (B), the original algorithm typically aborts and restarts with a new curve, which can be wasteful.

The authors observe that many “near‑misses” occur: the order of the curve modulo (p) often has a large prime factor just beyond the bound (B). To capture these cases, they introduce a second phase that continues the search beyond the initial smoothness limit without discarding the work already performed. Two concrete implementations are described:

  1. Prime‑factor augmentation – After the first phase produces a point (Q = kP), the algorithm multiplies (Q) by a small prime (q) chosen from the interval (