We introduce a new deterministic factoring algorithm, which could be described in the cryptographically fashionable term of "factoring with hints": we show that, given the knowledge of the factorisations of $O(N^{1/3+\epsilon})$ terms surrounding $N=pq$ product of two large primes, we can recover deterministically $p$ and $q$ in $O(N^{1/3+\epsilon})$ bit operations. Although this is slower than the current best factoring algorithms, this method shows that the factorisations of close integers are related and that consequently one can expect more results along this line of thought.
Deep Dive into Factoring with Hints.
We introduce a new deterministic factoring algorithm, which could be described in the cryptographically fashionable term of “factoring with hints”: we show that, given the knowledge of the factorisations of $O(N^{1/3+\epsilon})$ terms surrounding $N=pq$ product of two large primes, we can recover deterministically $p$ and $q$ in $O(N^{1/3+\epsilon})$ bit operations. Although this is slower than the current best factoring algorithms, this method shows that the factorisations of close integers are related and that consequently one can expect more results along this line of thought.
The problem of quickly factoring large integers is central in cryptography and computational number theory. The current state of the art in factoring large integers N , the Number Field Sieve algorithm [2,3], stems from the earlier Quadratic Sieve [8] and Continued Fraction [6]. We should also mention the Elliptic Curve Method by H. Lenstra [4], which is particularly useful when N has a small prime factor p. They are all probabilistic factoring algorithms.
These algorithms have heuristic running times respectively O exp(c(log N ) 1/3 (log log N ) 2/3 ) , O exp(c(log N ) 1/2 (log log N ) 1/2 ) and O exp(c(log p) 1/2 (log log p) 1/2 ) , for some constant c (not always the same). The first two strive to find nontrivial arithmetical relations of the form x 2 ≡ y 2 (mod N ) (which lead to a nontrivial factor by computing gcd(N, x + y)), whereas the third is a generalisation of Pollard’s p -1 method [7], involving computations in some elliptic curve group instead of Z/N . We should note, however, that there exist probabilistic algorithms with proved running time O exp((1 + o(1))(log N ) 1/2 (log log N ) 1/2 ) [5]. As far as the author is aware, no such rigorous bound exists in the form O exp ((log N ) c ) for c < 1/2. Similarly, no deterministic subexponential algorithm is currently known, the best one being Shank’s square form factorization SQUFOF which runs in O(N 1/4+ǫ ), or in O(N 1/5+ǫ ) on the Extended Riemann Hypothesis.
In this work, we want to introduce a new paradigm in integer factorisation, one that doesn’t supersede previous efforts, but rather complements it by showing that the factorisation of a small number of consecutive integers in related in a nontrivial way. Therefore, if numbers close to a product N = pq of two primes are easier to factor than N itself, we can expect a reduction in the time to factor N . Quantifying the number of consecutive integers versus the additional computational effort to find the needed relation is a matter of further investigation, some of which will come out in another work by ourselves. Here we content ourselves with a first nontrivial result.
Theorem 1. Let N = pq a product of two primes. Then, given an arbitrary ǫ > 0, the factors p and q can be recovered in O(N 1/3+ǫ ) bit operations from the knowledge of the factorisations of O(N
This work borrows heavily from standard notations in analytic number theory and indeed a classical reference on the subject is the treatise of Davenport [1]. In particular, we will make liberal use of the O notation in Landau’s as well as Vinogradov’s form (≪). Hence, for instance
means that g(u) > 0 and |f (u)|/g(u) is bounded above (usually as u → ∞ or u → 0 + , depending clearly on the context). Similarly, f (u) = o(g(u)) (resp. f (u) = Ω(g(u))) means g(u) > 0 and |f (u)|/g(u) goes to zero (resp. |f (u)|/g(u) is bounded below). Unless specified, the implied constants are absolute.
Any sum such as abc=n a 2 bc is to be understood as taken over all positive integers a, b, c such that abc = n. We also define
so that for instance the number of divisors of n is d|n 1 and its sum of divisors d|n d. We also write s = σ + it, with σ, t ∈ R, according to the established convention in analytic number theory. We will also write f (n) for the n-th derivative of the function f . Finally, we write a . = b to signify that a = b+terms that are not necessarily negligible in size but can be computed in polynomial time (in the bit size of the challenge to be factored), so that they are negligible in time.
Our goal will be to compute
If so, then one gets an approximation A to (1)
Let us study the function in (0, ∞)
The function f is convex in (0, 3 √ N ) with a unique critical point (and therefore absolute minimum) at z = √ N . We will suppose that N = pq with p < √ N < q. In fact, we may as well suppose that
and therefore p = ⌊a⌉, the integer nearest to a.
Consider the Riemann zeta function
absolutely convergent whenever ℜs > 3/2. Now let for ν ∈ N 1 with ν ≥ 2,
The Mellin transform of f is by definition the beta function
hence by the inverse Mellin transform 2 ,
(2) 1 2πi
Call the right-hand side
and note that
is a piecewise polynomial (given by a different expression between consecutive integers).
The Riemann zeta function is a meromorphic function having a simple pole with residue 1 at s = 1 and satisfying the functional equation (given here in asymmetric form)
1 In fact, ν doesn’t need to be an integer, but it simplifies calculations to assume so. 2 We will also use the notation
A standard “integration line moving” (to ℜs = -1/4) argument in the integral of (2) will get us to the following, after picking up the residues of the integrand at s = 3/2, s = 1 and s = 0,
In fact, we can move the line of integration to ℜs = -1/4, since to the right of that line, for any given ǫ > 0,
In particular the integral on the right-hand side is absolutely convergent when ν ≥ 4. It is this integral is the next focus of our investigation. It
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
