integer factorization
DESCRIPTION
Integer Factorization. By: Josh Tuggle & Kyle Johnson. What Is It?. Integer Factorization - T he decomposition of a composite number into its primes. Not much of an actual problem until the number becomes very large. No efficient algorithm exists yet. Goal: Factor in polynomial time. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/1.jpg)
Integer Factorization
By:Josh Tuggle & Kyle Johnson
![Page 2: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/2.jpg)
What Is It?
• Integer Factorization - The decomposition of a composite number into its primes.
• Not much of an actual problem until the number becomes very large.
• No efficient algorithm exists yet.• Goal: Factor in polynomial time.
![Page 3: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/3.jpg)
What Is It?
• Hardest instance for I.F.: semiprimes.– Product of two prime numbers.
• An algorithm that can efficiently factor any integer would compromise RSA Cryptography.
![Page 4: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/4.jpg)
Statistics
• Sept. 1993 – April 1994: RSA-129 becomes first large distributed factorization.
• Jan – Aug. 1999: RSA-155 is factored using GNFS.• April 2003: RSA-160 factored using 100 CPUs.• Dec. 2003 – May 2005: RSA-200 factored using 80
Opteron processors in Germany.• Dec. 2009: RSA-768 becomes largest semiprime
factored (232 digits) after two years and the equivalent of 2000 years of processing.
![Page 5: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/5.jpg)
Running Time
• There are many bounds on this problem based on what is known about the integer to be factored.
• The algorithm with the best running time is the General Number Field Sieve:
• However, there is an algorithm out there that has a better factoring time, with a major difference.
![Page 6: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/6.jpg)
Running Time
• Shor’s Algorithm currently has the best runtime for this problem: O((log N)3).– N is the input’s size.
• Only works with a quantum computer.
![Page 7: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/7.jpg)
Algorithms
• There exists multiple algorithms for this particular problem.
• Which one to use depends on what is known about the input.
• These algorithms can be grouped into two classes: Special-Purpose and General-Purpose.
![Page 8: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/8.jpg)
Special-Purpose (Category 1)
• These algorithms’ runtimes depend on the size of the smallest prime factor.
• General procedure is to use these algorithms on an integer first to remove the more manageable factors.
• Examples: Trial Division, Wheel Factorization, Euler’s factorization method.
![Page 9: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/9.jpg)
Trial Division
• Requires most work, but easiest to understand.
• Given an integer n:– Start at 2– Move up number line towards n.– Divide n by each number– Check if the number went into n with no remainders– Repeat until all factors are prime.
![Page 10: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/10.jpg)
General-Purpose (Category 2)
• The runtime for these algorithms depends only on the size of the integer being factored.
• RSA numbers are factored using algorithms in this class.
• Examples: Dixon’s Algorithm, Shank’s Square Forms Factorization, General Number Field Sieve.
![Page 11: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/11.jpg)
General Number Field Sieve (GNFS)
• Arbitrarily select two polynomials f(x) and g(x) that must fit several conditions.– Small degrees d and e.– Integer coefficients– Irreducible over rationals–Must yield same integer root when modded by the
initial number n.
![Page 12: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/12.jpg)
General Number Field Sieve (GNFS)
• Subject the two polynomials to number field rings to find values of two integers a and b that satisfy:– r = bdf(a/b) and s = beg(a/b)– r and s must be numbers that factor into primes only.
• Homomorphisms are then used to find two values x and y such that x2 – y2 is divisible by n.
• These values are used to find a factor of n by taking the gcd of n and x – y.
![Page 13: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/13.jpg)
Shor’s Algorithm
• Algorithm developed by Peter Shor in 1994.• Can factor in polynomial time, but requires a
quantum computer.• Placed in complexity class BQP– Bounded-Error Quantum Polynomial Time
![Page 14: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/14.jpg)
Shor’s Process
• The algorithm consists of two key parts:– A change of the problem from factoring to order-
finding.– Solving the order-finding problem.
• The problem change portion can be done on a traditional computer, but the order-finding portion requires a quantum computer.
![Page 15: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/15.jpg)
Traditional Half
• Pick a random integer a that is less than N, the integer being factored.
• Find the gcd of the two integers.• If this value isn’t 1, then there is a factor of N,
and the algorithm is finished.• If the value is 1, we must go to the quantum
half of the algorithm.
![Page 16: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/16.jpg)
Quantum Half
• Known as the period-finding subroutine.• Used to find an r value that represents the period of
the function: f(x) = ax mod N.• Quantum circuits used are custom made for each (a,
N) pair.• r cannot be odd and ar/2 and -1 cannot be congruent
modulo N.• If these conditions are both met, then gcd(ar/2 ± 1, N)
is a nontrivial factor of N and the algorithm finishes.
![Page 17: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/17.jpg)
Quantum Half
• Heavily depends on a quantum computer’s superposition property.
• Evaluates the function at all points simultaneously.
• The algorithm’s runtime (O(log N)3) stems from Shor solving three quantum problems in O(log N) time each.– Superposition, function as a quantum transform,
and quantum Fourier transform.
![Page 18: Integer Factorization](https://reader035.vdocuments.net/reader035/viewer/2022081421/568166ed550346895ddb3b0c/html5/thumbnails/18.jpg)
Questions?