Shanks' square forms factorization

From Infogalactic: the planetary knowledge core
(Redirected from SQUFOF)
Jump to: navigation, search

Lua error in package.lua at line 80: module 'strict' not found. Lua error in package.lua at line 80: module 'strict' not found.

Shanks's square forms factorization is a method for integer factorization devised by Daniel Shanks as an improvement on Fermat's factorization method.

The success of Fermat's method depends on finding integers x and y such that x^2-y^2=N, where N is the integer to be factored. An improvement (noticed by Kraitchik) is to look for integers x and y such that x^2\equiv y^2\pmod{N}. Finding a suitable pair (x, y) does not guarantee a factorization of N, but it implies that N is a factor of x^2-y^2=(x-y)(x+y), and there is a good chance that the prime divisors of N are distributed between these two factors, so that calculation of the greatest common divisor of N and x-y will give a non-trivial factor of N.

A practical algorithm for finding pairs (x,y) which satisfy x^2\equiv y^2\pmod{N} was developed by Shanks, who named it Square Forms Factorization or SQUFOF. The algorithm can be expressed in terms of continued fractions or in terms of quadratic forms. Although there are now much more efficient factorization methods available, SQUFOF has the advantage that it is small enough to be implemented on a programmable calculator.

Algorithm

Input: N, the integer to be factored, which must be neither a prime number nor a perfect square, and a small multiplier k.

Output: a non-trivial factor of N.

The algorithm:

Initialize P_0=\lfloor\sqrt{kN}\rfloor,Q_0=1,Q_1=kN-P_0^2.

Repeat

b_i=\left\lfloor\frac{\lfloor\sqrt{kN}\rfloor+P_{i-1}}{Q_i}\right\rfloor,P_i=b_iQ_i-P_{i-1},Q_{i+1}=Q_{i-1}+b_i(P_{i-1}-P_i)

until Q_i is a perfect square at some even i.

Initialize b_0=\left\lfloor\frac{\lfloor\sqrt{kN}\rfloor-P_{i-1}}{\sqrt{Q_i}}\right\rfloor,P_0=b_0\sqrt{Q_i}+P_{i-1},Q_0=\sqrt{Q_i},Q_1=\frac{kN-P_0^2}{Q_0}

Repeat

b_i=\left\lfloor\frac{\lfloor\sqrt{kN}\rfloor+P_{i-1}}{Q_i}\right\rfloor,P_i=b_iQ_i-P_{i-1},Q_{i+1}=Q_{i-1}+b_i(P_{i-1}-P_i)

until P_i=P_{i-1}.

Then if f=\gcd(N,P_i) is not equal to 1 and not equal to N, then f is a non-trivial factor of N. Otherwise try another value of k.

Shanks's method has time complexity O(\sqrt[4]{N}).

Stephen S. McMasters (see link in External Link section) wrote a more detailed discussion of the mathematics of Shanks's method, together with a proof of its correctness.

Example

N = 11111, k = 1

P0 = 105 Q0 = 1 Q1 = 86

P1 = 67 Q1 = 86 Q2 = 77

P2 = 87 Q2 = 77 Q3 = 46

P3 = 97 Q3 = 46 Q4 = 37

P4 = 88 Q4 = 37 Q5 = 91

P5 = 94 Q5 = 91 Q6 = 25

Here Q6 is a perfect square

P0 = 104 Q0 = 5 Q1 = 59

P1 = 73 Q1 = 59 Q2 = 98

P2 = 25 Q2 = 98 Q3 = 107

P3 = 82 Q3 = 107 Q4 = 41

P4 = 82

Here P3 = P4

gcd(11111, 82) = 41, which is a factor of 11111.

References

  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found.

External links