Fermat's factorization method: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 00:27, 13 June 2025 edit Ltypestar2 (talk \| contribs) 13 edits Adding a way to get a optimal a_max Tag: Visual edit ← Previous edit		Latest revision as of 18:33, 28 August 2025 edit undo TonicBoomerKewl (talk \| contribs) Extended confirmed users 624 edits →Sieve improvement: Added quadratic residue link. Tags: Mobile edit Mobile app edit Android app edit App select source
(5 intermediate revisions by one other user not shown)
Line 1: {{Short description\|~~Mathematics~~Factorization ~~equation~~method based on the difference of two squares}}{{For\|Fermat's method on determining extreme values\|Interior extremum theorem}}{{Refimprove\|date=February 2022}} '''Fermat's factorization method''', named after [[Pierre de Fermat]], is based on the representation of an [[even and odd numbers\|odd]] [[integer]] as the [[difference of two squares]]: :<math>N = a^2 - b^2.</math> Line 107: \|} It is not necessary to compute all the square-roots of <math>a^2-N</math>, nor even examine all the values for {{mvar\|a}}. Squares are always congruent to 0, 1, 4, 5, 9, 16 [[Modular arithmetic\|modulo]] 20, because these are the [[quadratic residue]]s of 20. The values repeat with each increase of {{mvar\|a}} by 10. In this example, N is 17 mod 20, so subtracting 17 mod 20 (or adding 3), <math>a^2-N</math> produces 3, 4, 7, 8, 12, and 19 modulo 20 for these values. It is apparent that only the 4 from this list can be a square. Thus, <math>a^2</math> must be 1 mod 20, which means that {{mvar\|a}} is 1, 9, 11 or 19 mod 20; it will produce a <math>b^2</math> which ends in 4 mod 20 and, if square, {{mvar\|b}} will end in 2 or 8 mod 10. This can be performed with any modulus. Using the same <math>N=2345678917</math>, Line 147: === Premise === An optimal <math>a_{\mathrm{max}}</math> can be computed using derivative methods. ~~This derivation assumes you didint use any seiving.~~ The cost of executing Fermat’s method from <math>\sqrt{N}</math> up to <math>a_{\mathrm{max}}</math> is roughly proportional to a constant we will call <math>d</math>. Using sieving we can reduce it by some constant we call <math>l</math>. In the combined method the trial division bound becomes <math>a_{\mathrm{max}} - \sqrt{a_{\mathrm{max}}^2 - N}</math>. Writing <math>a_{\mathrm{max}} = \sqrt{N} + d</math>, one gets: <math>a^2_{\mathrm{max}} - N = (\sqrt{N} + d)^2 - N = \sqrt{N}^2 + 2\sqrt{N}d + d^2 - N = 2\sqrt{N}d + d^2</math> ~~subsututing~~Substitute the new formula, we get <math>a_{\mathrm{max}} - \sqrt{a_{\mathrm{max}}^2 - N} \to a_{\mathrm{max}} - \sqrt{2\sqrt{N}d + d^2} </math> The goal is to choose a <math>a_{\mathrm{max}}</math> such that <math>C\left(d,N,l\right) = \frac{d}{l} + \left(a_{\mathrm{max}} - \sqrt{2\sqrt{N}d + d^2}\right) \to d\frac{1}{l}+ \left(\sqrt{N}+d\right) - \sqrt{2\sqrt{N}d + d^2} = \sqrt{N} +2dd\left(1+\frac{1}{l}\right) - \sqrt{2\sqrt{N}d + d^2}</math> is minimized. === Finding the Optimum === [[Derivative\|Differentiate]] <math>C\left( d , N,l\right) </math> with respect to <math>d</math>. Due to the linearity of derivatives <math>\frac{d}{dd} \sqrt{N} +2dd\left(1+\frac{1}{l}\right) - \sqrt{2\sqrt{N}d + d^2} = \frac{d}{dd} \sqrt{N} + \frac{d}{dd} 2dd\left(1+\frac{1}{l}\right) - \frac{d}{dd} \sqrt{2\sqrt{N}d + d^2} </math> ~~Notice the~~Because <math>\sqrt{N}</math> ~~term dosent~~doesn't depend on <math>d</math> sowe ~~its~~can ~~derivative~~drop ~~respect~~that toderivative ~~d is 0~~term ~~For~~for the <math>~~2d </math> term we can use the constant multiple rule to get <math>\frac{~~d~~}{dd} 2d~~ \~~to 2~~ left(1+\frac{d1}{ddl} d \right)</math> ~~but~~term, ~~notice~~use the ~~derivative~~multiple ofrule <math>~~d</math> is just 1 so <math>2~~ \~~frac{d}{dd} d~~ left(fg\~~to 2~~ right)'=f'g+g'f</math>.: <math>C\left(-d\~~sqrt{N}~~ left(1+ \frac{~~2\sqrt{N}~~1}{~~\sqrt{3~~l}~~},N~~\right)\right)' = ~~\sqrt{N} +2~~d'\left(~~-\sqrt{N}~~ 1+ \frac{~~2\sqrt{N}~~1}{~~\sqrt{3}~~l}\right) ~~- \sqrt{2\sqrt{N}~~+\left(~~-\sqrt{N}~~ 1+ \frac{~~2\sqrt{N}~~1}{~~\sqrt{3}~~l}\right)'d += \left(~~-\sqrt{N}~~ 1+ \frac{~~2\sqrt{N}~~1}{~~\sqrt{3}~~l}\right)~~^2}~~</math>~~Simplyfing~~▼ ~~For the last term <math>\sqrt{2\sqrt{N}d + d^2} </math> we use the chain rule:~~ For the last term, we use the chain rule <math>\left(f\left(g\right)\right)' = f'\left(g\right)g'</math> and the power rule <math>x^n = nx^{n-1}</math> <math>\frac{d}{dd}\sqrt{2\sqrt{N}d + d^2} \to \frac{\left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}}{2}\frac{d}{dd}2\sqrt{N}d + d^2 </math>▼ ~~Use linearity on the term to get~~ <math>\frac{d}{dd}\sqrt{2\sqrt{N}d + d^2} = \tofrac{\left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}}{2} \frac{d}{dd}2\sqrt{N}d + d^2 = \frac{\left(2\sqrt{N}d + d^2\right)^{-\frac{1}{dd2}}}{2} \left(2\sqrt{N} + 2d\right) = \left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}\left(\sqrt{N} + d\right)</math>Substitute the known derivate formulas <math>\frac{d}{dd}\sqrt{N} +\frac{d}{dd}d\left(1+\frac{1}{l}\right) - \frac{d}{dd}\sqrt{2\sqrt{N}d + d^2} = \left(1+\frac{1}{l}\right) - \left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}\left(\sqrt{N} + d\right) </math> ~~For the first term, use the constant multiple rule and the power rule to get:~~ To find the minimum, notice at the minimum the derivative vanishes, so st the derivative to 0 <math>\frac{d}{dd}2\sqrt{N}d \to 2\sqrt{N}\frac{d}{dd}d \to 2\sqrt{N} </math>▼ ▲<math>\~~frac{d}{dd}\sqrt{~~left(2\sqrt{N}d + d^2} \to right)^{-\frac{1}{2}}\left(2\sqrt{N}d + d^2\right)~~^{-~~ = 0 \to \frac{1}\sqrt{2}N} + d}{2}\~~frac~~sqrt{~~d}{dd}~~2\sqrt{N}d + d^2}} = 1+\frac{1}{l}</math> ~~For the second term use the power rule: <math>\frac{d}{dd}d^2 = 2d </math>~~ Square both sides to remove the root then cross multiply ~~So subsututing known derivatives we get~~ <math>\left(\frac{\sqrt{N} + d}{~~dd}~~\sqrt{2\sqrt{N}d + d^2}}\right)^2 = \left(1+\frac{d1}{ddl}d\right)^2 \to \frac{\left(\sqrt{N} + d\right)^2}{2\sqrt{N}d + 2dd^2} = \left(1+\frac{1}{l}\right)^2 \to \left(\sqrt{N} + d\right)^2 = \left(2\sqrt{N}d + d^2\right)\left(1+\frac{1}{l}\right)^2</math> Expand LHS <math>\frac{\left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}}{2}\frac{d}{dd}2\sqrt{N}d + d^2 \to \frac{\left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}}{2}2\left(\sqrt{N}+d\right) = \left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}\left(\sqrt{N}+d\right)</math><math>\frac{d}{dd} \sqrt{N} + \frac{d}{dd} 2d - \frac{d}{dd} \sqrt{2\sqrt{N}d + d^2} = \frac{d}{dd} \sqrt{N} + \frac{d}{dd} 2d - \frac{d}{dd} \sqrt{2\sqrt{N}d + d^2} = 2 - \left(2\sqrt{N}d + d^2\right)^{-\frac{1}{2}}\left(\sqrt{N}+d\right) </math>Setting this to 0 gives you the optimal d <math>\left(\sqrt{N} + d\right)^2 -= \left(2\sqrt{N}d + d^2\right)~~^{-~~\left(1+\frac{1}{2}l}~~\left(\sqrt{N}+d~~\right) ~~= 0~~^2 \to ~~\frac{\sqrt{~~N} +~~d}{\sqrt{~~ 2\sqrt{N}d+d^2}} = 2 \to left(2\sqrt{N}+d =+ d^2\~~sqrt{2~~right)\~~sqrt~~left(1+\frac{N1}~~d+d~~{l}\right)^2} </math> Bring the right side to the left, Factor the common factor, Then, bring the second term to the right-hand side ~~Eliminating the square root~~ <math>N + 2\sqrt{N}d+d^2 = 2 \~~sqrt{~~left(2\sqrt{N}d + d^2} \to right)\left(1+\~~sqrt~~frac{N1}{l}+d\right)^2 \to N = 4\left(2\sqrt{N}d+d^2\right)\left[\left(1+\frac{1}{l}\right)^2-1\right] </math> Simplify the bracket ~~Simplifying~~ <math> \left(1+\~~sqrt~~frac{N1}{l}+d\right)^2-1 = 41^2 + 2\times1\times\frac{1}{l}+\left(2\~~sqrt~~frac{N1}{l}~~d+d^2~~\right)^2 ~~\to~~- 1 = \~~sqrt~~frac{~~N}^~~2}{l}+2\~~sqrt~~frac{N1}~~d+d~~{l^2} = 8\~~sqrt~~frac{~~N}d~~2l+2d1}{l^2} </math> So, the equation is now ~~Subtract RHS from both sides and combining like terms~~ <math> ~~\sqrt{~~N~~}^2+2\sqrt{N}d+d^2~~ = 8\~~sqrt{N}d+2d^2 \to N+~~left(2\sqrt{N}d+d^2 ~~- 8~~\~~sqrt~~right)\frac{N2l+1}~~d+2d~~{l^2 ~~= 0~~} \to ~~N-6\sqrt{N}d-3d~~Nl^2 = 0 \~~to 6~~left(2\sqrt{N}d+3dd^2~~-N = 0~~\right)\left(2l+1\right) </math>~~Apply the quadratic formula~~ To apply the quadratic formula to solve <math>d</math> we have to rewrite the equation to a quadratic. Write the right side as: <math>d = \frac{-2\sqrt{N}\pm\sqrt{\left(2N\right)^2-4\times1\times\left(-\frac{N}{3}\right)}}{2} \to -\sqrt{N} \pm \frac{2\sqrt{N}}{\sqrt{3}}</math>▼ <math>\left(2\sqrt{N}d+d^2\right)\left(2l+1\right) \to \left(2l+1\right)2\sqrt{N}d+\left(2l+1\right)d^2 </math> Since <math> d > 0 </math> take the positive solution.▼ Since <math>2l+1 \neq 0 </math>, you could divide through by it to get ~~Now get the optimal <math>a_{\mathrm{max}}</math> from the optimal <math>d</math>~~ <math>~~a_{\mathrm{max}}~~d^2 =+ 2\sqrt{N} + d ~~\to \sqrt{N} +~~ -~~\sqrt{N} +~~ \frac{Nl^2~~\sqrt{N}~~}{~~\sqrt{3}~~2l+1} = ~~\frac{2\sqrt{N}}{\sqrt{3}}~~0 </math> This is the quadratic equation we been looking for, we can now apply the quardratic formula: ~~So under then permise of no seiving, optimally you should chose <math> \frac{2\sqrt{N}}{\sqrt{3}} </math>~~ ▲<math>d = \frac{-2\sqrt{N}\pm\sqrt{\left(2N2\sqrt{N}\right)^2-4\times1\times\left(-\frac{NNl^2}{32l+1}\right)}}{2} \to -\sqrt{N} \pm ~~\frac{2~~\sqrt{N}\frac{l+1}{\sqrt{32l+1}} </math> ▲Since <math> d > 0 </math> we take the positive solution. Since <math>a_{\mathrm{max}} = \sqrt{N} + d</math> one gets: ▲<math>a_{\~~frac~~mathrm{dmax}~~{dd~~}2 = \sqrt{N} + d \to 2\sqrt{N} + -\sqrt{N} + \sqrt{N}\frac{dl+1}{dd\sqrt{2l+1}}d ~~\to~~= 2\sqrt{N} \frac{l+1}{\sqrt{2l+1}}</math> === Cost === ~~Substute~~Substitute our optimal <math> ~~-\sqrt{N} + \frac{2\sqrt{N}}{\sqrt{3}}~~ d</math> ~~for~~into <math>C\left( d , N,l\right) </math> ~~we get~~ <math>\sqrt{N} +d\left(1+\frac{1}{l}\right) - \sqrt{2\sqrt{N}d + d^2} \to \sqrt{N} +\left(-\sqrt{N} + \sqrt{N}\frac{l+1}{\sqrt{2l+1}}\right)\left(1+\frac{1}{l}\right) - \sqrt{2\sqrt{N}\left(-\sqrt{N} + \sqrt{N}\frac{l+1}{\sqrt{2l+1}}\right) + \left(-\sqrt{N} + \sqrt{N}\frac{l+1}{\sqrt{2l+1}}\right)^2} </math> Simplifying the monster of an equation, we get <math>\frac{\sqrt{N}\left(\sqrt{2l+1}-1\right)}{l}</math>. === Facts === ▲<math>C\left(-\sqrt{N} + \frac{2\sqrt{N}}{\sqrt{3}},N\right) = \sqrt{N} +2\left(-\sqrt{N} + \frac{2\sqrt{N}}{\sqrt{3}}\right) - \sqrt{2\sqrt{N}\left(-\sqrt{N} + \frac{2\sqrt{N}}{\sqrt{3}}\right) + \left(-\sqrt{N} + \frac{2\sqrt{N}}{\sqrt{3}}\right)^2}</math>Simplyfing * If <math>~~\sqrt{N}~~l ~~+2\left(-\sqrt{N}~~= +1</math> ~~\frac{2\sqrt{N}}{\sqrt{3}}\right)~~that -means ~~\sqrt~~no sieving, <math>a_{2\~~sqrt~~mathrm{Nmax}~~\left(-\sqrt{N~~} += \frac{2\sqrt{N}}~~{\sqrt~~{3}~~}\right)~~</math> +and ~~\left(-\sqrt{N}~~the +cost ~~\frac{2\sqrt{N}}{\sqrt{3}}\right)^2} \to~~becomes <math>\sqrt{N}\left(\sqrt{3}-1\right)~~</math>~~ </math>, which is still better than pure trial division or pure Fermat * The <math>a_{\mathrm{max}} - \sqrt{a_{\mathrm{max}}^2 - N}</math> which is the trial division bound becomes <math>\frac{\sqrt{N}}{\sqrt{2l+1}}</math> when subsututing the optimal. === Example === ~~So using Fermat + Trial divison we get a cost of <math>\sqrt{N}\left(\sqrt{3}-1\right)</math> which is a imporvement over plain trial division~~ Using the same <math>N=2345678917</math>, if there's no sieving then you should choose <math>a_{\mathrm{max}}</math> around 55924.69838392813, the reasonable choice <math>a_{\mathrm{max}} = 55000</math> is not that far off from the optimal with a bound of 28937, but the optimal choice gets a bound of 27962. If we are sieving modulo 20, then <math>l = \frac{1}{\frac{4}{20}} = 5</math> and you should choose around <math>\sqrt{2345678917}\frac{6}{\sqrt{11}} \approx 87617.1636423325</math> and this should intuitively make sense. If the Fermat part costs less, the spend more time in the Fermat part to lower <math>a_{\mathrm{max}} - \sqrt{a_{\mathrm{max}}^2 - N}</math> ==Multiplier improvement==