Wikipedia

Shanks's square forms factorization: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
top: Added short description.
Tags: Mobile edit Mobile app edit Android app edit App full source
 
(26 intermediate revisions by 5 users not shown)
Line 1:
{{Short description|Integer factorization algorithm}}
{{more footnotes|date=March 2015}}
 
'''Shanks's square forms factorization''' is a method for [[integer factorization]] devised by [[Daniel Shanks]] as an improvement on [[Fermat's factorization method]].
 
The success of Fermat's method depends on finding integers <math>x</math> and <math>y</math> such that <math>x^2-y^2=N</math>, where <math>N</math> is the integer to be factored. An improvement (noticed by [[Maurice Kraitchik|Kraitchik]]) is to look for integers <math>x</math> and <math>y</math> such that <math>x^2\equiv y^2\pmod{N}</math>. Finding a suitable pair <math>(x, y)</math> does not guarantee a factorization of <math>N</math>, but it implies that <math>N</math> is a factor of <math>x^2-y^2=(x-y)(x+y)</math>, and there is a good chance that the [[prime divisor]]s of <math>N</math> are distributed between these two factors, so that calculation of the [[greatest common divisor]] of <math>N</math> and <math>x-y</math> will give a non-trivial factor of <math>N</math>.
 
A practical algorithm for finding pairs <math>(x,y)</math> which satisfy <math>x^2\equiv y^2\pmod{N}</math> was developed by Shanks, who named it Square Forms Factorization or SQUFOF. The algorithm can be expressed in terms of continued fractions or in terms of quadratic forms. Although there are now much more efficient factorization methods available, SQUFOF has the advantage that it is small enough to be implemented on a programmable calculator. Shanks programmed it on an [[HP-65]], made in 1974, which has storage for only nine digit numbers and allows only 100 steps/keystrokes of programming. There are versions of the algorithm that use little memory and versions that store a list of values that run more quickly.
 
In 1858, the Czech mathematician [[Václav Šimerka]] used a method similar to SQUFOF to factor <math>(10^{17} - 1)/9</math> <math>=</math> <math>11111111111111111</math> <math>=</math> <math>2071723 \cdot 5363222357</math>.<ref>{{cite journal |last1=Lemmermeyer |first1=F. |title=Václav Šimerka: quadratic forms and factorization |journal=LMS Journal of Computation and Mathematics |date=2013 |volume=16 |pages=118–129 |doi=10.1112/S1461157013000065 |doi-access=free}}</ref>
 
==Algorithm==
'''Note''' This version of the algorithm works on some examples but often gets stuck in a loop.
 
This version does not use a list.
 
'''Input''': <math>N</math>, the integer to be factored, which must be neither a [[prime number]] nor a [[Square number|perfect square]], and a small positive integer, <math>k</math>.
 
Line 16 ⟶ 21:
'''The algorithm:'''
 
Initialize <math>i=0,P_0=\lfloor\sqrt{kN}\rfloor,Q_0Q_{-1}=1,Q_1Q_0=kN-P_0^2.</math>
 
Repeat
 
<math>i=i+1,b_i=\left\lfloor\frac{P_0+P_{i-1}}{Q_iQ_{i-1}}\right\rfloor,P_i=b_iQ_i-P_b_iQ_{i-1},Q_-P_{i+-1},Q_i=Q_{i-12}+b_i(P_{i-1}-P_i)</math>
 
until <math>Q_{i+1}Q_i</math> is a perfect square at some odd value of <math>i</math>.
 
Start the second phase (reverse cycle).
 
Initialize <math>b_0=\left\lfloor\frac{P_0-P_i}{\sqrt{Q_{i+1}Q_i}}\right\rfloor</math>, <math>Q_{-1}=\sqrt{Q_{i+1}Q_i}</math>, and <math>P_0=b_0\sqrt{Q_{i+1}Q_i}+P_i</math>, where <math>P_0, P_i</math>, and <math>Q_{i+1}</math> are from the previous phase. The <math>b_0</math> used in the calculation of <math>P_0</math> is the recently calculated value of <math>b_0</math>.
 
Set <math> i=0</math> and <math> Q_0=\frac{kN-P_0^2}{Q_{-1}}</math>, where <math>P_0</math> is the recently calculated value of <math>P_0</math>.
Line 34 ⟶ 39:
<math>i=i+1,b_i=\left\lfloor\frac{P_0+P_{i-1}}{Q_{i-1}}\right\rfloor,P_i=b_iQ_{i-1}-P_{i-1},Q_i=Q_{i-2}+b_i(P_{i-1}-P_i)</math>
 
until <math>P_i=P_{i-1}.</math>{{cn|date=October 2023}}
 
Then if <math>f=\gcd(N,P_i)</math> is not equal to <math>1</math> and not equal to <math>N</math>, then <math>f</math> is a non-trivial factor of <math>N</math>. Otherwise try another value of <math>k</math>.{{cn|date=October 2023}}
 
Shanks's method has time complexity <math>O(\sqrt[4]{N})</math>.<ref>{{Harvcol|Riesel|1994|p=189}}</ref>
 
Stephen S. McMath wrote
a more detailed discussion of the mathematics of Shanks's method,
together with a proof of its correctness.<ref>{{Cite CiteSeerX|title=Daniel Shanks' Square Forms Factorization| year=2004 |citeseerx = 10.1.1.107.9984}}</ref>
 
==Example==
 
Let <math>N = 11111, k = 1</math>
 
<math>Q_0=Q_{-1, Q_1}=861</math>
 
{| border="1" class="wikitable" style="text-align:center; "
Line 56 ⟶ 61:
!<math>b_{i}</math>
!<math>P_{i}</math>
!<math>Q_{i+1}</math>
|-
|<math>0</math>
Line 66 ⟶ 71:
|<math>2</math>
|<math>67</math>
|<math>3777</math>
|-
|<math>2</math>
Line 89 ⟶ 94:
|}
 
Here <math>Q_{65} = 25</math> is a perfect square, so the first phase ends.
 
For the second phase, set <math>Q_{-1} = \sqrt{25} = 5</math>. Then:
Line 207 ⟶ 212:
* {{cite book
| last=Riesel | first=Hans | authorlink=Hans Riesel
| title=Prime numbersNumbers and computerComputer methodsMethods for factorizationFactorization
| publisher=Birkhauser
|edition = 2nd
Line 220 ⟶ 225:
* S. McMath, F. Crabbe, D. Joyner: [https://web.archive.org/web/20200930034823/https://www.usna.edu/Users/cs/crabbe/papers/mcmath-IJPAM.pdf ''Continued fractions and parallel SQUFOF''], 2005
* Jason Gower, Samuel Wagstaff: [http://homes.cerias.purdue.edu/~ssw/squfof.pdf ''Square Form Factorisation''] [http://www.ams.org/journals/mcom/2008-77-261/S0025-5718-07-02010-8/S0025-5718-07-02010-8.pdf (Published)]
* [https://web.archive.org/web/20231003030532/http://colin.barker.pagesperso-orange.fr/lpa/big_squf.htm Shanks's SQUFOF Factoring Algorithm]
*[https://github.com/TilmanNeumann/java-math-library java-math-library]
 
Retrieved from "https://en.wikipedia.org/wiki/Shanks%27s_square_forms_factorization"