Lenstra elliptic-curve factorization: Difference between revisions

We want to factor {{math|1=''n'' = 455839.}} Let's choose the elliptic curve {{math|1=''y''² = ''x''³ + 5''x'' –− 5,}} with the point {{math|1=''P'' = (1, 1)}} on it, and let's try to compute {{math|1=(10!)''P''.}}

First we [[Elliptic_curve_point_multiplication#Point_doubling|compute 2''P'']]. We have {{math|1=''s''(''P'') = ''s''(1,1) = 4,}} so the coordinates of {{math|1=2''P'' = (''{{prime|x}}'', ''{{prime|y}}'')}} are {{math|1=''{{prime|x}}'' = ''s''² –− 2''x'' = 14}} and {{math|1=''{{prime|y}}'' = ''s''(''x'' –− ''{{prime|x}}'') –− ''y''}} {{math|1== 4(1 –− 14) –− 1 = –53−53,}} all numbers understood {{math|1=(mod ''n'').}} Just to check that this 2''P'' is indeed on the curve: {{nowrap|1=(–53−53)² = 2809 = 14³ + 5·14 –− 5.}}

Then we compute 3(2''P''). We have {{math|1=''s''(2''P'') = ''s''(14,-53 −53) = –593−593/106 (mod ''n'').}} Using the [[Euclidean algorithm]]: {{nowrap|1=455839 = 4300·106 + 39,}} then {{nowrap |1=106 = 2·39 + 28,}} then {{nowrap|1=39 = 28 + 11,}} then {{nowrap |1=28 = 2·11 + 6,}} then {{nowrap|1=11 = 6 + 5,}} then {{nowrap |1=6 = 5 + 1.}} Hence {{nowrap|1=gcd(455839, 106) = 1,}} and working backwards (a version of the [[extended Euclidean algorithm]]): {{nowrap |1=1 = 6 –− 5 = 2·6 –− 11 = 2·28 –− 5·11}} {{nowrap |1== 7·28 –− 5·39 = 7·106 –− 19·39 = 81707·106 –− 19·455839.}} Hence {{nowrap |1=106⁻¹ = 81707 (mod 455839),}} and {{nowrap |1=–593−593/106 = –133317−133317 (mod 455839).}} Given this ''s'', we can compute the coordinates of 2(2''P''), just as we did above: {{math|1=4''P'' = (259851, 116255).}} Just to check that this is indeed a point on the curve: {{math|1=''y''² = 54514 = ''x''³ + 5''x'' –− 5 (mod 455839).}} After this, we can compute <math>3(2P) = 4P \boxplus 2P</math>.