Shanks's square forms factorization

Input: ${\displaystyle N}$ , the integer to be factored, which must be neither a prime number nor a perfect square, and a small positive integer, ${\displaystyle k}$ .

Output: a non-trivial factor of ${\displaystyle N}$ .

The algorithm:

Initialize ${\displaystyle i=0,P_{0}=\lfloor {\sqrt {kN}}\rfloor ,Q_{0}=1,Q_{1}=kN-P_{0}^{2}.}$ 

Repeat

${\displaystyle i=i+1,b_{i}=\left\lfloor {\frac {P_{0}+P_{i-1}}{Q_{i}}}\right\rfloor ,P_{i}=b_{i}Q_{i}-P_{i-1},Q_{i+1}=Q_{i-1}+b_{i}(P_{i-1}-P_{i})}$ 

until ${\displaystyle Q_{i+1}}$  is a perfect square at some odd value of ${\displaystyle i}$ .

Start the second phase (reverse cycle).

Initialize ${\displaystyle b_{0}=\left\lfloor {\frac {P_{0}-P_{i}}{\sqrt {Q_{i+1}}}}\right\rfloor }$ , ${\displaystyle Q_{0}={\sqrt {Q_{i+1}}}}$ , and ${\displaystyle P_{0}=b_{0}{\sqrt {Q_{i+1}}}+P_{i}}$ , where ${\displaystyle P_{0},P_{i}}$ , and ${\displaystyle Q_{i+1}}$  are from the previous phase. The ${\displaystyle b_{0}}$  used in the calculation of ${\displaystyle P_{0}}$  is the recently calculated value of ${\displaystyle b_{0}}$ .

Set ${\displaystyle i=0}$  and ${\displaystyle Q_{1}={\frac {kN-P_{0}^{2}}{Q_{0}}}}$ , where ${\displaystyle P_{0}}$  is the recently calculated value of ${\displaystyle P_{0}}$ .

Repeat

${\displaystyle i=i+1,b_{i}=\left\lfloor {\frac {P_{0}+P_{i-1}}{Q_{i}}}\right\rfloor ,P_{i}=b_{i}Q_{i}-P_{i-1},Q_{i+1}=Q_{i-1}+b_{i}(P_{i-1}-P_{i})}$ 

until ${\displaystyle P_{i}=P_{i-1}.}$ 

Then if ${\displaystyle f=\gcd(N,P_{i})}$  is not equal to ${\displaystyle 1}$  and not equal to ${\displaystyle N}$ , then ${\displaystyle f}$  is a non-trivial factor of ${\displaystyle N}$ . Otherwise try another value of ${\displaystyle k}$ .^{[citation needed]}

Shanks's method has time complexity ${\displaystyle O({\sqrt[{4}]{N}})}$ .

Stephen S. McMath wrote a more detailed discussion of the mathematics of Shanks's method, together with a proof of its correctness.^[2]

Let ${\displaystyle N=11111,k=1}$ 

${\displaystyle Q_{0}=1}$ 

Cycle forward
${\displaystyle i}$	${\displaystyle b_{i}}$	${\displaystyle P_{i}}$	${\displaystyle Q_{i+1}}$
${\displaystyle 0}$	${\displaystyle }$	${\displaystyle 105}$	${\displaystyle 86}$
${\displaystyle 1}$	${\displaystyle 2}$	${\displaystyle 67}$	${\displaystyle 37}$
${\displaystyle 2}$	${\displaystyle 2}$	${\displaystyle 87}$	${\displaystyle 46}$
${\displaystyle 3}$	${\displaystyle 4}$	${\displaystyle 97}$	${\displaystyle 37}$
${\displaystyle 4}$	${\displaystyle 5}$	${\displaystyle 88}$	${\displaystyle 91}$
${\displaystyle 5}$	${\displaystyle 2}$	${\displaystyle 94}$	${\displaystyle 25}$

Here ${\displaystyle Q_{6}=25}$  is a perfect square.

For the second phase, set ${\displaystyle Q_{-1}={\sqrt {25}}=5}$ . Then:

Reverse cycle
${\displaystyle i}$	${\displaystyle b_{i}}$	${\displaystyle P_{i}}$	${\displaystyle Q_{i}}$
${\displaystyle 0}$	${\displaystyle 2}$	${\displaystyle 104}$	${\displaystyle 59}$
${\displaystyle 1}$	${\displaystyle 3}$	${\displaystyle 73}$	${\displaystyle 98}$
${\displaystyle 2}$	${\displaystyle 1}$	${\displaystyle 25}$	${\displaystyle 107}$
${\displaystyle 3}$	${\displaystyle 1}$	${\displaystyle 82}$	${\displaystyle 41}$
${\displaystyle 4}$	${\displaystyle 4}$	${\displaystyle 82}$	${\displaystyle }$

Here ${\displaystyle P_{3}=P_{4}=82}$ .

Calculate ${\displaystyle gcd(11111,82)=41}$ , which is a factor of ${\displaystyle 11111}$ .

Thus, ${\displaystyle N=11111=41\cdot 271}$ .

Below is an example of C function for performing SQUFOF factorization on unsigned integer not larger than 64 bits, without overflow of the transient operations. ^{[citation needed]}

#include <inttypes.h>
#define nelems(x) (sizeof(x) / sizeof((x)[0]))

const int multiplier[] = {1, 3, 5, 7, 11, 3*5, 3*7, 3*11, 5*7, 5*11, 7*11, 3*5*7, 3*5*11, 3*7*11, 5*7*11, 3*5*7*11};

uint64_t SQUFOF( uint64_t N )
{
    uint64_t D, Po, P, Pprev, Q, Qprev, q, b, r, s;
    uint32_t L, B, i;
    s = (uint64_t)(sqrtl(N)+0.5);
    if (s*s == N) return s;
    for (int k = 0; k < nelems(multiplier) && N <= UINT64_MAX/multiplier[k]; k++) {
        D = multiplier[k]*N;
        Po = Pprev = P = sqrtl(D);
        Qprev = 1;
        Q = D - Po*Po;
        L = 2 * sqrtl( 2*s );
        B = 3 * L;
        for (i = 2 ; i < B ; i++) {
            b = (uint64_t)((Po + P)/Q);
            P = b*Q - P;
            q = Q;
            Q = Qprev + b*(Pprev - P);
            r = (uint64_t)(sqrtl(Q)+0.5);
            if (!(i & 1) && r*r == Q) break;
            Qprev = q;
            Pprev = P;
        };
        if (i >= B) continue;
        b = (uint64_t)((Po - P)/r);
        Pprev = P = b*r + P;
        Qprev = r;
        Q = (D - Pprev*Pprev)/Qprev;
        i = 0;
        do {
            b = (uint64_t)((Po + P)/Q);
            Pprev = P;
            P = b*Q - P;
            q = Q;
            Q = Qprev + b*(Pprev - P);
            Qprev = q;
            i++;
        } while (P != Pprev);
        r = gcd(N, Qprev);
        if (r != 1 && r != N) return r;
    }
    return 0;
}

• D. A. Buell (1989). Binary Quadratic Forms. Springer-Verlag. ISBN 0-387-97037-1.
• D. M. Bressoud (1989). Factorisation and Primality Testing. Springer-Verlag. ISBN 0-387-97040-1.
• Riesel, Hans (1994). Prime numbers and computer methods for factorization (2nd ed.). Birkhauser. ISBN 0-8176-3743-5.
• Samuel S. Wagstaff, Jr. (2013). The Joy of Factoring. Providence, RI: American Mathematical Society. pp. 163–168. ISBN 978-1-4704-1048-3.

• Daniel Shanks: Analysis and Improvement of the Continued Fraction Method of Factorization, (transcribed by S. McMath 2004)
• Daniel Shanks: SQUFOF Notes, (transcribed by S. McMath 2004)
• Stephen S. McMath: Parallel integer factorization using quadratic forms, 2005
• S. McMath, F. Crabbe, D. Joyner: Continued fractions and parallel SQUFOF, 2005
• Jason Gower, Samuel Wagstaff: Square Form Factorisation (Published)
• Shanks's SQUFOF Factoring Algorithm
• java-math-library