All Topics  
Integer factorization

 

 
   Email Print
   Bookmark   Link
 

 

Integer factorization
 
 
  Topics Integer factorization Topic Home

In number theory
Number theory

Number theory is the branch of pure mathematics concerned with the properties of numbers in general, and integers in particular, as well as the wider classes of problems that arise from their study....
, integer factorization is the breaking down of a composite number
Composite number

A composite number is a negative and non-negative numbers integer which has a positive divisor other than one or itself. In other words, if 0 < n is an integer and there are integers 1 < a, b < n such that n = a ? b then n is composite....
 into smaller non-trivial divisor
Divisor

In mathematics, a divisor of an integer n, also called a factor of n, is an integer which evenly divides n without leaving a remainder....
s, which when multiplied together equal the original integer.

When the numbers are very large, no efficient integer factorization
Factorization

In mathematics, factorization or factoring is the decomposition of an object into a product of other objects, or factors, which when multiplication together give the original....
 algorithm
Algorithm

In mathematics, computing, linguistics and related subjects, an algorithm is a sequence of finite instructions, often used for calculation and data processing....
 is publicly known; a 2005 effort by F. Bahr, M. Boehm, J. Franke, T. Kleinjung factored a 193-digit number (RSA-640) utilizing 30 2.2GHz-Opteron-CPU years over a span of 5 months.






Discussion
Ask a question about 'Integer factorization'
Start a new discussion about 'Integer factorization'
Answer questions from other users
Full Discussion Forum



Encyclopedia


In number theory
Number theory

Number theory is the branch of pure mathematics concerned with the properties of numbers in general, and integers in particular, as well as the wider classes of problems that arise from their study....
, integer factorization is the breaking down of a composite number
Composite number

A composite number is a negative and non-negative numbers integer which has a positive divisor other than one or itself. In other words, if 0 < n is an integer and there are integers 1 < a, b < n such that n = a ? b then n is composite....
 into smaller non-trivial divisor
Divisor

In mathematics, a divisor of an integer n, also called a factor of n, is an integer which evenly divides n without leaving a remainder....
s, which when multiplied together equal the original integer.

When the numbers are very large, no efficient integer factorization
Factorization

In mathematics, factorization or factoring is the decomposition of an object into a product of other objects, or factors, which when multiplication together give the original....
 algorithm
Algorithm

In mathematics, computing, linguistics and related subjects, an algorithm is a sequence of finite instructions, often used for calculation and data processing....
 is publicly known; a 2005 effort by F. Bahr, M. Boehm, J. Franke, T. Kleinjung factored a 193-digit number (RSA-640) utilizing 30 2.2GHz-Opteron-CPU years over a span of 5 months. The presumed difficulty of this problem is at the heart of certain algorithms in cryptography
Cryptography

Cryptography is the practice and study of hiding information. In modern times cryptography is considered a branch of both mathematics and computer science and is affiliated closely with information theory, computer security and engineering....
 such as RSA
RSA

In cryptography, RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for digital signature as well as encryption, and one of the first great advances in public key cryptography....
. Many areas of mathematics
Mathematics

Mathematics is the study of quantity, structure, space, change, and related topics of pattern and form. Mathematicians seek out patterns whether found in numbers, space, natural science, computers, imaginary abstractions, or elsewhere....
 and computer science
Computer science

Computer science is the study of the theoretical foundations of information and computation, and of practical techniques for their implementation and application in computer systems....
 have been brought to bear on the problem, including elliptic curves, algebraic number theory
Algebraic number theory

In mathematics, algebraic number theory is a major branch of number theory which studies the algebraic structures related to algebraic integers....
, and quantum computing
Quantum computer

A quantum computer is a device for computation that makes direct use of quantum mechanical phenomena, such as quantum superposition and quantum entanglement, to perform operations on data....
.

Not all numbers of a given length are equally hard to factor. The hardest instances of these problems (for currently known techniques) are semiprime
Semiprime

In mathematics, a semiprime is a natural number that is the product of two prime numbers. The first few semiprimes are 4, 6, 9, 10, 14, 15, 21, 22, 25, 26, ......
s, the product of two prime number
Prime number

In mathematics, a prime number is a natural number which has exactly two distinct natural number divisors: 1 and itself. An infinitude of prime numbers exists, as demonstrated by Euclid around 300 BC....
s. When they are both large, randomly chosen, and about the same size (but not too close), even the fastest prime factorization algorithms on the fastest computers can take enough time to make the search impractical.

Prime decomposition

By the fundamental theorem of arithmetic
Fundamental theorem of arithmetic

In number theory and algebraic number theory, the Fundamental Theorem of Arithmetic states that any integer greater than 1 can be written as a unique product of prime numbers....
, every positive integer greater than one has a unique prime factorization. However, the fundamental theorem of arithmetic gives no insight into how to obtain an integer's prime factorization; it only guarantees its existence.

Given an algorithm for integer factorization, one can factor any integer down to its constituent prime factor
Prime factor

In number theory, the prime factors of a positive integer are the prime numbers that divide into that integer exactly, without leaving a remainder....
s by repeated application of this algorithm.

Practical applications

The hardness of this problem, to use a term from computational complexity theory
Computational complexity theory

Computational complexity theory, as a branch of the theory of computation in computer science, investigates the problems related to the Computational resource required for the execution of algorithms , and the inherent difficulty in providing efficient algorithms for specific computational problems....
 describing the difficulty of efficiently solving specific computational problems, lies at the heart of several important cryptographic systems. A fast integer factorization algorithm would mean that the RSA
RSA

In cryptography, RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for digital signature as well as encryption, and one of the first great advances in public key cryptography....
 public-key algorithm is not secure. Some cryptographic systems, such as the Rabin public-key algorithm
Rabin cryptosystem

The Rabin cryptosystem is an asymmetric cryptographic technique, whose security, like that of RSA, is related to the difficulty of factorization....
 and the Blum Blum Shub pseudo-random number generator can make a stronger guarantee — any means of breaking them can be used to build a fast integer factorization algorithm; if integer factorization is hard, then they are strong. In contrast, it may turn out that there are attacks on the RSA problem
RSA problem

In cryptography, the RSA problem is the task of finding eth roots modular arithmetic a composite number N whose prime factor are not known....
 more efficient than integer factorization, though none is currently published.

A similar hard problem with cryptographic applications is the discrete logarithm problem.

Even in the absence of cryptographic systems based on its hardness, integer factorization also has many positive applications in algorithms. For example, once an integer n is placed in its prime factorization representation, it enables the rapid computation of multiplicative function
Multiplicative function

In number theory, a multiplicative function is an arithmetic function f of the positive integer n with the property that f = 1 and whenever...
s on n. It can also be used to save storage, since any multiset
Multiset

In mathematics, a multiset is a generalization of a Set . A Element of a multiset can have more than one Element , while each member of a set has only one membership....
 of prime numbers can be stored without loss of information as its product; this was exploited, for example, by the Arecibo message
Arecibo message

The Arecibo message was light beam into space a single time via frequency modulation radio waves at a ceremony to mark the remodeling of the Arecibo Observatory on 16 November 1974....
.

Current state of the art

A team at the German Federal Agency for Information Technology Security (BSI
Federal Office for Information Security

The Bundesamt f?r Sicherheit in der Informationstechnik is the Germany government agency in charge of managing computer and communication security for the German government....
) holds the record for factorization of semiprime
Semiprime

In mathematics, a semiprime is a natural number that is the product of two prime numbers. The first few semiprimes are 4, 6, 9, 10, 14, 15, 21, 22, 25, 26, ......
s in the series proposed by the RSA Factoring Challenge
RSA Factoring Challenge

The RSA Factoring Challenge was a challenge put forward by RSA Laboratories on March 18 1991 to encourage research into computational number theory and the practical difficulty of Factorization large integers and cracking RSA keys used in cryptography....
 sponsored by RSA Security
RSA Security

RSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
. On May 9, 2005, this team announced factorization of RSA-200, a 663-bit number (200 decimal digits), using the general number field sieve
General number field sieve

In mathematics, the general number field sieve is the most algorithmic efficiency classical algorithm known for integer factorization larger than 100 digits....
.

The same team later announced factorization of RSA-640, a smaller number containing 193 decimal digits (640 bits), on November 4, 2005.

Both factorizations required several months of computer time using the combined power of 80 AMD Opteron
Opteron

The Opteron is Advanced Micro Devices's x86 server Central processing unit line, and was the first processor to implement the AMD64 instruction set architecture ....
 CPUs.

Difficulty and complexity

If a large, b-bit
Bit

A bit is a binary numeral system numerical digit, taking a value of either 0 or 1. Binary digits are a basic unit of information Computer data storage and transmission in digital computing and digital information theory....
 number is the product of two primes that are roughly the same size, then no algorithm
Algorithm

In mathematics, computing, linguistics and related subjects, an algorithm is a sequence of finite instructions, often used for calculation and data processing....
 has been published that can factor in polynomial time
Polynomial time

In computational complexity theory, polynomial time refers to the computation time of a problem where the run time, , is no greater than a polynomial function of the problem size, n....
, i.e., that can factor it in time O
Big O notation

In mathematics, big O notation describes the asymptotic analysis of a function when the argument tends towards a particular value or infinity, usually in terms of simpler functions....
(bk) for some constant k. There are published algorithms that are faster than O
Big O notation

In mathematics, big O notation describes the asymptotic analysis of a function when the argument tends towards a particular value or infinity, usually in terms of simpler functions....
((1+e)b) for all positive e, i.e., sub-exponential.

The best published asymptotic running time is for the general number field sieve
General number field sieve

In mathematics, the general number field sieve is the most algorithmic efficiency classical algorithm known for integer factorization larger than 100 digits....
 (GNFS) algorithm, which, for a b-bit number n, is:

For an ordinary computer, GNFS is the best published algorithm for large n (more than about 100 digits). For a quantum computer
Quantum computer

A quantum computer is a device for computation that makes direct use of quantum mechanical phenomena, such as quantum superposition and quantum entanglement, to perform operations on data....
, however, Peter Shor
Peter Shor

Peter Williston Shor is an United States theoretical computer science most famous for his work on quantum computation, in particular for devising a quantum algorithm for Integer factorization exponentially faster than the best currently-known algorithm running on a classical computer ....
 discovered an algorithm in 1994 that solves it in polynomial time. This will have significant implications for cryptography if a large quantum computer is ever built. Shor's algorithm
Shor's algorithm

Shor's algorithm, first introduced by mathematician Peter Shor, is a quantum computer algorithm for integer factorization. On a quantum computer, to factor an integer , Shor's algorithm takes polynomial time in , specifically , demonstrating that integer factorization is in the complexity class BQP....
 takes only O(b3) time and O(b) space on b-bit number inputs. In 2001, the first 7-qubit quantum computer became the first to run Shor's algorithm. It factored the number 15.

When discussing what complexity class
Complexity class

In computational complexity theory, a complexity class is a set of problems of related complexity. A typical complexity class has a definition of the form:...
es the integer factorization problem falls into, it's necessary to distinguish two slightly different versions of the problem:

  • The function problem
    Function problem

    In computational complexity theory, a function problem is a problem other than a decision problem, that is, a problem requiring a more complex answer than just YES or NO....
     version: given an integer N, find an integer d with 1 < d < N that divides N (or conclude that N is prime). This problem is trivially in FNP
    FNP (complexity)

    In computational complexity theory, the complexity class FNP is the function problem extension of the decision problem class NP . The name is a bit of a misnomer, since technically it is a class of binary relations, not functions, as the following formal definition explains:...
     and it's not known whether it lies in FP
    FP (complexity)

    In computational complexity theory, the complexity class FP is the set of function problems which can be solved by a deterministic Turing machine in polynomial time; it is the function problem version of the decision problem class P ....
     or not. This is the version solved by most practical implementations.
  • The decision problem
    Decision problem

    In computability theory and computational complexity theory, a decision problem is a question in some formal system with a yes-or-no answer, depending on the values of some input parameters....
     version: given an integer N and an integer M with 1 = M = N, does N have a factor d with 1 < d < M? This version is useful because most well-studied complexity classes are defined as classes of decision problems, not function problems. This is a natural decision version of the problem, analogous to those frequently used for optimization problem
    Optimization problem

    In mathematics and computer science, an optimization problem is the problem of finding the best solution from all feasible solutions. More formally, an optimization problem is a quadruple , where...
    s, because it can be combined with binary search to solve the function problem version in a logarithmic number of queries.


It is not known exactly which complexity classes
Computational complexity theory

Computational complexity theory, as a branch of the theory of computation in computer science, investigates the problems related to the Computational resource required for the execution of algorithms , and the inherent difficulty in providing efficient algorithms for specific computational problems....
 contain the decision version of the integer factorization problem. It is known to be in both NP
NP (complexity)

In computational complexity theory, NP is one of the most fundamental complexity classes.The abbreviation NP refers to "Nondeterministic algorithm Polynomial time"....
 and co-NP
Co-NP

In computational complexity theory, co-NP is a complexity class. A problem is a member of co-NP if and only if its complement is in complexity class NP ....
. This is because both YES and NO answers can be trivially verified given the prime factors (we can verify their primality using the AKS primality test
AKS primality test

The AKS primality test is a deterministic algorithm primality test algorithm created and published by three Indian Institute of Technology Kanpur computer scientists, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena on August 6, 2002 in a paper titled PRIMES is in P....
, and that their product is N by multiplication). In fact, providing we require the factors to be listed in order, the fundamental theorem of arithmetic
Fundamental theorem of arithmetic

In number theory and algebraic number theory, the Fundamental Theorem of Arithmetic states that any integer greater than 1 can be written as a unique product of prime numbers....
 will guarantee that there is only one possible string that will be accepted; this shows that the problem is in both UP
UP (complexity)

In computational complexity theory, UP is the complexity class of decision problems solvable in polynomial time on a non-deterministic Turing machine with at most one accepting path for each input....
 and co-UP. It is known to be in BQP
BQP

In computational complexity theory BQP stands for "Bounded error, Quantum, polynomial time". It denotes the class of decision problems solvable by a quantum computer in polynomial time, with an error probability of at most 1/3 for all instances....
 because of Shor's algorithm
Shor's algorithm

Shor's algorithm, first introduced by mathematician Peter Shor, is a quantum computer algorithm for integer factorization. On a quantum computer, to factor an integer , Shor's algorithm takes polynomial time in , specifically , demonstrating that integer factorization is in the complexity class BQP....
. It is suspected to be outside of all three of the complexity classes P
P (complexity)

In computational complexity theory, P, also known as PTIME or DTIME, is one of the most fundamental complexity classes. It contains all decision problems which can be solved by a deterministic Turing machine using a polynomial amount of computation time, or polynomial time....
, NP-Complete
NP-complete

In computational complexity theory, the complexity class NP-complete is a class of problems having two properties:* Any given solution to the problem can be verified quickly ; the set of problems with this property is called NP ....
, and co-NP-Complete
Co-NP-complete

In Computational complexity theory, computational problems that are Co-NP-complete are those that are the hardest problems in Co-NP, in the sense that they are the ones most likely not to be in P ....
. If it could be proved that it is in either NP-Complete or co-NP-Complete, that would imply NP = co-NP. That would be a very surprising result, and therefore integer factorization is widely suspected to be outside both of those classes. Many people have tried to find classical polynomial-time algorithms for it and failed, and therefore it is widely suspected to be outside P.

In contrast, the decision problem "is N a composite number
Composite number

A composite number is a negative and non-negative numbers integer which has a positive divisor other than one or itself. In other words, if 0 < n is an integer and there are integers 1 < a, b < n such that n = a ? b then n is composite....
?" (or equivalently: "is N a prime number
Prime number

In mathematics, a prime number is a natural number which has exactly two distinct natural number divisors: 1 and itself. An infinitude of prime numbers exists, as demonstrated by Euclid around 300 BC....
?") appears to be much easier than the problem of actually finding the factors of N. Specifically, the former can be solved in polynomial time (in the number n of digits of N) with the AKS primality test
AKS primality test

The AKS primality test is a deterministic algorithm primality test algorithm created and published by three Indian Institute of Technology Kanpur computer scientists, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena on August 6, 2002 in a paper titled PRIMES is in P....
. In addition, there are a number of probabilistic algorithm
Randomized algorithm

A randomized algorithm or probabilistic algorithm is an algorithm which employs a degree of randomness as part of its logic. The algorithm typically uses Uniform distribution bits as an auxiliary input to guide its behavior, in the hope of achieving good performance in the "average case" over all possible choices of random bits....
s that can test primality very quickly in practice if one is willing to accept the small possibility of error. The ease of primality test
Primality test

A primality test is an algorithm for determining whether an input number is prime number. Amongst other fields of mathematics, it is used for cryptography....
ing is a crucial part of the RSA
RSA

In cryptography, RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for digital signature as well as encryption, and one of the first great advances in public key cryptography....
 algorithm, as it is necessary to find large prime numbers to start with.

Factoring algorithms


Special-purpose

A special-purpose factoring algorithm's running time depends on the properties of its unknown factors: size, special form, etc. Exactly what the running time depends on varies between algorithms. For example, trial division is considered special purpose because the running time is roughly proportional to the size of the smallest factor.

  • Trial division
    Trial division

    Trial division is the most laborious but easiest to understand of the integer factorization algorithms.Given a composite number n , trial division consists of trial-dividing n by every prime number less than or equal to ....
  • Pollard's rho algorithm
    Pollard's rho algorithm

    Pollard's rho algorithm is a special-purpose integer factorization algorithm. It was invented by John Pollard in 1975. It is particularly effective at splitting composite numbers with small factors....
  • Algebraic-group factorisation algorithms amongst which are Pollard's p − 1 algorithm, Williams' p+1 algorithm
    Williams' p plus 1 algorithm

    In computational number theory, Williams' p + 1 algorithm is an integer factorization algorithm, one of the family of algebraic-group factorisation algorithms....
     and Lenstra elliptic curve factorization
    Lenstra elliptic curve factorization

    The Lenstra elliptic curve factorization or the elliptic curve factorization method is a fast, sub-exponential running time algorithm for integer factorization which employs elliptic curves....
  • Fermat's factorization method
    Fermat's factorization method

    Fermat's factorization method is based on the representation of an even and odd numbers integer as the difference of two squares:That difference is algebraically factorable as ; if neither factor equals one, it is a proper factorization of N....
  • Euler's factorization method
    Euler's factorization method

    Leonhard Euler factorization method is a method of integer factorization based upon representing a natural number as the sum of two square number in two different ways:...
  • Special number field sieve
    Special number field sieve

    The special number field sieve is a special-purpose integer factorization algorithm. The general number field sieve was derived from it.The special number field sieve is efficient for integers of the form re ± s, where r and s are small ....


General-purpose

A general-purpose factoring algorithm's running time depends solely on the size of the integer to be factored. This is the type of algorithm used to factor RSA numbers. Most general-purpose factoring algorithms are based on the congruence of squares
Congruence of squares

In number theory, a congruence of squares is a congruence relation commonly used in integer factorization algorithms....
 method.

  • Dixon's algorithm
  • Continued fraction factorization
    Continued fraction factorization

    In number theory, the continued fraction factorization method is an integer factorization algorithm. It is a general-purpose algorithm, meaning that it is suitable for factoring any integer n, not depending on special form or properties....
     (CFRAC)
  • Quadratic sieve
    Quadratic sieve

    The quadratic sieve algorithm is a modern integer factorization algorithm and, in practice, the second fastest method known . It is still the fastest for integers under 100 decimal digits or so, and is considerably simpler than the number field sieve....
  • General number field sieve
    General number field sieve

    In mathematics, the general number field sieve is the most algorithmic efficiency classical algorithm known for integer factorization larger than 100 digits....
  • Shanks' square forms factorization
    Shanks' square forms factorization

    Shanks' square forms factorization is a method for integer factorization devised by Daniel Shanks as an improvement on Fermat's factorization method....
     (SQUFOF)


Other notable algorithms

  • Shor's algorithm
    Shor's algorithm

    Shor's algorithm, first introduced by mathematician Peter Shor, is a quantum computer algorithm for integer factorization. On a quantum computer, to factor an integer , Shor's algorithm takes polynomial time in , specifically , demonstrating that integer factorization is in the complexity class BQP....
    , for quantum computer
    Quantum computer

    A quantum computer is a device for computation that makes direct use of quantum mechanical phenomena, such as quantum superposition and quantum entanglement, to perform operations on data....
    s


External links

  • Richard P. Brent, "Recent Progress and Prospects for Integer Factorisation Algorithms", Computing and Combinatorics", 2000, pp.3-22.
  • Manindra Agrawal
    Manindra Agrawal

    Manindra Agrawal to educators Mr. Surendra P.Agarwal and Mrs. Himanshu B.Agarwal, is a Professor and Head of the Department of Computer Science and Computer Engineering at the Indian Institute of Technology, Kanpur....
    , Neeraj Kayal, Nitin Saxena, "PRIMES is in P." Annals of Mathematics 160(2): 781-793 (2004).
  • [ftp://ftp.computing.dcu.ie/pub/crypto/factor.exe] is a public-domain integer factorization program for Windows. It claims to handle 80-digit numbers. See also the web site for this program
  • is an integer factorization Java applet that uses the Elliptic Curve Method and the Self Initializing Quadratic Sieve.
  • - a factoring challenge, no longer active.
  • Eric W. Weisstein,
  • , a suite of programs for integer factorization. It contains several factorization methods like Elliptic Curve Method and MPQS.
  • , Three known algorithms and C source code.
  • : by Paul Herman & Ami Fischman, C++ source code for many factorization algorithms including Pollard Rho & Shor's.