8 - SIT281 Week 8 1.  Factorization of composite numbers...

This preview shows pages 1–13. Sign up to view the full content.

SIT281 Week 8 1. Factorization of composite numbers 2. Discrete Logarithm

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
PUZZLE 6 Find an irreducible polynomial that could be used to build the field GF(3 7 )
Puzzle solution An example is x 7 + x 6 + x 4 + 1 (mod 3) None of 0, 1 -1 is a solution and it has degree 7 .

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Factorization methods Well, we’ve done a couple of them last week, but these are the major ones: 1.The Miller-Rabin test for primality 2. The p -1 Factoring Algorithm 3. The quadratic sieve 4. Exponent factorization
Factoring We have looked at some simple methods of factoring and seen how difficult it can be. In the 1990s, some more sophisticated methods were developed, based on situations where the values have certain forms.

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
The p -1 Factoring Algorithm This was developed by John Pollard in 1974. It is based on an assumption that for one of the primes p in an RSA number n , the number p -1 has only small prime factors. For instance, if p = 281 , then p -1 = 2 3 × 5 × 7 has a factorization into small primes. The idea of the algorithm is that if we choose a large enough number, say B , then the small factors in p -1 would each appear in B factorial.
The p -1 Factoring Algorithm cont’d Example If , then is divisible by 2 3 × 5 × 7 . Now if this is true, then write and use Fermat to get for any We can conclude that Therefore and we can compute d . If we have found a non-trivial factor of n . 7! = 7 × 6 × 5 × 4 × 3 × 2 × 1 p | gcd( a B ! 1, n ) = d ,

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
The p -1 Factoring Algorithm cont’d Here’s the recipe. Let a = 2 Choose a bound B ( B ! p – 1 is needed) Compute b a B ! (mod n ) (in some efficient way) Let d = gcd ( b – 1, n ) If 1 < d < n , output divisor d of n . Otherwise try a a + 1 and repeat.
The p -1 Factoring Algorithm cont’d Example: Let n = 15770708441 . Choose B = 180 . Let b 2 180 (mod 15770708441) = 11620221425. Compute d = gcd( b -1, n ) = 135979 . We get the factorization 15770708441 = (135979)(115979) The reason that factorization worked is that d -1 = 135978 = 2(3)(131)(173) has only small prime factors. Any B 173 would have worked for this n .

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
The p -1 Factoring Algorithm cont’d There are two variables in the algorithm, a and B . Adjusting them can be tricky. It is easier to recompute the algorithm above by increasing a as the computational work is lower than if we increase B . The running time of the algorithm is about O( B × log B × log 2 n ) so choosing a small B helps. How do you avoid this attack? Well, don’t use primes p where p -1 has small prime factors.
The Quadratic Sieve This idea is based on a result we’ve already seen in primality testing. That is, if you can find ‘different’ values x and y (mod n ) such that x 2 y 2 (mod n ) , then gcd ( x y , n ) is a nontrivial factor of n . Here, ‘different’ means x ± y . (See sections 6.3 and 6.4.1 of the text.)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
The Quadratic Sieve cont’d The idea is somewhat of a trial and error method and again targets small prime factors.
This is the end of the preview. Sign up to access the rest of the document.