This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: p.196 #28. a) We assume that n is not the square of an integer, since otherwise we would already have a factorization. s is the smallest integer greater than the (noninteger) square root. f(x) = Since and , then f(x) = > 0. Moreover, since , and since , then (x + s) < < , so f(x) = < 2n  n = n. Hence, f(x) mod n is just f (x). The value A = determines the maximal number of columns in the table that we will look through in order to find smooth values of f(x). ("Smooth" means that f(x) has no prime factors which are not in our selected factor base.) b) If p divides , then . Hence, . In other words, the Legendre symbol ( ) is 1. Since we are seeking , with b divisible only by factors in the factor base, there is no point in checking values of f(x) for divisibility by p if (n/p) = 1. We always know that it will NOT divide evenly into f(x), so time spent checking divisibility will be wasted. Thus, if such a p were initially in our factor base, we can remove it and save time. None of the f(x) values will have that p in the factorization, so the b that we seek will not include it either. c) If p is not 0 mod n, then the equation f(x) = n mod p is the equation . In other words, We are looking for values of (x+s) which are square roots of n mod p. Now since we know that ( ) = 1, we will have such a square root, which we can cal l . Moreover, if is a square root of n, then  is also a square root of n. And if p is odd, the  is different than , so we can call it . On the other hand, over the field on integers mod a prime p, there are at most two roots to a quadratic equation, so we have all the roots. (Same argument as p. 105 #8, but slightly generalized.) Moreover, if we fix p in our factor base and go down the table of f(x)'s, then the values of x for which p divides f(x) are exactly those that are a multiple of p down from the two values or that we found by solving the square roots of n mod p. If p is large, then we can skip a lot of x's and not check to see if p divides those f(x)'s, since we already know that it won't. This saves us a lot of time. To see that this is so, note that if p divides , then p will automatically divide . Subtract, and note that we have a difference of squares, so p divides the difference. Hence, x's for which f(x) is divisible by a given p come in patterns exactly p apart. If you (2.1) (2.1) (2.2) (2.2) have an f(x) that is divisible by p, then we can go up the list an eventually it will hit one of the only two square roots of n, x or x . For fixed x, we can look at the patterns that run down the columns of p and know immediately if p will divide this particular f(x), even before we try dividing. d) If we know for a particular x that p divides f(x), the subtracting log(p) from log(n) gives us the sum of the logs of the other factors of f(x), which might be additional factors of p, or factors of different values of p....
View
Full
Document
This note was uploaded on 02/14/2012 for the course MATH 470 taught by Professor Staff during the Spring '08 term at Texas A&M.
 Spring '08
 Staff
 Cryptography

Click to edit the document details