Fattorizzazione di interi

Factorization

Thecompletelistoffactorscanbededucedbasedonthefactorization,increasingthepowerfromzerountilitisequaltothisnumber.Forexample,because45=32×5,45canbe30×50,30×51,31×50,31×51,32×50,and32×51,or1,5,3,9,15,and45aredivisible.Correspondingly,thedivisordecompositiononlyincludesdivisorfactors.

Practicalapplication

Giventwoapproximatenumbers,itiseasytomultiplythem.However,giventheirproducts,itisnotsoeasytofindtheirfactors.Thisisthekeytomanymoderncryptosystems.Ifaquickwaytosolvetheintegerfactorizationproblemcanbefound,severalimportantcryptographicsystemswillbebreached,includingtheRSApublickeyalgorithmandtheBlumBlumShubrandomnumbergenerator.

Althoughrapiddecompositionisoneofthewaystobreakthesesystems,therearestillothermethodsthatdonotinvolvedecomposition.Sothesituationmaybecomelikethis:theintegerfactorizationproblemisstillverydifficult,butthesecryptosystemscanbebrokenquickly.Somecryptosystemscanprovidestrongerguarantees:ifthesecryptosystemsarecrackedquickly(thatis,theycanbecrackedwithpolynomialtimecomplexity),thealgorithmsforcrackingthesesystemscanbeusedtoquickly(withpolynomialtimecomplexity)decomposeintegers..Inotherwords,crackingsuchacryptosystemwillnotbeeasierthanintegerdecomposition.SuchcryptosystemsincludetheRabincryptosystem(avariantofRSA)andtheBlumBlumShubrandomnumbergenerator.

Newdevelopmentstoday

In2005,the663binarydigitslongRSA-200aspartofpublicresearchhasbeendecomposedbyageneral-purposemethod.

Ifalargeonehasnbinarydigitsinlength,itistheproductoftwodivisorsofalmostthesamesize.ThereisnogoodalgorithmtousepolynomialtimecomplexityDecomposeit.

ThismeansthatthereisnoknownalgorithmthatcandecomposeitinO(n)(kisaconstant)time.ButthealgorithmisalsofasterthanΘ(e).Inotherwords,thebestalgorithmsweknowarefasterthanexponentialtimeandslowerthanpolynomialtime.Thebestknownasymptoterunningtimeisthegeneralnumberfieldsiftingmethod(GNFS).Thetimeis:

Forordinarycomputers,GNFSisthebestweknowtodealwithnbinarydigitsapproximatelyNumberofmethods.However,forquantumcomputers,PeterSauerdiscoveredin1994analgorithmthatcansolvethisprobleminpolynomialtime.Iflargequantumcomputersarebuilt,thiswillhaveveryimportantimplicationsforcryptography.ThisalgorithmonlyneedsO(n)intimeandO(n)inspace.Only2nqubitsareneededtoconstructsuchanalgorithm.In2001,thefirst7-qubitquantumcomputerwasthefirsttorunthisalgorithm,anditsdecompositionnumberwas15.

Difficultyandcomplexity

Itisnotknownexactlywhichcomplexityclasstheintegerdecompositionbelongsto.

Weknowthatthejudgmentquestionformofthisquestion("IsthereadivisorofNsmallerthanM?")isbasedonNPandinverseNP.Becausewhethertheanswerisyesorno,wecanuseaprimefactorandtheprimefactorprooftoverifytheanswer.AccordingtotheShueralgorithm,thisproblemisinBQP.MostpeoplesuspectthatthisproblemisnotinthethreecomplexitycategoriesofP,NP-complete,andanti-NP-complete.IfthisproblemcanbeprovedtobeNP-completeoranti-NP-complete,thenwecanconcludethatNP=anti-NP.Thiswillbeaveryshockingresult,andthereforemostpeopleguessthattheproblemofintegerfactorizationisnotintheabove-mentionedcomplexitycategory.Therearealsomanypeoplewhotrytofindpolynomialtimealgorithmstosolvethisproblem,buttheyhavenotbeensuccessful.Therefore,mostpeoplesuspectthatthisproblemisnotinP.

Interestingly,determiningwhetheranintegerisaprimenumberismuchsimplerthandecomposingtheinteger.TheAKSalgorithmprovesthattheformercanbesolvedinpolynomialtime.TestingwhetheranumberisaprimenumberisaveryimportantpartoftheRSAalgorithm,becauseitneedstofindaverylargeprimenumberatthebeginning.

Integerfactorizationalgorithm

Specialpurposealgorithm

Therunningtimeofaspecialfactorizationalgorithmdependsonitsownunknownfactors:size,type,etc.Therunningtimeisalsodifferentbetweendifferentalgorithms.

  • TrialdivisionInteger factorization

  • Wheeldecomposition

  • PollardRHOalgorithm

  • Algebraicgroupfactorizationalgorithms,includingPollard'sp−1algorithm,Williams'p+1algorithmandLenstraellipticcurvedecompositionmethod

  • Fermatprimenumberdeterminationmethod

  • Eulerianfactorizationmethod

  • Specialnumberfieldfilteringmethod

Generalpurposealgorithm

Therunningtimeofgeneralpurposealgorithmonlydependsontheintegertobedecomposedlength.ThisalgorithmcanbeusedtodecomposeRSAnumbers.Mostgeneral-purposealgorithmsarebasedonthesquarecongruencemethod.

  • Dixonalgorithm

  • Continuedfractiondecompositionmethod(CFRAC)

  • Secondaryscreeningmethod

  • Rationalscreeningmethod

  • Commonnumberfieldscreeningmethod

  • Shanks'squareformsfactorization (SQUFOF)

Otheralgorithms

  • Sauer'salgorithm

Related Articles
TOP