| Lenstra Elliptic Curve Factorization |
Website Links For Elliptic |
Information AboutLenstra Elliptic Curve Factorization |
| CATEGORIES ABOUT LENSTRA ELLIPTIC CURVE FACTORIZATION | |
| integer factorization algorithms | |
| finite fields | |
|
For general purpose factoring (on a General Purpose Computer ) this method is the third-fastest factoring method. The second fastest is the multiple polynomial version of the Quadratic Sieve . The fastest general purpose factoring algorithm is the General Number Field Sieve . Both the quadratic sieve and the general number field sieve are Probabilistic Algorithms . Practically speaking, ECM is considered a special purpose factoring algorithm as it is most suitable for finding small factors. Currently, it is still the best algorithm for factoring out Divisor s of size not greatly exceeding 20 to 25 digits (64 to 83 bits or so), as its running time is dominated by the size of a factor ''p'' rather than by the size of the number ''n'' to be factored. The largest factor found (the co-factor being larger) by ECM as of several years ago was around 50 digits. Increasing the number of curves tested improves the chances, but they are not linear with the increase in the number of digits. ECM is at its core an improvement of the older Pollard's P-1 Algorithm . In that method, it is assumed that the given number ''n'' has a Prime factor ''p'' such that ''p'' − 1 had only "small" prime factors (numbers whose prime factors are all "small" are informally called Smooth Number s). Then, by Fermat's Little Theorem , : whenever ''p'' − 1 divides ''e'' and ''p'' does not divide ''a''. Taking ''e'' to be a product of small primes raised to small powers, and ''a'' to be a random residue mod ''n'', we can hopefully factor ''n'' by computing the Greatest Common Divisor of ''n'' and ''ae''-1, as other divisors ''q'' of ''n'' are unlikely to have the property that ''q''-1 divides ''e'' — smooth values are rare. However, we will not be able to factor ''n'' if ''n'' does not have a prime factor ''p'' with ''p''-1 smooth. The Lenstra elliptic curve factorization gets around this obstacle by considering the Group of a random Elliptic Curve over the Finite Field Z''p'', rather than considering the multiplicative group of Z''p'' which always has order ''p''-1. The order of the group of an elliptic curve over Z''p'' varies between : and : by a Theorem By Helmut Hasse , and randomly, and is likely to be smooth for some elliptic curves. Although there is no proof that a smooth group order will be found in the Hasse-interval, by using heuristic probabilistic methods, the Canfield-Erdös-Pomerance Theorem with suitably optimized parameter choices, and the L-notation , we can expect to try : curves before getting a smooth group order. This heuristic estimate is very reliable in practice. The Lenstra elliptic curve factorization method to find a factor of the given number ''n'' works as follows:
SEE ALSO
OTHER EXTERNAL LINKS REFERENCES
|
|
|