Rational sieve

Template:Short description In mathematics, the rational sieve is a general algorithm for factoring integers into prime factors. It is a special case of the general number field sieve. While it is less efficient than the general algorithm, it is conceptually simpler. It serves as a helpful first step in understanding how the general number field sieve works.

Method

Suppose we are trying to factor the composite number Template:Mvar. We choose a bound Template:Mvar, and identify the factor base (which we will call Template:Mvar), the set of all primes less than or equal to Template:Mvar. Next, we search for positive integers Template:Mvar such that both Template:Mvar and $z + n$ Script error: No such module "Check for unknown parameters". are Template:Mvar-smooth — i.e. all of their prime factors are in Template:Mvar. We can therefore write, for suitable exponents $a i$ Script error: No such module "Check for unknown parameters". and $b i$ Script error: No such module "Check for unknown parameters".,

$z = \prod_{p_{i} \in P} p_{i}^{a_{i}} and z + n = \prod_{p_{i} \in P} p_{i}^{b_{i}} .$

But Template:Mvar and $z + n$ are congruent modulo Template:Mvar, and so each such integer Template:Mvar that we find yields a multiplicative relation (mod Template:Mvar) among the elements of Template:Mvar, i.e.

\prod_{p_{i} \in P} p_{i}^{a_{i}} \equiv \prod_{p_{i} \in P} p_{i}^{b_{i}} (\mod n)

(where the $a i$ Script error: No such module "Check for unknown parameters". and $b i$ Script error: No such module "Check for unknown parameters". are nonnegative integers.)

When we have generated enough of these relations (it is generally sufficient that the number of relations be a few more than the size of Template:Mvar), we can use the methods of linear algebra to multiply together these various relations in such a way that the exponents of the primes are all even. This will give us a congruence of squares of the form $a 2 \equiv b 2 (mod n)$ Script error: No such module "Check for unknown parameters"., which can be turned into a factorization of $n = gcd(a + b, n) \times gcd(a - b, n)$ Script error: No such module "Check for unknown parameters".. This factorization might turn out to be trivial (i.e. $n = n \times 1$ Script error: No such module "Check for unknown parameters".), in which case we have to try again with a different combination of relations, but with luck we will get a nontrivial pair of factors of Template:Mvar, and the algorithm will terminate.

Example

We will factor the integer $n = 187$ Script error: No such module "Check for unknown parameters". using the rational sieve. We will arbitrarily try the value $B = 7$ Script error: No such module "Check for unknown parameters"., giving the factor base $P = Template:Mset$ Script error: No such module "Check for unknown parameters".. The first step is to test Template:Mvar for divisibility by each of the members of Template:Mvar; clearly if Template:Mvar is divisible by one of these primes, then we are finished already. However, 187 is not divisible by 2, 3, 5, or 7. Next, we search for suitable values of Template:Mvar; the first few are 2, 5, 9, and 56. These four suitable values of Template:Mvar give four multiplicative relations (mod 187):

Template:NumBlk Template:NumBlk Template:NumBlk Template:NumBlk

There are now several essentially different ways to combine these and end up with even exponents. For example,

(1)×(4): After multiplying these and canceling out the common factor of 7 (which we can do since 7, being a member of Template:Mvar, has already been determined to be coprime with Template:Mvar^[1]), this reduces to $24 \equiv 3 8 (mod n)$ Script error: No such module "Check for unknown parameters".. The resulting factorization is $187 = gcd(3 4 + 2 2, 187) \times gcd(3 4 - 2 2, 187) = 11 \times 17$ Script error: No such module "Check for unknown parameters"..

Alternatively, equation (3) is in the proper form already:

(3): This says $32 \equiv 14 2 (mod n)$ Script error: No such module "Check for unknown parameters"., which gives the factorization $187 = gcd(14 + 3, 187) \times gcd(14 - 3, 187) = 11 \times 17$ Script error: No such module "Check for unknown parameters"..

Limitations of the algorithm

Like the general number field sieve, the rational sieve cannot factor numbers of the form $p m$ Script error: No such module "Check for unknown parameters"., where Template:Mvar is a prime and Template:Mvar is an integer. This is not a huge problem, though—such numbers are statistically rare, and moreover there is a simple and fast process to check whether a given number is of this form. Probably the most elegant method is to check whether $⌊ n 1/ b ⌋ b = n$ Script error: No such module "Check for unknown parameters". holds for any $1 < b \leq log 2 (n)$ Script error: No such module "Check for unknown parameters". using an integer version of Newton's method for the root extraction.^[2]

The biggest problem is finding a sufficient number of Template:Mvar such that both Template:Mvar and $z + n$ Script error: No such module "Check for unknown parameters". are Template:Mvar-smooth. For any given Template:Mvar, the proportion of numbers that are Template:Mvar-smooth decreases rapidly with the size of the number. So if Template:Mvar is large (say, a hundred digits), it will be difficult or impossible to find enough Template:Mvar for the algorithm to work. The advantage of the general number field sieve is that one only needs to search for smooth numbers of order $exp(C (log(n)) 2/3 (log(log(n))) 1/3)$ Script error: No such module "Check for unknown parameters". for some $C > 0$ Script error: No such module "Check for unknown parameters"., rather than of order Template:Mvar as required here.^[3]

References

A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The Factorization of the Ninth Fermat Number, Math. Comp. 61 (1993), 319-349. Available at [2].
A. K. Lenstra, H. W. Lenstra, Jr. (eds.) The Development of the Number Field Sieve, Lecture Notes in Mathematics 1554, Springer-Verlag, New York, 1993.

Footnotes

↑ Note that common factors cannot in general be canceled in a congruence, but they can in this case, since the primes of the factor base are all required to be coprime to n, as mentioned above. See modular multiplicative inverse.
↑ R. Crandall and J. Papadopoulos, On the implementation of AKS-class primality tests, available at [1]
↑ A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The Factorization of the Ninth Fermat Number, Math. Comp. 61 (1993), p. 328

Script error: No such module "Check for unknown parameters".

Script error: No such module "Navbox".

[1] Note that common factors cannot in general be canceled in a congruence, but they can in this case, since the primes of the factor base are all required to be coprime to n, as mentioned above. See modular multiplicative inverse.

[2] R. Crandall and J. Papadopoulos, On the implementation of AKS-class primality tests, available at [1]

[3] A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The Factorization of the Ninth Fermat Number, Math. Comp. 61 (1993), p. 328

[1]

[2]

[3]

Rational sieve

Contents

Method

Example

Limitations of the algorithm

References

Footnotes

Navigation menu

Rational sieve

Method

Example

Limitations of the algorithm

References

Footnotes

Navigation menu

Search