UNIT - IV

Primality and Factoring:

Pseudoprimes –
rho Method –
Fermat Factorization and Factor Bases – ✓
Continued Fraction Method –
Quadratic Sieve Method.

1
 Fermat Factorization

Fermat Factorization
• An efficient way to factor a composite number n, if n is a product of two integers
which are close to one another.
• If n = a × b, and a – b is a small number (i.e., a & b are closer).
Example: 35 = 5 × 7 ● ● ●
5 7 35

• It is based on the fact that n is equal to a difference of two squares, one of which
is very small. 𝑛 = 𝑡 2 − 𝑠 2
• This method is called Fermat Factorization.

2
 Fermat Factorization

Proposition V.3.1
Let 𝒏 be a positive odd integer.
There is 1-to-1 correspondence between the factorizations of 𝒏 in the form
𝒏 = 𝒂𝒃, where 𝑎 ≥ 𝑏 > 0, and the representations of 𝒏 = 𝒕𝟐 − 𝒔𝟐 , where 𝒔 and 𝒕
are nonnegative integers.
The correspondence is given by the equations: 𝒏 = 𝒂𝒃 & 𝒏 = 𝒕𝟐 − 𝒔𝟐
𝑎+𝑏 𝑎−𝑏
𝑡= , 𝑠= ;
2 2
𝑎 = 𝑡 + 𝑠, 𝑏 = 𝑡 − 𝑠.

3
 Fermat Factorization
Proposition V.3.1
Let 𝑛 be a positive odd integer. There is 1-to-1 correspondence between the factorizations of 𝑛 in the form
𝑛 = 𝑎𝑏, where 𝑎 ≥ 𝑏 > 0, and the representations of 𝑛 in the form 𝑡 2 − 𝑠 2 , where 𝑠 and 𝑡 are nonnegative
integers.
The correspondence is given by the equations:
𝑎+𝑏 𝑎−𝑏
𝑡= , 𝑠= ; 𝒏 = 𝒂𝒃 & 𝒏 = 𝒕𝟐 − 𝒔𝟐
2 2

𝑎 = 𝑡 + 𝑠, 𝑏 = 𝑡 − 𝑠.
Part 1: Part 2:
We can write 𝑛 as Conversely given that n = t2 – s2.
𝑛 = 𝑎𝑏 We can factor the RHS as
= (𝑡 + 𝑠) (𝑡 – 𝑠) n = t2 – s2 = (t + s) (t – s)
= 𝑡 2 − 𝑠2 =ab
𝑎+𝑏 2 𝑎−𝑏 2 The equations in the proposition explicitly give the 1-to-1
∴𝑛 = − correspondence between the two ways of writing n.
2 2

4
 Fermat Factorization
Proposition V.3.1
Let 𝑛 be a positive odd integer. There is 1-to-1 correspondence between the factorizations of 𝑛 in the form
𝑛 = 𝑎𝑏, where 𝑎 ≥ 𝑏 > 0, and the representations of 𝑛 in the form 𝑡 2 − 𝑠 2 , where 𝑠 and 𝑡 are nonnegative
integers.
The correspondence is given by the equations:
𝑎+𝑏 𝑎−𝑏
𝑡= , 𝑠= ;
2 2

𝑎 = 𝑡 + 𝑠, 𝑏 = 𝑡 − 𝑠.

𝑎−𝑏
If 𝑛 = 𝑎𝑏 with 𝑎 and 𝑏 are close together, then 𝑠 = is small, and 𝑡 is only
2
slightly larger than 𝑛.
In that case, we can find 𝑎 and 𝑏 by trying all values for 𝑡 starting with ⌊ 𝑛⌋ + 1,
increment t by 1 until we find one for which 𝑡 2 − 𝑛 = 𝑠 2 is a perfect square.

5
 Fermat Factorization

Example 1. Factor 200819.

Solution:
Let 𝑛 = 200819. This 𝑛 can be written as 𝑛 = 𝑎 × 𝑏.
We can find 𝑎 and 𝑏 by trying all values for 𝑡 starting with ⌊ 𝑛⌋ + 1, until we find
one t for which 𝑡 2 − 𝑛 = 𝑠 2 is a perfect square.
We have t = ⌊ 200819⌋ + 1 = 449. 200819 = 448.1283
𝑡 2 − 𝑛 = 𝑠 2 is a perfect square?
Now 4492 – 200819 = 782. 782 is not a perfect square.
Next 𝑡 = 450; 4502 – 200819 = 1681 = 412.
i.e., 200819 = 4502 – 412
= (450 + 41) (450 – 41)
= 491 × 409
∴ 200819 = 491 × 409 (𝑛 = 𝑎 × 𝑏)
6
 Fermat Factorization

● ● ● ●
7 9 13 91

7
 Fermat Factorization

Factor n = 1189 using the Fermat/Generalization of Fermat Factorization.

∴ 1189 = 41 × 29.

8
 Factor Bases

Definition: Factor Bases

A factor base is a set B = {p1, p2, …, ph} of distinct primes, except that p1 may be
the integer ‒1.
Example: Factor Base
B = {-1, 2, 3, 7, 11}.

Definition: B-number
A B-number is an integer divisible only by primes in the factor base B.
2 1 4 2
67 ≡ ‒144 mod 4633 & ‒144 = (-1) . 2 . 3
Example: B-number
Let B = {-1, 2, 3}.
‒144 = (-1)1 . 24 . 32
9
 Factor Bases

Definition: Least Absolute Residue

𝑛 𝑛
The least absolute residue of a number 𝒂 is the integer a mod n in (− , ).
2 2
i.e., the least absolute residue of 𝑎 is
𝑛 𝑛
a mod n ∈ (− , ).
2 2

Example:
The least absolute residue of 7 mod 9 ≠ 7.
9 9 9 9
(− , ) = {−4, −3, −2, −1, 0, 1, 2, 3, 4} => 7 ∉ (− , )
2 2 2 2
i.e., 7 – 9 mod 9 = −2
9 9
∵ −2 ϵ − , , the least absolute residue of 7 mod 9 = −2.
2 2

10
 Factor Bases

Definition: Square of an integer A B-number is an integer divisible only by primes in B.

The square of an integer b is a B-number for a given n if the least absolute residue
b2 mod n can be written as a product of numbers from B.

Example 5.
For n = 4633 and a factor base B = {-1, 2, 3}, the square of the three integers 67, 68
and 69 are B-numbers.
2 1 4 2
67 ≡ ‒144 mod 4633 & ‒144 = (-1) . 2 . 3 672 = 4489 𝑚𝑜𝑑 4633
2 1 2 4633 4633
68 ≡ ‒9 mod 4633 & ‒9 = (-1) . 3 = 4489. But 4489 ∉ (− 2 , 2 )
692 ≡ 128 mod 4633 & 128 = 27 ∴ 4489 mod 4633 ≡ 4489 − 4633 = −144

11
 Factor Bases

Let F2h denote the vector space over the field of two elements which consists of h-
tuples of zeros and ones.
• Given 𝒏 and a factor base 𝑩 containing h numbers, we show how to
correspond a vector 𝜀 ϵ F2h to every B-number.
• Namely, i.e., we write b2 mod n in the form as
b2 mod n = ℎ𝑗=1 𝑝𝑗 𝛼𝑗
and set the jth component of εj equal to αj mod 2.
0, 𝑖𝑓 𝛼𝑗 is even
i.e., 𝛼𝑗 mod 2 =
1, 𝑖𝑓 𝛼𝑗 is odd

12
 Factor Bases

There is a generalization of the idea behind the Fermat Factorization.

This leads to a much more efficient factoring method.

• At any time, if we are able to obtain a congruence of the form

t2 ≡ s2 mod n with t ≢ ±s mod n,
we immediately find a factor of n by computing
gcd(t + s, n) or gcd(t – s, n).

• This is because we have n|t2 – s2, while n does not divide

(t + s) or (t – s), since t2 – s2 = (t + s) (t – s).
𝑛
• Then gcd(t + s, n) = a must be a proper factor of n, and 𝒃 = .
𝑎
• i.e., gcd(t – s, n) = 𝒃.
13
 Factor Bases

Example 4
Factor 4633.
Solution:
Since 1182 ≡ 52 mod 4633 and 118 ≢ ±5 mod 4633,

Then gcd(118 + 5, 4633) = 41 &

gcd(118 – 5, 4633) = 113
 4633 = 41 × 113

But, how to get the two numbers 118 & 5 such that 1182 ≡ 52 mod 4633 in the
Example 4?

14
 Factor Bases

Example 5
For n = 4633 and B = {-1, 2, 3}, the squares of three integers 67, 68 and 69 are B-
numbers.

672 ≡ -144 mod 4633 & -144 = (-1)1 . 24 . 32

B = {-1, 2, 3}
682 ≡ -9 mod 4633 & -9 = (-1)1 . 32
692 ≡ 128 mod 4633 & 128 = 27
Since 672, 682 and 692 are written with B, these numbers {67, 68, 69} are B-
numbers.

15
 Factor Bases
Example 6
Example 5
Consider the Example 5.
For n = 4633 and B = {-1, 2, 3}, the square of the
672 ≡ -144 mod 4633 & -144 = (-1)1 . 24 . 32 three integers 67, 68 and 69 are B-numbers.
682 ≡ -9 mod 4633 & -9 = (-1)1 . 32
B = {-1, 2, 3}
692 ≡ 128 mod 4633 & 128 = 27
We write b2 mod n in the form ℎ𝑗=1 𝑝𝑗 𝛼𝑗 and set the jth component of εj
equal to αj mod 2. 1 . 24 . 32
i.e., αj mod 2 = 0 if αj is even 67: -144 = (-1)
68: -9 = (-1) 1 . 32
= 1 if αj is odd.
69: 128 = 27
The ε-vector corresponding to 67 is {1, 0, 0}
The ε-vector corresponding to 68 is {1, 0, 0}
The ε-vector corresponding to 69 is {0, 1, 0}.

16
 Factor Bases
A B-number is an integer divisible only by prime in B.

A. Let n = 2701. Use the B-number 522, 532 mod n for a suitable factor-base B to
factor 2701. What are the 𝜀 ’s corresponding to 52 and 53?

B. Let n = 4633. Use 68, 152 and 153 with a suitable factor-base B to factor 4633,
what are the corresponding vectors?

17
 Factor Bases

• Suppose that we have some set of B-numbers bi2 mod n such that the
corresponding vectors 𝜀 = {εi1, …, εih} add up to the zero vector in F2h.

• Then the product of the least absolute residues of bi2 is equal to a product of
even powers of all of the pj in B.

• That is, for each i, let αi denote the least absolute residue of bi2 mod n, and we
write
bi2 mod n =

18
 Factor Bases
• Suppose that we have some set of B-numbers bi2 mod n such that the
corresponding vector 𝜀 = 𝜀𝑖1 , … , 𝜀𝑖ℎ add up to the zero vector in F2h.
• Then we compute two numbers b and c as follows:
𝑏 = 𝜋𝑖 𝑏𝑖 mod 𝑛
𝛾𝑗 1
𝑐 = 𝜋𝑗 𝑝𝑗 mod n, where 𝛾𝑗 = 𝑖 𝛼𝑖𝑗 .
2
• It may happen that 𝑏 ≡ ±𝑐 mod 𝑛, in this case we must start again with another
collection of B-numbers whose corresponding vector sum equal to zero.
𝑛
• This will happen if we choose 𝑏𝑖 < , in which case all of the vectors are zero-
2
vectors, and we end up with a trivial congruence.

• When computed b and c with b2 ≡ c2 mod n, but b ≢ c mod n, then we can

immediately find a non trivial factor gcd(b + c, n).

19
 Factor Bases
Example 7
Let n = 4633. With a suitable factor-base B and using 67 and 68, factor 4633. What
are the corresponding 𝜀 vectors?
Answer
• Given that n = 4633. 4633 = 68.0661

• 67 & 68 are given or chosen because they are close to 4633 = 68.0661.
672 mod 4633 = ‒144 mod 4633
682 mod 4633 = ‒ 9 mod 4633
‒144 = (‒1)1 ◦ 24 ◦ 32
‒ 9 = (‒1)1 ◦ 20 ◦ 32
∴ From the above, we can choose the factor base, B = {‒1, 2, 3}.

20
 Factor Bases
Example 7 …
Let n = 4633. Use 67 and 68 with a suitable factor-base B to factor 4633. What are
the corresponding 𝜀 vectors?
Answer … B = {-1, 2, 3}

• The 𝜀 vector corresponding to b1 = 67 is (1,0,0) 672 mod 4633 = ‒144 mod 4633
-144 = (‒1)1 ◦ 24 ◦ 32
• The 𝜀 vector corresponding to b2 = 68 is (1,0,0) ∴ the 𝜀 vector for 67 is (1, 0, 0)
Sum of these two vectors (1, 0, 0) & (1, 0, 0):
(1, 0, 0) + (1, 0, 0) = (2, 0, 0)2 682 mod 4633 = ‒ 9 mod 4633
-9 = (‒1)1 ◦ 20 ◦ 32
= (0, 0, 0)
∴ the 𝜀 vector for 68 is (1, 0, 0)
Now, we can compute b and c.
1
b = 𝜋 bi mod n & 𝑐 = 𝑗 𝑝𝑗 𝛾𝑗 , where 𝑝𝑗 ∈ 𝐵 and 𝛾𝑗 = 𝑖 𝛼𝑖𝑗 .
2

21
 Factor Bases
Example 7 … B = {‒1, 2, 3}

Computations of b: b1 = 67 & b2 = 68

b = 𝜋 bi mod n
= 67 × 68 mod 4633
= 4556 mod 4633
𝑛 𝑛
= ‒77 mod 4633 ∵ *𝑎, 𝑏, 𝑐} mod 𝑛 ∈ − ,
2 2

22
 Factor Bases

Computations of c
𝛾𝑗 1 B = {‒1, 2, 3}
𝑐= 𝑗 𝑝𝑗 , where 𝑝𝑗 ∈ 𝐵 and 𝛾𝑗 = 𝑖 𝛼𝑖𝑗
2

1
𝛾𝑗 = 𝑖 𝛼𝑖𝑗 , i = 1, 2, ∵ there are two bi : b1 = 67 & b2 = 68 and
2
j = 1, 2, 3, ∵ 𝑝𝑗 ∈ 𝐵 = {‒1, 2, 3}, there are three numbers in B.
𝛼𝑖𝑗
1
j = 1: 𝛾1 = 𝑖 𝛼𝑖1
ℎ 672 mod 4633 = ‒144 mod 4633
2 𝑝𝑗 𝛼𝑖𝑗
1 -144 = (‒1)1 ◦ 24 ◦ 32
= (𝛼11 + 𝛼21 ) 𝑗=1
2
1 𝑝𝑗
= (1 + 1) 682 mod 4633 = ‒ 9 mod 4633
2
=1 -9 = (‒1)1 ◦ 20 ◦ 32

23
 Factor Bases
𝛾𝑗 1
𝑐= 𝑗 𝑝𝑗 , where 𝑝𝑗 ∈ 𝐵 and 𝛾𝑗 = 𝑖 𝛼𝑖𝑗 B = {-1, 2, 3}
2
1
𝛾𝑗 = 𝑖 𝛼𝑖𝑗 - here i = 1, 2 ∵ there are two bi : b1 = 67 & b2 = 68 and
2
- j takes 1 to 3, ∵ 𝑝𝑗 ∈ 𝐵 = {‒1, 2, 3}, there are three numbers.
𝛼𝑖𝑗
1
j = 2: 𝛾2 = 𝑖 𝛼𝑖2 , i = 1, 2 672 mod 4633 = ‒144 mod 4633
2
1 -144 = (‒1)1 ◦ 24 ◦ 32
= (𝛼12 + 𝛼22 )
2
1 𝑝𝑗
= (4 + 0)
2 682 mod 4633 = ‒ 9 mod 4633
=2 -9 = (‒1)1 ◦ 20 ◦ 32

24
 Factor Bases
𝛾𝑗 1 B = {-1, 2, 3}
𝑐= 𝑗 𝑝𝑗 , where 𝑝𝑗 ∈ 𝐵 and 𝛾𝑗 = 𝑖 𝛼𝑖𝑗
2
1
𝛾𝑗 = 𝑖 𝛼𝑖𝑗 - here i = 1, 2 ∵ there are two bi : b1 = 67 & b2 = 68 and
2
- j takes 1 to 3, ∵ 𝑝𝑗 ∈ 𝐵 = {‒1, 2, 3}, there are three numbers.
𝛼𝑖𝑗
1
j = 3: 𝛾3 = 𝑖 𝛼𝑖3 , i = 1, 2 672 mod 4633 = ‒144 mod 4633
2
1 -144 = (‒1)1 ◦ 24 ◦ 32
= (𝛼13 + 𝛼23 )
2
1 𝑝𝑗
= (2 + 2)
2 682 mod 4633 = ‒ 9 mod 4633
=2 -9 = (‒1)1 ◦ 20 ◦ 32
∴ 𝛾2 = 2 & 𝛾3 = 2

25
 Factor Bases
𝛾𝑗 1
𝑐= 𝑗 𝑝𝑗 , where 𝑝𝑗 ∈ 𝐵 and 𝛾𝑗 = 𝑖 𝛼𝑖𝑗 𝐵 = {‒1, 2, 3} 𝛾2 = 2 & 𝛾3 = 2
2
𝑐 = 2𝛾2 . 3𝛾3 In the computation of 𝒄, we can ignore the power of ‒1.
= 22 . 32
b = ‒77 mod 4633
= 4.9
∴ 𝑐 = 36
Once 𝑏 and 𝑐 are computed, check for b2 ≡ c2 mod n & b ≢ ±c mod n, to find a non trivial
factor gcd(b + c, n).
−772 ≡ 362 mod 4633, and − 77 ≢ ± 36 mod 4633.
So, we can find a factor by gcd(b + c, n).
gcd(‒77 + 36, 4633) = gcd(‒41, 4633)
= 41
=> 4633 = 41 × 113.
26
 Fermat Factorization

Fermat Factorization Method

27
 Fermat Factorization

Fermat Factorization Method

28
 Fermat Factorization

Fermat Factorization Method

29
 Fermat Factorization

Fermat Factorization Method

30
 Fermat Factorization

Fermat Factorization Method

31
 Fermat Factorization
Factor the following using the Fermat Factorization
1. 3431
2. 2623
3. 1921
4. 2921
5. 5963

32
 Fermat Factorization
Factor

33