Dixon's chapter: a little bit of history behind the attack.

book/dixon.tex

@@ -6,8 +6,11 @@ consists into taking random integers $r$ in $\{1, \ldots, N\}$ and look for thos
 where $r^2 \mod{N}$ is \emph{smooth}. If enough are found, then those integers
 can somehow be assembled, and so a fatorization of N attemped.
 
-
-\section{Quadratic Sieve}
+%% that's not really academic to be stated officially, but I would have never
+%% understood this section without Firas (thanks).
+%% <http://blog.fkraiem.org/2013/12/08/factoring-integers-dixons-algorithm/>
+%% I kept the voila` phrase, that was so lovely.
+\section{A little bit of History}
 During the latest century there has been a huge effort to approach the problem
 formulated by Fermat ~\ref{eq:fermat_problem} from different perspecives. This
 led to an entire family of algorithms known as \emph{Quadratic Sieve} [QS]. The
@@ -22,14 +25,68 @@ to look for \emph{multiples} of $N$:
 \end{align}
 and, once found, claim that $\gcd(N, x \pm y)$ are non-trial divisors of $N$
 just as we did in \ref{sec:fermat:implementation}.
-On the top of this,
+Kraitchick did not stop here: instead of trying $x^2 \equiv y^2 \pmod{N}$ he
+kept the value of previous attempt, and tries to find \emph{a product} of such
+values which is also a square. So we have a sequence
+\begin{align}
+  \label{eq:dixon:x_sequence}
+  \angular{x_0, \ldots, x_k} \mid \forall i \leq k \quad x_i^2 - N
+  \; \text{ is a perfect square}
+\end{align}
+and hence
+\begin{align*}
+  \prod_i (x_i^2 - N) = y^2
+\end{align*}
+that $\mod{N}$ is equivalent to:
+\begin{align}
+  \label{eq:dixon:fermat_revisited}
+  y^2 \equiv \prod_i x_i^2 - N \equiv \big( \prod_i x_i \big) ^2 \pmod{N}
+\end{align}
+and voil\`a our congruence of squares. For what concerns the generation of $x_i$
+with the property \ref{eq:dixon:x_sequence}, they can simply taken at random and
+tested using trial division.
+
+\paragraph{Brillhart and Morrison} later proposed (\cite{morrison-brillhart}
+p.187) a better approach than trial division to find such $x$. Their idea aims
+to ease the enormous effort required by the trial division. In order to achieve
+this. they introduce a \emph{factor base} $\factorBase$ and generate random $x$
+such that $x^2 - N$ is $\factorBase$-smooth. Recalling what we anticipated in
+~\ref{sec:preq:numbertheory}, $\factorBase$ is a precomputed set of primes
+$p_i \in \naturalPrime$.
+This way the complexity of generating a new $x$ is dominated by
+\bigO{|\factorBase|}. Now that the right side of \ref{eq:dixon:fermat_revisited}
+has been satisfied, we have to select a subset of those $x$ so that their
+product can be seen as a square. Consider an \emph{exponent vector}
+$v_i = (\alpha_0, \alpha_1, \ldots, \alpha_r)$ associated with each $x_i$, where
+\begin{align*}
+  a_j = \begin{cases}
+    1 \quad \text{if $p_j$ divides $x_i$ to an odd power} \\
+    0 \quad \text{otherwise}
+    \end{cases}
+\end{align*}
+for each $0 \leq j \leq r $. There is no need to restrict ourselves for positive
+values of $x^2 -N$, so we are going to use $\alpha_0$ to indicate the sign. This
+benefit has a neglegible cost: we have to add the non-prime $-1$ to our factor
+base.
+
+Let now $\mathcal{M}$ be the rectangular matrix having per each $i$-th row the
+$v_i$ associated to $x_i$: this way each element $m_{ij}$ will be $v_i$'s
+$\alpha_j$. We are interested in finding set(s) of $x$ that satisfies
+\ref{eq:dixon:fermat_revisited}, possibly all of them.
+Define $K$ as the subsequence of $x_i$ whose product always have even powers.
+This is equivalent to look for the set of vectors $\{ w \mid wM = 0 \}$ by
+definition of matrix multiplication in $\mathbb{F}_2$.
+
 
-\section{stuff}
+\paragraph{Dixon} Morrison and Brillhart's ideas of \cite{morrison-brillhart}
+were actually used for a slightly different factorization method, employing
+continued fractions instead of the square difference polynomial. Dixon refined
+those by porting to the quare problem, achieving a probabilistic factorization
+method working at a computational cost asymptotically  best than all other ones
+previously described: \bigO{\beta(\log N \log \log N)^{\rfrac{1}{2}}} for some
+constant $\beta > 0$ \cite{dixon}.
 
-at a computational cost asymptotically  best
-than all other ones previously described:
-\bigO{\beta(\log N \log \log N)^{\rfrac{1}{2}}}
-for some constant $\beta > 0$.
+\section{Computing the Kernel}
 
 %%% Local Variables:
 %%% mode: latex

book/library.bib

@@ -207,3 +207,14 @@
   note = {[27c3]},
   url = {https://www.youtube.com/watch?v=DRjNV4YMvHI}
 }
+
+
+@article{morrison-brillhart,
+  title={A method of factoring and the factorization of $mathcal{F}_7$},
+  author={Morrison, Michael A and Brillhart, John},
+  journal={Mathematics of Computation},
+  volume=29,
+  number=129,
+  pages={183--205},
+  year=1975
+}