Home Explore Help
Sign In
maker
/
bachelor
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

General corrections.

Michele Orrù 11 years ago
parent
023bdd68f1
commit
4992b691c6
6 changed files with 56 additions and 36 deletions
Unified View Show Diff Stats
  1. 22 8
      book/dixon.tex
  2. 1 1
      book/fermat.tex
  3. 2 1
      book/math_prequisites.tex
  4. 24 21
      book/pollardrho.tex
  5. 1 0
      book/question_authority.tex
  6. 6 5
      book/wiener.tex

+ 22 - 8
book/dixon.tex
View File 

@@ -1,15 +1,22 @@
 
-\chapter{Dixon \label{chap:dixon}}
 
+\chapter{Dixon {\texttt{\small{[insert random buzzword here]}}} method\label{chap:dixon}}
 
 
 
 ~\cite{dixon} describes a class of ``probabilistic algorithms'' for finding a
 
 ~\cite{dixon} describes a class of ``probabilistic algorithms'' for finding a
 
-factor of any composite number, at a computational cost asymptotically  best
 
-than all other ones previously described:
 
-\bigO{\beta(\log N \log \log N)^{\rfrac{1}{2}}}
 
-for some constant $\beta > 0$.
 
+factor of any composite number, at a sub-exponential cost. They basically
 
+consists into taking random integers $r$ in $\{1, \ldots, N\}$ and look for those
 
+where $r^2 \mod{N}$ is \emph{smooth}. If enough are found, then those integers
 
+can somehow be assembled, and so a fatorization of N attemped.
 
+
 
+
 
+\section{Quadratic Sieve}
 
+During the latest century there has been a huge effort to approach the problem
 
+formulated by Fermat ~\ref{eq:fermat_problem} from different perspecives. This
 
+led to an entire family of algorithms known as \emph{Quadratic Sieve} [QS]. The
 
+core idea is still to find a pair of perfect squares whose difference can
 
+factorize $N$, but maybe Fermat's hypotesis can be made weaker.
 
 
 
 \paragraph{Kraitchick} was the first one popularizing the idea the instead of
 
 \paragraph{Kraitchick} was the first one popularizing the idea the instead of
 
-looking for integers $\angular{x, y}$ such that $x^2 -y^2 = N$ -recall Fermat's
 
-problem, formulated in equation ~\ref{eq:fermat_problem}, it is sufficient to
 
-look for \emph{multiples} of $N$:
 
+looking for integers $\angular{x, y}$ such that $x^2 -y^2 = N$ it is sufficient
 
+to look for \emph{multiples} of $N$:
 
 \begin{align}
 
 \begin{align}
 
   x^2 - y^2 \equiv 0 \pmod{N}
 
   x^2 - y^2 \equiv 0 \pmod{N}
 
 \end{align}
 
 \end{align}
 
@@ -17,6 +24,13 @@ and, once found, claim that $\gcd(N, x \pm y)$ are non-trial divisors of $N$
 
 just as we did in \ref{sec:fermat:implementation}.
 
 just as we did in \ref{sec:fermat:implementation}.
 
 On the top of this,
 
 On the top of this,
 
 
 
+\section{stuff}
 
+
 
+at a computational cost asymptotically  best
 
+than all other ones previously described:
 
+\bigO{\beta(\log N \log \log N)^{\rfrac{1}{2}}}
 
+for some constant $\beta > 0$.
 
+
 
 %%% Local Variables:
 
 %%% Local Variables:
 
 %%% mode: latex
 
 %%% mode: latex
 
 %%% TeX-master: "question_authority"
 
 %%% TeX-master: "question_authority"

+ 1 - 1
book/fermat.tex
View File 

@@ -92,7 +92,7 @@ primes:
 
 
 
 \begin{bytefield}[
 
 \begin{bytefield}[
 
   endianness=big,
 
   endianness=big,
 
-  bitwidth=1.4em,
 
+  bitwidth=1.35em,
 
   % bitformatting=\fakerange,
 
   % bitformatting=\fakerange,
 
   ]{16}
 
   ]{16}
 
   \\
 
   \\

+ 2 - 1
book/math_prequisites.tex
View File 

@@ -23,7 +23,8 @@ meaning of ``pick a uniformly distributed random element $x$ from the set $S$''.
 
 
 
 \section{Algorithmic Complexity Notation}
 
 \section{Algorithmic Complexity Notation}
 
 The notation used to describe asymptotic complexity follows the $O$-notation,
 
 The notation used to describe asymptotic complexity follows the $O$-notation,
 
-abused under the conventions and limits of MIT's Introduction to Algorithms.
 
+abused under the conventions and limits of MIT's Introduction to Algorithms
 
+\cite{MITalg}.
 
 
 
 Let \bigO{g} be the asymptotic upper bound of g:
 
 Let \bigO{g} be the asymptotic upper bound of g:
 
 $$
 
 $$

+ 24 - 21
book/pollardrho.tex
View File 

@@ -1,20 +1,20 @@
 
 \chapter{Pollard's $\rho$ factorization method \label{chap:pollardrho}}
 
 \chapter{Pollard's $\rho$ factorization method \label{chap:pollardrho}}
 
 
 
-The \emph{Monte Carlo} factorization method, published by J. M. Pollard in
 
+A \emph{Monte Carlo} factorization method, published by J. M. Pollard in
 
 ~\cite{pollardMC}, consists into identifying a periodically recurrent  sequence
 
 ~\cite{pollardMC}, consists into identifying a periodically recurrent  sequence
 
 of integers within a random walk $\pmod{N}$ that could leak one of the two
 
 of integers within a random walk $\pmod{N}$ that could leak one of the two
 
 factors.
 
 factors.
 
 
 
 Consider a function $f$ from $\mathcal{S}$ to $\mathcal{S}$, where
 
 Consider a function $f$ from $\mathcal{S}$ to $\mathcal{S}$, where
 
-$\mathcal{S} = \{0, 1, \ldots, q-1\}$. Let $s$ be a random element in
 
-$\mathcal{S}$, and consider the sequence
 
+$\mathcal{S} = \{0, 1, \ldots, q-1\}$ and $q \in \naturalPrime$.
 
+Let $s$ be a random element in $\mathcal{S}$, and consider the sequence
 
 \begin{align*}
 
 \begin{align*}
 
   s,\ f(s),\ f(f(s)),\ \ldots
 
   s,\ f(s),\ f(f(s)),\ \ldots
 
 \end{align*}
 
 \end{align*}
 
 Since $f$ acts over a finite set, it is clear that this sequence must
 
 Since $f$ acts over a finite set, it is clear that this sequence must
 
 eventually repeat, and become cyclic.
 
 eventually repeat, and become cyclic.
 
 We might diagram it with the letter $\rho$, where the tail represent the
 
 We might diagram it with the letter $\rho$, where the tail represent the
 
-cyclic part, or \emph{epacts}, and the oval the cyclic part, or
 
+aperiodic part, or \emph{epacts}, and the oval the cyclic part, or
 
 \emph{period}.
 
 \emph{period}.
 
 \begin{center}
 
 \begin{center}
 
   \begin{tikzpicture}[scale=0.7, thick]
 
   \begin{tikzpicture}[scale=0.7, thick]
 
@@ -45,8 +45,8 @@ cyclic part, or \emph{epacts}, and the oval the cyclic part, or
 
 \end{center}
 
 \end{center}
 
 
 
 Now, consider $N=pq$.
 
 Now, consider $N=pq$.
 
-Let $F(x)$ be any function generating pseudorandom numbers $\angular{x_1, x_2, \ldots}$,
 
-and let $f(x) = F(x) \pmod{q}$.
 
+Let $F(x)$ be any function generating pseudorandom integers
 
+$\angular{x_1, x_2, \ldots}$, and let $f(x) = F(x) \pmod{q}$.
 
 As we said above, without any luck, there will be a pair $\angular{x_i, x_j}$
 
 As we said above, without any luck, there will be a pair $\angular{x_i, x_j}$
 
 generated by $F$ such that $x_i \equiv x_j \pmod{q}$, but $x_i \neq x_j$.
 
 generated by $F$ such that $x_i \equiv x_j \pmod{q}$, but $x_i \neq x_j$.
 
 
 
@@ -58,18 +58,21 @@ factor of $N$.
 
 \paragraph{Choosing the function} Ideally, $F$ should be easily computable, but
 
 \paragraph{Choosing the function} Ideally, $F$ should be easily computable, but
 
 at the same time random enough to reduce as much as possible the epacts
 
 at the same time random enough to reduce as much as possible the epacts
 
 ~\cite{Crandall} \S 5.2.1. Any quadratic function $F(x) = x^2 + b$ should be
 
 ~\cite{Crandall} \S 5.2.1. Any quadratic function $F(x) = x^2 + b$ should be
 
-enough, provided that $b \in \naturalN \setminus \{0, 2\}$ \footnote{
 
+enough \footnote{
 
   Note that this has been only empirically verified, and so far not been proved
 
   Note that this has been only empirically verified, and so far not been proved
 
-  (~\cite{riesel}, p. 177)}.
 
+  (~\cite{riesel}, p. 177)}
 
+, provided that $b \in \naturalN \setminus \{0, 2\}$.
 
 For example, ~\cite{pollardMC} uses $x^2 -1$, meanwhile we are going to choose
 
 For example, ~\cite{pollardMC} uses $x^2 -1$, meanwhile we are going to choose
 
 $F(x) = x^2 + 1$.
 
 $F(x) = x^2 + 1$.
 
 
 
-\paragraph{Finding the period} In \cite{AOCPv2} \S 3.1, Knuth gives a simple and
 
-elegant algorithm, attributed to Floyd, for finding a multiple of the
 
-period. This algorithm is the same one finally adopted by Pollard in
 
+\paragraph{Finding the period} The trivial way to discover a period would be to
 
+test $x_i$ with all $x_j, \quad j < i$. Though, in \cite{AOCPv2} \S 3.1,
 
+Knuth gives a simple and elegant algorithm, attributed to Floyd, for finding a
 
+multiple of the period.
 
+This algorithm is the same one finally adopted by Pollard in
 
 ~\cite{pollardMC}.
 
 ~\cite{pollardMC}.
 
 
 
-\begin{theorem*}
 
+\begin{theorem*}[Floyd]
 
 Given an \emph{ultimately periodic} sequence, in the sense that there exists
 
 Given an \emph{ultimately periodic} sequence, in the sense that there exists
 
 numbers $\lambda$ and $\mu$ for which the values:
 
 numbers $\lambda$ and $\mu$ for which the values:
 
 \begin{align*}
 
 \begin{align*}
 
@@ -83,15 +86,15 @@ $\mu < n < \mu + \lambda$ such that $X_n = X_{2n}$.
 
 \begin{proof}
 
 \begin{proof}
 
   First, if $X_n = X_{2n}$, then the sequence is obviously periodic from
 
   First, if $X_n = X_{2n}$, then the sequence is obviously periodic from
 
   $X_{2n}$ onward, possibly even earlier.
 
   $X_{2n}$ onward, possibly even earlier.
 
-  Conversely, $X_n = X_m \quad (n \geq \mu)$ for
 
+  Conversely, it is true that $X_n = X_m \quad (n \geq \mu)$ for
 
   $m = n + k\lambda, \quad k \in \naturalN$. Hence, there will eventually
 
   $m = n + k\lambda, \quad k \in \naturalN$. Hence, there will eventually
 
   be an $n$ such that $X_n = X_{2n}$ if and only if $n - \mu$ is a multiple of
 
   be an $n$ such that $X_n = X_{2n}$ if and only if $n - \mu$ is a multiple of
 
   $\lambda$.
 
   $\lambda$.
 
   The first such value happens for $n = (\lambda + 1)\floor{\rfrac{\mu}{\lambda}}$.
 
   The first such value happens for $n = (\lambda + 1)\floor{\rfrac{\mu}{\lambda}}$.
 
 \end{proof}
 
 \end{proof}
 
 
 
-The immediate consequence of this is that we can find the period $q$ simply by
 
-checking $\gcd(x_{2i} - x_i, N)$ for incremental $i$-s.
 
+The immediate consequence of this is that we can find a collision simply by
 
+checking $\gcd(x_{2i} - x_i, N) > 1$ for incremental $i$.
 
 
 
 \paragraph{Brent's Improvement} In 1979, Brent discovered an entire family of
 
 \paragraph{Brent's Improvement} In 1979, Brent discovered an entire family of
 
 cycle-finding algorithms whose optimal version resulted to be 36\% faster than
 
 cycle-finding algorithms whose optimal version resulted to be 36\% faster than
 
@@ -100,7 +103,7 @@ Instead of looking for the period of the sequence using $x_{2i} - x_i$, Brent
 
 considers
 
 considers
 
 $\abs{x_j - x_{2^k}}$ for $ 3 \cdot 2^{k-1} < j \leq 2^{k+1}$, resulting in
 
 $\abs{x_j - x_{2^k}}$ for $ 3 \cdot 2^{k-1} < j \leq 2^{k+1}$, resulting in
 
 fewer operations required by the algorithm. Pragmatically, this boils down to
 
 fewer operations required by the algorithm. Pragmatically, this boils down to
 
-confronting:
 
+compare:
 
 
 
 \medskip
 
 \medskip
 
 \begin{tabular}{l@{\hskip 40pt} l@{\hskip 50pt} l}
 
 \begin{tabular}{l@{\hskip 40pt} l@{\hskip 50pt} l}
 
@@ -123,7 +126,7 @@ instead of Floyd's one runs around 25\% faster on average
 
 ~\cite{pollard-brent}.
 
 ~\cite{pollard-brent}.
 
 
 
 \section{Complexity}
 
 \section{Complexity}
 
-\cite{riesel} presents a nice demonstration of the \emph{average} complexity of
 
+\cite{riesel} presents a nice proof of the \emph{average} complexity of
 
 this algorithm, based on the birthday paradox.
 
 this algorithm, based on the birthday paradox.
 
 \newtheorem*{birthday}{The Birthday Paradox}
 
 \newtheorem*{birthday}{The Birthday Paradox}
 
 \begin{birthday}
 
 \begin{birthday}
 
@@ -145,9 +148,9 @@ this algorithm, based on the birthday paradox.
 
   This expression becomes $< \rfrac{1}{2}$ for $\epsilon \geq 23$.
 
   This expression becomes $< \rfrac{1}{2}$ for $\epsilon \geq 23$.
 
 \end{proof}
 
 \end{proof}
 
 
 
-We can obviously substitute the $365$ with any set cardinality $\zeta$
 
-to express the probability that a random function from $\integerZ_{|\epsilon}$
 
-to $\integerZ_{|\zeta}$ is injective. Back to our particular case,
 
+We can obviously substitute the $365$ with any set of cardinality $\zeta$
 
+to express the probability that a random function from $\integerZ_{\epsilon}$
 
+to $\integerZ_{\zeta}$ is injective. Back to our particular case,
 
 we want to answer the question:
 
 we want to answer the question:
 
 
 
 \emph{
 
 \emph{
 
@@ -190,7 +193,7 @@ and respectively updating them via $x \gets f(x)$ and $y \gets f(f(y))$.
 
 
 
 \begin{remark}
 
 \begin{remark}
 
   It is intresting to see how in its basic version, Pollard's $\rho$
 
   It is intresting to see how in its basic version, Pollard's $\rho$
 
-  method just needs 3 variables are to preserve the
 
+  method just needs 3 variables  to preserve the
 
   state. This places it among the most parsimonious factorization algorithms in
 
   state. This places it among the most parsimonious factorization algorithms in
 
   terms of memory footprint.
 
   terms of memory footprint.
 
 \end{remark}
 
 \end{remark}

+ 1 - 0
book/question_authority.tex
View File 

@@ -45,6 +45,7 @@
 
 \newcommand{\naturalN}{\mathbb{N}}
 
 \newcommand{\naturalN}{\mathbb{N}}
 
 \newcommand{\naturalPrime}{\mathbb{P}}
 
 \newcommand{\naturalPrime}{\mathbb{P}}
 
 \newcommand{\integerZ}{\mathbb{Z}}
 
 \newcommand{\integerZ}{\mathbb{Z}}
 
+\newcommand{\factorBase}{\mathcal{B}}
 
 \newcommand{\bigO}[1]{\ensuremath{\operatorname{O}\left(#1\right)}}
 
 \newcommand{\bigO}[1]{\ensuremath{\operatorname{O}\left(#1\right)}}
 
 \newcommand{\openssl}{\textsc{OpenSSL}\ }
 
 \newcommand{\openssl}{\textsc{OpenSSL}\ }
 
 %% here adopting Wikipedia's notation <https://en.wikipedia.org/wiki/Isqrt>
 
 %% here adopting Wikipedia's notation <https://en.wikipedia.org/wiki/Isqrt>

+ 6 - 5
book/wiener.tex
View File 

@@ -27,7 +27,8 @@ a_0 + \frac{1}{a_1
 
     + \frac{1}{a_3
 
     + \frac{1}{a_3
 
     + \frac{1}{a_4 + \ldots}}}}
 
     + \frac{1}{a_4 + \ldots}}}}
 
 \end{align*}
 
 \end{align*}
 
-From now on, we eill consider only hereby described as a finite sequence of integers for convenience:
 
+Consider now any \emph{finite continued fraction}, conveniently represented with
 
+the sequence
 
 $\angular{a_0, a_1, a_2, a_3,  \ \ldots, a_n}$.
 
 $\angular{a_0, a_1, a_2, a_3,  \ \ldots, a_n}$.
 
 Any number $x \in \mathbb{Q}$ can be represented as a finite continued fraction,
 
 Any number $x \in \mathbb{Q}$ can be represented as a finite continued fraction,
 
 and for each $i < n$ there exists a fraction $\rfrac{h_i}{k_i}$ approximating
 
 and for each $i < n$ there exists a fraction $\rfrac{h_i}{k_i}$ approximating
 
@@ -54,9 +55,9 @@ By definition, each new approximation is recursively defined as:
 
   \end{cases}
 
   \end{cases}
 
 \end{align}
 
 \end{align}
 
 
 
-After a small digression concerning the properties of continued fractions, Wiener, in
 
-~\cite{wiener}, shows that, if a continued fraction $f'$ is an underestimate of
 
-another one $f$, i.e.
 
+Among the prolific properties of such objects, firstly Wiener ~\cite{wiener}
 
+and later Boneh ~\cite{20years} discovered that, if a continued fraction $f'$ is
 
+an underestimate of another one $f$, i.e.
 
 \begin{align}
 
 \begin{align}
 
   f' = f(1-\delta)
 
   f' = f(1-\delta)
 
 \end{align}
 
 \end{align}
 
@@ -67,7 +68,7 @@ enough'', where small enough means:
 
   \delta = 1 - \frac{f'}{f} < \frac{1}{\rfrac{3}{2}{h_1}{k_1}}
 
   \delta = 1 - \frac{f'}{f} < \frac{1}{\rfrac{3}{2}{h_1}{k_1}}
 
 \end{align}
 
 \end{align}
 
 \\
 
 \\
 
-The ``continued fraction algorithm'' allowing us to recover $f$ is the
 
+The \emph{continued fraction algorithm} allowing us to recover $f$ is the
 
 following:
 
 following:
 
 \begin{enumerate}[(i)]
 
 \begin{enumerate}[(i)]
 
   \setlength{\itemsep}{1pt}
 
   \setlength{\itemsep}{1pt}