Home Explore Help
Sign In
maker
/
bachelor
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 32c4ad749b
Branches Tags
bachelor
/
book
/
fermat.tex

fermat.tex 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. \chapter{Fermat's Factorization Algorithm \label{chap:fermat}}
    2. 

  2. 

  3. Excluding the trial division, Fermat's method is the oldest known systematic
    4. 

  4. method for factorizing integers. Even if its algorithmic complexity is not
    5. 

  5. among the most efficient, it holds still a practical interest whenever
    6. 

  6. the two primes are sufficiently close.
    7. 

  7. Indeed, \cite{DSS2009} \S B.3.6 explicitly recommends that
    8. 

  8. $|p-q| \geq \sqrt{N}2^{-100}$
    9. 

  9. for any key of bitlength $1024,\ 2048,\ 3072$ in order to address this kind of
    10. 

  10. threat.\\
    11. 

  11. %% it would be nice here to explain that this magic 2^100 is just about wonting
    12. 

  12. %% the most significant digits to be different.
    13. 

  13. The basic idea is to attempt to write $N$ as a difference of squares,
    14. 

  14. \begin{align}
    15. 

  15. \label{eq:fermat_problem}
    16. 

  16. x^2 - N = y^2
    17. 

  17. \end{align}
    18. 

  18. 

  19. So, we start by $x = \ceil{\sqrt{N}}$ and check that $x^2-N$ is a perfect
    20. 

  20. square. If it isn't, we iterativelly increment $x$ and check again, until we
    21. 

  21. find a pair $\angular{x, y}$ satisfying equation \ref{eq:fermat_problem}.
    22. 

  22. Once found, we claim that $N = pq = (x+y)(x-y)$; it is indeed true that, if we
    23. 

  23. decompose $x^2 - y^2$ as difference of squares, then it is immediately clear
    24. 

  24. that $x+y \mid N \ \land \  x-y \mid N$, and that both are non-trivial
    25. 

  25. divisors.
    26. 

  26. 

  27. \paragraph{Complexity} \cite{riesel} contains a detailed proof for the
    28. 

  28. complexity of this algorirthm, which is
    29. 

  29. $\bigO{\frac{(1-k)^2}{2k} \sqrt{N}} \;\;,  0 < k < 1$. We summarize it down
    30. 

  30. below here to better clarify the limits of this algorithm.
    31. 

  31. 

  32. \begin{proof}
    33. 

  33.   Since, once we reach the final step $x_f$ it holds $N = pq = x_f^2 - y_f^2$,
    34. 

  34.   the number of steps required to reach the result is:
    35. 

  35.   \begin{align*}
    36. 

  36.     x_f - \sqrt{N} &= \frac{p + q}{2} - \sqrt{N} \\
    37. 

  37.                    &= \frac{p + \frac{N}{p}}{2} - \sqrt{N} \\
    38. 

  38.                    &= \frac{(\sqrt{N} - p)^2}{2p}
    39. 

  39.   \end{align*}
    40. 

  40.   If we finally suppose that $p = k\sqrt{N}, \; 0 < k < 1$, then the number of cycles
    41. 

  41.   becomes
    42. 

  42.   $\frac{(1-k)^2}{2k} \sqrt{N}$.
    43. 

  43. \end{proof}
    44. 

  44. 

  45. \begin{remark}
    46. 

  46.   Note that, for the algorithm to be effective, the two primes must be
    47. 

  47.   ``really close'' to $\sqrt{N}$. As much as the lowest prime gets near to
    48. 

  48.   $1$, the ratio $\frac{(1-k)^2}{2k}$ becomes larger, until the actual magnitude
    49. 

  49.   of this factorization method approaches \bigO{N}.
    50. 

  50. \end{remark}
    51. 

  51. 

  52. \section{An Implementation Perspective}
    53. 

  53. 

  54. At each iteration, the $i-$th state is hold by the pair $\angular{x, x^2}$.\\
    55. 

  55. The later step, described by $\angular{x+1, (x+1)^2}$ can be computed efficiently
    56. 

  56. considering the square of a binomial: $\angular{x+1, (x^2) + (x \ll 1) + 1}$.
    57. 

  57. The upperbound, instead, is reached when
    58. 

  58. $ \Delta = p - q  = x + y - x + y = 2y > 2^{-100}\sqrt{N}$.
    59. 

  59. 

  60. Algorithm ~\ref{alg:fermat} presents a simple implementation of this
    61. 

  61. factorization method, taking into account the small optimizations
    62. 

  62. aforementioned.
    63. 

  63. 

  64. \paragraph{How to chose the upper limit?}  after having explained our interpretation
    65. 

  65. of NISTS' upperbound limit - the most significat bits story, we ;should report
    66. 

  66. some practical tets.
    67. 

  67. 

  68. \begin{algorithm}
    69. 

  69.   \caption{Fermat Factorization \label{alg:fermat}}
    70. 

  70.   \begin{algorithmic}[1]
    71. 

  71.     \State $x \gets \floor{\sqrt{N}}$
    72. 

  72.     \State $x^2 \gets xx$
    73. 

  73. 

  74.     \Repeat
    75. 

  75.     \State $x \gets x+1$
    76. 

  76.     \State $x^2 \gets x^2 + x \ll 1 + 1$
    77. 

  77.     \State $y, rest \gets \dsqrt{x^2 - N}$
    78. 

  78.     \Until{ $rest \neq 0 \land y < \frac{\sqrt{N}}{2^{101}}$ }
    79. 

  79. 

  80.     \If{ $rest = 0$ }
    81. 

  81.     \State $p \gets x+y$
    82. 

  82.     \State $q \gets x-y$
    83. 

  83.     \State \Return $p, q$
    84. 

  84.     \Else
    85. 

  85.     \State \Return \textbf{nil}
    86. 

  86.     \EndIf
    87. 

  87.     \end{algorithmic}
    88. 

  88. \end{algorithm}
    89. 

  89. 

  90. 

  91. \section{Thoughts about parallelization}
    92. 

  92. 

  93. At first glance we might be willing to split the entire interval
    94. 

  94. $\{ \ceil{\sqrt{N}}, \ldots, N-1 \}$ in equal parts, one assigned to per each
    95. 

  95. node. Hovever, this would not be any more efficient than the trial division
    96. 

  96. algorithm, and nevertheless it is woth noting that during each single iteration,
    97. 

  97. the computational complexity is dominated by the quare root $\dsqrt$ function,
    98. 

  98. which belongs to the class \bigO{\log^2 N}, as we saw in section
    99. 

  99. ~\ref{sec:preq:sqrt}. Computing separatedly $x^2$ would add an overhead of the
    100. 

  100. same order of magnitude \bigO{\log^2 N}, and thus result in a complete waste of
    101. 

  101. resources.
    102. 

  102. %%% Local Variables:
    103. 

  103. %%% TeX-master: "question_authority.tex"
    104. 

  104. %%% End:
    105. 

  105.