Factorization of n = 87463 with the
Quadratic Sieve
To find a factor base, we need to find primes such
that n is a square modulo p and for each such p determine
the solutions of x2 ≡ n (mod p). Testing small primes
up to 37 we find that only for p ∈ {2, 3, 13, 17, 19, 29}
there are solutions to x2 ≡ n (mod p), namely:
p 2 3 13 17 19
29
x 1 1, 2 5, 8 7, 10 5, 14 12, 17
We now
√ start sifting, using an interval of length 2 · 30
around b nc = 295. (See table on last page.)
For the values of x for which x2 − n splits completely,
the exponent vector modulo 2 is:
x −1 2 3 13 17 19 29
265 1 1 1 0 1 0 0
278 1 0 1 1 0 0 1
296 0 0 0 0 1 0 0
299 0 1 1 0 1 1 0
307 0 1 0 1 0 0 1
316 0 0 0 0 1 0 0
We now solve (the matrix is transposed as we solve
Av = 0 and not vA = 0):

1 1 0 0 0
1 0 0 1 1

1 1 0 1 0

0 1 0 0 1

1 0 1 1 0

0 0 0 1 0
0 1 0 0 1

0
0

0

0
·v =0
1

0
0
modulo 2. One solution is
v = (1, 1, 1, 0, 1, 0)
We thus take the 1st, 2nd, 3rd and the 4th x-value and
get
x = 265 · 278 · 296 · 307 = 6694540240 ≡ 34757 (mod n)
p
y = (2652 − n) · (2782 − n) · (2962 − n) · (3072 − n)
= 2 · 34 · 132 · 17 · 29 = 13497354 ≡ 28052 (mod n)
This yields the gcds:
gcd(x − y, n) = 149,
which gives a factorization.
gcd(x + y, n) = 587
x
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
2 3 13 17 19 29 x2 − n splits
X
X
X
X
XX
−2 · 3 · 132 · 17
XX X X
X
X
X X
XX
XX
X
X
X
XX
X
X
XX
X X
X
X
X
X
X
XX X
X
XX
X
X
X
XX
XX
X
X X
X
XX
X
XX
X
−33 · 13 · 29
x
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
2 3 13 17 19 29 x2 − n splits
X
X
32 · 17
X
X
XX
X X
2 · 3 · 17 · 19
XX
X
X
X X
XX
XX X
X
X
X
XX
X
X
X
XX
X
X
X
X
X
XX X
36 · 17
X
XX
X X
X
X
XX
XX
X
X
X
XX
X
X X
2 · 32 · 13 · 29