Add to collection(s) Add to saved
  1. Math
  2. Statistics And Probability
  3. Statistics

Johnson

advertisement 
Integer Factorization
By:
Josh Tuggle & Kyle Johnson
What Is It?
• Integer Factorization - The decomposition of a
composite number into its primes.
• Not much of an actual problem until the
number becomes very large.
• No efficient algorithm exists yet.
• Goal: Factor in polynomial time.
What Is It?
• Hardest instance for I.F.: semiprimes.
– Product of two prime numbers.
• An algorithm that can efficiently factor any
integer would compromise RSA Cryptography.
Statistics
• Sept. 1993 – April 1994: RSA-129 becomes first large
distributed factorization.
• Jan – Aug. 1999: RSA-155 is factored using GNFS.
• April 2003: RSA-160 factored using 100 CPUs.
• Dec. 2003 – May 2005: RSA-200 factored using 80
Opteron processors in Germany.
• Dec. 2009: RSA-768 becomes largest semiprime
factored (232 digits) after two years and the
equivalent of 2000 years of processing.
Running Time
• There are many bounds on this problem based on
what is known about the integer to be factored.
• The algorithm with the best running time is the
General Number Field Sieve:
• However, there is an algorithm out there that has a
better factoring time, with a major difference.
Running Time
• Shor’s Algorithm currently has the best
runtime for this problem: O((log N)3).
– N is the input’s size.
• Only works with a quantum computer.
Algorithms
• There exists multiple algorithms for this
particular problem.
• Which one to use depends on what is known
about the input.
• These algorithms can be grouped into two
classes: Special-Purpose and GeneralPurpose.
Special-Purpose (Category 1)
• These algorithms’ runtimes depend on the
size of the smallest prime factor.
• General procedure is to use these algorithms
on an integer first to remove the more
manageable factors.
• Examples: Trial Division, Wheel Factorization,
Euler’s factorization method.
Trial Division
• Requires most work, but easiest to
understand.
• Given an integer n:
– Start at 2
– Move up number line towards n.
– Divide n by each number
– Check if the number went into n
with no remainders
– Repeat until all factors are prime.
General-Purpose (Category 2)
• The runtime for these algorithms depends
only on the size of the integer being factored.
• RSA numbers are factored using algorithms in
this class.
• Examples: Dixon’s Algorithm, Shank’s Square
Forms Factorization, General Number Field
Sieve.
General Number Field Sieve (GNFS)
• Arbitrarily select two polynomials f(x) and g(x)
that must fit several conditions.
– Small degrees d and e.
– Integer coefficients
– Irreducible over rationals
– Must yield same integer root when modded by
the initial number n.
General Number Field Sieve (GNFS)
• Subject the two polynomials to number field rings to
find values of two integers a and b that satisfy:
– r = bdf(a/b) and s = beg(a/b)
– r and s must be numbers that factor into primes only.
• Homomorphisms are then used to find two values x
and y such that x2 – y2 is divisible by n.
• These values are used to find a factor of n by taking
the gcd of n and x – y.
Shor’s Algorithm
• Algorithm developed by Peter Shor in 1994.
• Can factor in polynomial time, but requires a
quantum computer.
• Placed in complexity class BQP
– Bounded-Error Quantum Polynomial Time
Shor’s Process
• The algorithm consists of two key parts:
– A change of the problem from factoring to orderfinding.
– Solving the order-finding problem.
• The problem change portion can be done on a
traditional computer, but the order-finding
portion requires a quantum computer.
Traditional Half
• Pick a random integer a that is less than N, the
integer being factored.
• Find the gcd of the two integers.
• If this value isn’t 1, then there is a factor of N,
and the algorithm is finished.
• If the value is 1, we must go to the quantum
half of the algorithm.
Quantum Half
• Known as the period-finding subroutine.
• Used to find an r value that represents the period of
the function: f(x) = ax mod N.
• Quantum circuits used are custom made for each (a,
N) pair.
• r cannot be odd and ar/2 and -1 cannot be congruent
modulo N.
• If these conditions are both met, then gcd(ar/2 ± 1, N)
is a nontrivial factor of N and the algorithm finishes.
Quantum Half
• Heavily depends on a quantum computer’s
superposition property.
• Evaluates the function at all points
simultaneously.
• The algorithm’s runtime (O(log N)3) stems
from Shor solving three quantum problems in
O(log N) time each.
– Superposition, function as a quantum transform,
and quantum Fourier transform.
Questions?
Related documents
Golden Age of Algorithms
Golden Age of Algorithms
Quantum Mechanics: What`s It Good For?
Quantum Mechanics: What`s It Good For?
Theory of Everything .
Theory of Everything .
报告海报 - 中国科学院武汉物理与数学研究所
报告海报 - 中国科学院武汉物理与数学研究所
TU/e 10 April 2015 Focus Session: Small-scale physics
TU/e 10 April 2015 Focus Session: Small-scale physics
Toiling in Feynman`s Shadow: Quantum
Toiling in Feynman`s Shadow: Quantum
Year 8 Square numbers and Prime number show
Year 8 Square numbers and Prime number show
Quantum Materials PPT - Greater San Marcos Partnership
Quantum Materials PPT - Greater San Marcos Partnership
20140807133513451-203018 - Isaac Newton Institute for
20140807133513451-203018 - Isaac Newton Institute for
When Exactly Do Quantum Computers Provide A
When Exactly Do Quantum Computers Provide A
Aaron
Aaron
Download
advertisement