FACTORIZATION OF LARGE
NUMBERS USING NUMBER FIELD
SIEVE: SIEVING STEP
BY
SUSHMA GUDAVALLI
TEJA VALURUPALLI
FACTORIZATION
Factoring an integer ‘n’ means finding
integers x and y such that n=x.y
Prime factorization of a number, written
as a product of prime numbers is unique.
Factoring a large number is believed to be
a very hard problem.
FACTORIZATION IN
CRYPTOGRAPHY
The security of RSA relies on the difficulty of
factorization.
It relies on the fact that it is computationally
difficult to factor a large integer.
Factorization
Product
Message
Encryption
Encrypted
Message
Two Prime
Factors
Decryption
Message
FACTORING METHODS
General algorithms( usable for RSA) :
Continued Fractions (CFRAC)
Quadratic Sieve (efficient up to 110 digits)
Number field Sieve (efficient beyond 110 digits)
NUMBER FIELD SIEVE
The NFS algorithm consists of five steps which
are mutually dependent:
Polynomial step
Finding Factor Bases
Sieving
Linear Algebra (Matrix step)
Square root
NFS ALGORITHM
Polynomial Step:
Chooses a good polynomial f(x) from a large set of
usable polynomials.
Factor Bases:
Chooses factor bases for the sieving step.
RFB: ( p0, p0mod m), (p1, p1mod m),……
AFB: (p0, r0), (p1, r1),…
Such that f(ri) = 0 mod pi
NFS ALGORITHM (contd…)
Sieving:
The purpose of the sieving step is to find usable relations
(ai, bi)
Linear algebra:
This step finds combination of elements from the relation
set which has a product that is a square.
Square root:
The purpose of this step is to find rational square root and
algebraic square root for the solutions obtained from the
matrix step.
SIEVING
The task of Sieving step is to find usable relations (ai, bi)
from many possible pairs.
These relations should have the following three properties:
gcd(a,b)=1
a+bm is smooth over RFB
bdeg(f) f(a/b) is smooth over AFB
( f(x) is the polynomial, m  f(m) = 0 mod n)
SIEVING (contd..)
What is meant by ‘being smooth over factor base?’
Example:
RFB
: { (2, 1), (3, 0), (11, 7),…}
Let a+bm = 264; 264 = 23. 3. 11
Thus (a,b) are smooth over RFB
Similar is the case with AFB
SIEVING (contd..)
An initial pair (a, b)
which is ‘likely’ to be a
relation is found on the
sieving line.
All possible relation pairs
on the sieving line are
found out by adding
log2pi ( pi є RFB) to the
location of the initial pair
(a,b)
For each ‘b’ fixed
a
Pairs of
elements
likely to
be
relations
Sieving Line
log2p
log2p
SIEVING (contd..)
The sorted pairs from the Sieving line are checked with
the above mentioned properties. Thus the Relations
are obtained.
Briefly, the Sieving step involves:
Input: RFB, AFB, f(x), m, sieving interval (u)
Output: List of Relations:{ (a0, b0),…(at, bt)}
MAGMA
Radically new system to solve computationally hard
problems in algebra, number theory, geometry.
It is both computer algebra system and a programming
language.
SPECIALITY:
Provision of mathematical data types such as groups,
rings, fields, sets, sequences, mappings etc.
Large collection of functions for performing standard
tasks in algebra.
QUESTIONS ???