Rational sieve

Template:Short description In mathematics, the rational sieve is a general algorithm for factoring integers into prime factors. It is a special case of the general number field sieve. While it is less efficient than the general algorithm, it is conceptually simpler. It serves as a helpful first step in understanding how the general number field sieve works.

Method

Suppose we are trying to factor the composite number Template:Mvar. We choose a bound Template:Mvar, and identify the factor base (which we will call Template:Mvar), the set of all primes less than or equal to Template:Mvar. Next, we search for positive integers Template:Mvar such that both Template:Mvar and Template:Math are Template:Mvar-smooth — i.e. all of their prime factors are in Template:Mvar. We can therefore write, for suitable exponents Template:Math and Template:Math,

$z = \prod_{p_{i} \in P} p_{i}^{a_{i}} and z + n = \prod_{p_{i} \in P} p_{i}^{b_{i}} .$

But Template:Mvar and $z + n$ are congruent modulo Template:Mvar, and so each such integer Template:Mvar that we find yields a multiplicative relation (mod Template:Mvar ) among the elements of Template:Mvar, i.e.

\prod_{p_{i} \in P} p_{i}^{a_{i}} \equiv \prod_{p_{i} \in P} p_{i}^{b_{i}} (\mod n)

(where the Template:Math and Template:Math are nonnegative integers.)

When we have generated enough of these relations (it is generally sufficient that the number of relations be a few more than the size of Template:Mvar), we can use the methods of linear algebra to multiply together these various relations in such a way that the exponents of the primes are all even. This will give us a congruence of squares of the form Template:Math, which can be turned into a factorization of Template:Math. This factorization might turn out to be trivial (i.e. Template:Math), in which case we have to try again with a different combination of relations, but with luck we will get a nontrivial pair of factors of Template:Mvar, and the algorithm will terminate.

Example

We will factor the integer Template:Math using the rational sieve. We will arbitrarily try the value Template:Math, giving the factor base Template:Math. The first step is to test Template:Mvar for divisibility by each of the members of Template:Mvar; clearly if Template:Mvar is divisible by one of these primes, then we are finished already. However, 187 is not divisible by 2, 3, 5, or 7. Next, we search for suitable values of Template:Mvar; the first few are 2, 5, 9, and 56. These four suitable values of Template:Mvar give four multiplicative relations (mod 187):

Template:NumBlk Template:NumBlk Template:NumBlk Template:NumBlk

There are now several essentially different ways to combine these and end up with even exponents. For example,

(Template:EquationNote)×(Template:EquationNote): After multiplying these and canceling out the common factor of 7 (which we can do since 7, being a member of Template:Mvar, has already been determined to be coprime with Template:Mvar^[1]), this reduces to Template:Math. The resulting factorization is Template:Math.

Alternatively, equation (Template:EquationNote) is in the proper form already:

(Template:EquationNote): This says Template:Math, which gives the factorization Template:Math.

Limitations of the algorithm

Like the general number field sieve, the rational sieve cannot factor numbers of the form Template:Math, where Template:Mvar is a prime and Template:Mvar is an integer. This is not a huge problem, though—such numbers are statistically rare, and moreover there is a simple and fast process to check whether a given number is of this form. Probably the most elegant method is to check whether Template:Math holds for any Template:Math using an integer version of Newton's method for the root extraction.^[2]

The biggest problem is finding a sufficient number of Template:Mvar such that both Template:Mvar and Template:Math are Template:Mvar-smooth. For any given Template:Mvar, the proportion of numbers that are Template:Mvar-smooth decreases rapidly with the size of the number. So if Template:Mvar is large (say, a hundred digits), it will be difficult or impossible to find enough Template:Mvar for the algorithm to work. The advantage of the general number field sieve is that one only needs to search for smooth numbers of order Template:Math for some Template:Math, rather than of order Template:Mvar as required here.^[3]

References

A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The Factorization of the Ninth Fermat Number, Math. Comp. 61 (1993), 319-349. Available at [1].
A. K. Lenstra, H. W. Lenstra, Jr. (eds.) The Development of the Number Field Sieve, Lecture Notes in Mathematics 1554, Springer-Verlag, New York, 1993.

Footnotes

Template:Reflist

Template:Number theoretic algorithms

↑ Note that common factors cannot in general be canceled in a congruence, but they can in this case, since the primes of the factor base are all required to be coprime to n, as mentioned above. See modular multiplicative inverse.
↑ R. Crandall and J. Papadopoulos, On the implementation of AKS-class primality tests, available at [2]
↑ A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The Factorization of the Ninth Fermat Number, Math. Comp. 61 (1993), p. 328

[1] Note that common factors cannot in general be canceled in a congruence, but they can in this case, since the primes of the factor base are all required to be coprime to n, as mentioned above. See modular multiplicative inverse.

[2] R. Crandall and J. Papadopoulos, On the implementation of AKS-class primality tests, available at [2]

[3] A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard, The Factorization of the Ninth Fermat Number, Math. Comp. 61 (1993), p. 328

[1]

[2]

[3]

Rational sieve

Contents

Method

Example

Limitations of the algorithm

References

Footnotes

Navigation menu

Rational sieve

Method

Example

Limitations of the algorithm

References

Footnotes

Navigation menu

Search