Running time predictions for square products, and large prime variations. Ernie Croot, Andrew Granville, Robin Pemantle, & Prasad Tetali

Size: px

Start display at page:

Download "Running time predictions for square products, and large prime variations. Ernie Croot, Andrew Granville, Robin Pemantle, & Prasad Tetali"

Shavonne Mason
5 years ago
Views:

1 Running time predictions for square products, and large prime variations by Ernie Croot, Andrew Granville, Robin Pemantle, & Prasad Tetali

2 Factoring algorithms Dixon s random squares algorithm The quadratic sieve Multiple polynomial quadratic sieve The number field sieve. All have a common central idea

3 Factoring algorithms Dixon s random squares algorithm The quadratic sieve Multiple polynomial quadratic sieve The number field sieve Idea: Generate a pseudo-random sequence of integers a 1, a 2,..., with each a i b 2 i (mod n), until the product of a subseq of the a i s is a square, say Y 2 = a i1 a ik.

4 Factoring algorithms Dixon s random squares algorithm The quadratic sieve Multiple polynomial quadratic sieve The number field sieve Idea: Generate a pseudo-random sequence of integers a 1, a 2,..., with each a i b 2 i (mod n), until the product of a subseq of the a i s is a square, say Y 2 = a i1 a ik. Now, set X 2 = (b i1 b ik ) 2 and then n Y 2 X 2 = (Y X)(Y + X).

5 Factoring algorithms Dixon s random squares algorithm The quadratic sieve Multiple polynomial quadratic sieve The number field sieve Idea: Generate a pseudo-random sequence of integers a 1, a 2,..., with each a i b 2 i (mod n), until the product of a subseq of the a i s is a square, say Y 2 = a i1 a ik. Now, set X 2 = (b i1 b ik ) 2 and then n Y 2 X 2 = (Y X)(Y + X). 50% chance gcd(n, Y X) is a non-trivial factor of n.

6 Analysis of running times 1994 ICM, Pomerance: In the (heuristic) running time analysis of such factoring algorithms one assumes that the pseudo-random sequence a 1, a 2,... is close enough to random, to make predictions based on this assumption.. Why not study this as an abstract problem?

7 Analysis of running times 1994 ICM, Pomerance: In the (heuristic) running time analysis of such factoring algorithms one assumes that the pseudo-random sequence a 1, a 2,... is close enough to random, to make predictions based on this assumption. Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Y 2 What is expected stopping time?

8 Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Expected stopping time?. Is there any point to this?

9 Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Expected stopping time? Interesting because... If this expected stopping time is far less than what is obtained by the algorithms currently used, maybe we can speeding up factoring algorithms.

10 Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Expected stopping time? Interesting because... If this expected stopping time is far less than what is obtained by the algorithms currently used, maybe we can speeding up factoring algorithms. Even if not, a good understanding might lead to better choice of parameters for most factoring algorithms.

11 Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Expected stopping time? Interesting because... If this expected stopping time is far less than what is obtained by the algorithms currently used, maybe we can speeding up factoring algorithms. Even if not, a good understanding might lead to better choice of parameters for most factoring algorithms. Possibility of proving something without assumption.

12 Previous best results π(y) = number of primes up to y. n is y-smooth if p n p y Ψ(x, y) = #y-smooths up to x.

13 Previous best results π(y) = number of primes up to y. n is y-smooth if p n p y Ψ(x, y) = #y-smooths up to x. Choose y 0 = y 0 (x) to maximize Ψ(x, y)/y, and let J 0 (x) := π(y 0) Ψ(x, y 0 ) x. ( J0 (x) e 2 log x log log x )

14 Previous best results π(y) = number of primes up to y. n is y-smooth if p n p y Ψ(x, y) = #y-smooths up to x. Choose y 0 = y 0 (x) to maximize Ψ(x, y)/y, and let J 0 (x) := π(y 0) Ψ(x, y 0 ) x Schroeppel: As x, Prob(T < (1 + ɛ)j 0 (x)) 1. ( J0 (x) e 2 log x log log x )

15 Previous best results π(y) = number of primes up to y. n is y-smooth if p n p y Ψ(x, y) = #y-smooths up to x. Choose y 0 = y 0 (x) to maximize Ψ(x, y)/y, and let J 0 (x) := π(y 0) Ψ(x, y 0 ) x Schroeppel: As x, Prob(T < (1 + ɛ)j 0 (x)) Pomerance: As x, Prob(T > J 0 (x) 1 ɛ ) 1. ( J0 (x) e 2 log x log log x )

16 Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Expected stopping time, T? Schroeppel-Pomerance: With probability going to 1, we have J 0 (x) 1 ɛ < T < (1 + ɛ)j 0 (x). What should we be aiming to prove?

17 Pomerance s problem Select integers a 1, a 2, x independently at random; i.e. Prob(a j = m) = 1 x 1 m x; Stop at a T as soon as there exists a i1 a ik = Expected stopping time, T? Schroeppel-Pomerance: With probability going to 1, we have J 0 (x) 1 ɛ < T < (1 + ɛ)j 0 (x) Recently, in probability theory, results showing sharp transitions ; i.e. random algorithms tend to stop at a certain precise time with probability going to 1.

18 Pomerance s problem Expected stopping time, T? From Schroeppel and Pomerance: J 0 (x) 1 ɛ < T < (1 + ɛ)j 0 (x). with probability going to 1.

19 Pomerance s problem Expected stopping time, T? From Schroeppel and Pomerance: J 0 (x) 1 ɛ < T < (1 + ɛ)j 0 (x). with probability going to 1. Guess: There exists f(x), s.t. (1 ɛ)f(x) < T < (1 + ɛ)f(x), with probability going to 1.

20 Pomerance s problem Expected stopping time, T? From Schroeppel and Pomerance: J 0 (x) 1 ɛ < T < (1 + ɛ)j 0 (x). with probability going to 1. Guess: There exists f(x), s.t. (1 ɛ)f(x) < T < (1 + ɛ)f(x), with probability going to 1. Conjecture: f(x) = e γ J 0 (x), i.e. (1 ɛ)e γ J 0 (x) < T < (1+ɛ)e γ J 0 (x), with probability going to 1.

21 Pomerance s problem Expected stopping time, T? From Schroeppel and Pomerance: J 0 (x) 1 ɛ < T < (1 + ɛ)j 0 (x). with probability going to 1. Guess: There exists f(x), s.t. (1 ɛ)f(x) < T < (1 + ɛ)f(x), with probability going to 1. Conjecture: f(x) = e γ J 0 (x), i.e. (1 ɛ)e γ J 0 (x) < T < (1+ɛ)e γ J 0 (x), with probability going to 1. Theorem: Almost proved it! ( π 4 ɛ ) e γ J 0 (x) < T < (1+ɛ)e γ J 0 (x), with probability going to 1.

22 Pomerance s problem Theorems: With prob going to 1: π 4 ( e γ ɛ ) J 0 (x) < T < (e γ +ɛ)j 0 (x).

23 Pomerance s problem Theorems: With prob going to 1: π 4 ( e γ ɛ ) J 0 (x) < T < (e γ +ɛ)j 0 (x). All numbers in the square product a i1 a ik are y 2+ɛ 0 -smooth. There are k = y 1+o(1) 0 different a i s in the square product

24 Pomerance s problem Theorems: With prob going to 1: π 4 ( e γ ɛ ) J 0 (x) < T < (e γ +ɛ)j 0 (x). All numbers in the square product a i1 a ik are y 2+ɛ 0 -smooth. There are k = y 1+o(1) 0 different a i s in the square product If T < ( π 4 ɛ ) e γ J 0 (x) then the square product is just one a i, a square.

25 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k

26 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k Form the matrix with rows (e i,1, e i,2,..., e i,k )

27 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k Form the matrix with rows (e i,1, e i,2,..., e i,k ) A subset of the y-smooth a i s forms a square product if and only if the sum of those rows is 0 (mod 2).

28 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k Form the matrix with rows (e i,1, e i,2,..., e i,k ) A subset of the y-smooth a i s forms a square product if and only if the sum of those rows is 0 (mod 2). So a square product if > k rows.. How soon would we expect this?

29 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k Form the matrix with rows (e i,1, e i,2,..., e i,k ) A subset of the y-smooth a i s forms a square product if and only if the sum of those rows is 0 (mod 2). So a square product if > k rows. Prob(a i is y smooth) = ψ(x, y)/x. E(# of rows) = T ψ(x, y)/x,

30 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k Form the matrix with rows (e i,1, e i,2,..., e i,k ) A subset of the y-smooth a i s forms a square product if and only if the sum of those rows is 0 (mod 2). So a square product if > k rows. Prob(a i is y smooth) = ψ(x, y)/x. E(# of rows) = T ψ(x, y)/x, This is > k = π(y) for T > xπ(y)/ψ(x, y). Minimized at y = y 0, so T > J 0 (x).

31 Schroeppel s 1985 approach Study only the y-smooth a i s. Factor each as a i = 2 e i,13 e i,2... p e i,k k Form the matrix with rows (e i,1, e i,2,..., e i,k ) A subset of the y-smooth a i s forms a square product if and only if the sum of those rows is 0 (mod 2). So a square product if > k rows. Prob(a i is y smooth) = ψ(x, y)/x. E(# of rows) = T ψ(x, y)/x, This is > k = π(y) for T > xπ(y)/ψ(x, y). Minimized at y = y 0, so T > J 0 (x). Technique works, with prob 1, for T > (1 + ɛ)j 0 (x)

32 Schroeppel s 1985 approach Factor base: Primes up to y Keep only y-smooth a i s Square product after k such a i s

33 Schroeppel s 1985 approach Factor base: Primes up to y Keep only y-smooth a i s Square product after k such a i s Practical to implement

34 Schroeppel s 1985 approach Factor base: Primes up to y Keep only y-smooth a i s Square product after k such a i s Practical to implement New result: By time (1+ɛ)J 0 (x) one has not one square product, but many, about ɛπ(y 0 ), with prob 1.

35 Schroeppel s 1985 approach Factor base: Primes up to y Keep only y-smooth a i s Square product after k such a i s Practical to implement New result: By time (1+ɛ)J 0 (x) one has not one square product, but many, about ɛπ(y 0 ), with prob 1. Key Variant: Large Prime Variation Also keep a i = pb i where b i is y- smooth and p is a prime > y.

36 Schroeppel s 1985 approach Factor base: Primes up to y Keep only y-smooth a i s Square product after k such a i s Practical to implement New result: By time (1+ɛ)J 0 (x) one has not one square product, but many, about ɛπ(y 0 ), with prob 1. Key Variant: Large Prime Variation Also keep a i = pb i where b i is y- smooth and p is a prime > y. With two, pb i and pb j, their product p 2 b i b j is a y-pseudosmooth and can be used as a row in our matrix.

37 Schroeppel s 1985 approach Factor base: Primes up to y Keep only y-smooth a i s Square product after k such a i s Practical to implement New result: By time (1+ɛ)J 0 (x) one has not one square product, but many, about ɛπ(y 0 ), with prob 1. Key Variant: Large Prime Variation Also keep a i = pb i where b i is y- smooth and p is a prime > y. With two, pb i and pb j, their product p 2 b i b j is a y-pseudosmooth and can be used as a row in our matrix. Theorem: Speed up by factor Will prove this later

38 Multiple large prime variations Can try two large primes: a i = pqb i, b i is y-smooth, p, q primes > y.

39 Multiple large prime variations Can try two large primes: a i = pqb i, b i is y-smooth, p, q primes > y. And three large primes, etc.

40 Multiple large prime variations Can try two large primes: a i = pqb i, b i is y-smooth, p, q primes > y. And three large primes, etc. Practical issues: Upper bound on extra primes, say y < p < My.

41 Multiple large prime variations Can try two large primes: a i = pqb i, b i is y-smooth, p, q primes > y. And three large primes, etc. Practical issues: Upper bound on extra primes, say y < p < My. How to find pseudosmooths?. More on that later

42 Multiple large prime variations Can try two large primes: a i = pqb i, b i is y-smooth, p, q primes > y. And three large primes, etc. Practical issues: Upper bound on extra primes, say y < p < My. How to find pseudosmooths? PROVED SPEED-UPS l M = M = 100 M = For l-large primes variation, each large prime in (y, M y).. Speed-up for # of a i s searched, not for factoring algorithm

43 Speed-ups l M = M = 100 M = For l-large primes variation, each large prime in (y, M y).

44 Speed-ups l M = M = 100 M = For l-large primes variation, each large prime in (y, M y). As l, M (M slowly), our speed up factor e γ =

45 Speed-ups l M = M = 100 M = For l-large primes variation, each large prime in (y, M y). As l, M (M slowly), our speed up factor e γ = How big are y 0 and J 0?

46 Speed-ups l M = M = 100 M = For l-large primes variation, each large prime in (y, M y). As l, M (M slowly), our speed up factor e γ = How big are y 0 and J 0? For L(x) =e 12 log x log log x, y 0 (x) = L(x) 1+o(1) and J 0 (x) = L(x) 2+o(1). These estimates can be made more precise but not to asymptotics

47 Such precise estimates? If we cannot be precise about the value of J 0, how can we determine these speed-up constants?

48 Such precise estimates? If we cannot be precise about the value of J 0, how can we determine these speed-up constants? 1986 Hildebrand and Tenenbaum: Even if we cannot give an asymptotic formula for Ψ(x, y), we can do so for Ψ(2x, y) Ψ(x, y) and similar qns where the variables involved are close in size. Our results here make full use of their estimates,

49 Such precise estimates? If we cannot be precise about the value of J 0, how can we determine these speed-up constants? 1986 Hildebrand and Tenenbaum: Even if we cannot give an asymptotic formula for Ψ(x, y), we can do so for Ψ(2x, y) Ψ(x, y) and similar qns where the variables involved are close in size. Our results here make full use of their estimates, But still cannot estimate J 0 accurately maybe value can be computed (Bernstein) in any example.

50 Analysis; one large prime, I Prob(a = pb x : b is y smooth) = Ψ(x/p, y) x

51 Analysis; one large prime, I Ψ(x/p, y) Prob(a = pb x : b is y smooth) = x = Ψ(x/p, y) Ψ(x, y) for y < p < y log y. Ψ(x, y) x log y p Ψ(x, y) x

52 Analysis; one large prime, I Ψ(x/p, y) Prob(a = pb x : b is y smooth) = x = Ψ(x/p, y) Ψ(x, y) Ψ(x, y) x log y p for y < p < y log y. Expected # of k-tuples, from the T = ηj 0 values of a i, that are p times a y-smooth: ( ) ( ) T log y Ψ(x, y) k k p x Ψ(x, y) x

53 Analysis; one large prime, I Ψ(x/p, y) Prob(a = pb x : b is y smooth) = x = Ψ(x/p, y) Ψ(x, y) Ψ(x, y) x log y p for y < p < y log y. Expected # of k-tuples, from the T = ηj 0 values of a i, that are p times a y-smooth: ( T k ) ( log y p Ψ(x, y) x as J 0 log yψ(x, y)/x y. ) k 1 k! ( ηy p Ψ(x, y) x ) k

54 Analysis; one large prime, I Ψ(x/p, y) Prob(a = pb x : b is y smooth) = x = Ψ(x/p, y) Ψ(x, y) Ψ(x, y) x log y p for y < p < y log y. Expected # of k-tuples, from the T = ηj 0 values of a i, that are p times a y-smooth: ( T k ) ( log y p Ψ(x, y) x ) k 1 k! ( ηy as J 0 log yψ(x, y)/x y. Expected number of k-tuples, including all p > y, is (ηy)k k! p>y 1 p k p Ψ(x, y) x ) k

55 Analysis; one large prime, I Ψ(x/p, y) Prob(a = pb x : b is y smooth) = x = Ψ(x/p, y) Ψ(x, y) Ψ(x, y) x log y p for y < p < y log y. Expected # of k-tuples, from the T = ηj 0 values of a i, that are p times a y-smooth: ( T k ) ( log y p Ψ(x, y) x ) k 1 k! ( ηy as J 0 log yψ(x, y)/x y. Expected number of k-tuples, including all p > y, is (ηy)k k! p>y p Ψ(x, y) x ) k 1 p k (ηy)k 1 k! (k 1)y k 1 log y

56 Analysis; one large prime, I Ψ(x/p, y) Prob(a = pb x : b is y smooth) = x Ψ(x/p, y) Ψ(x, y) = log y Ψ(x, y) x p for y < p < y log y. Expected # of k-tuples, from the T = ηj 0 values of a i, that are p times a y-smooth: ( ) ( ) T log y k 1 ( ηy Ψ(x, y) k p x k! p as J 0 log yψ(x, y)/x y. Expected number of k-tuples, including all p > y, is (ηy)k 1 k! p k (ηy)k 1 k! p>y η k (k 1)k! π(y) Ψ(x, y) x ) k (k 1)y k 1 log y

57 Analysis; one large prime, II Sps pb 1, pb 2,..., pb r amongst a i s, each b j is y-smooth.

58 Analysis; one large prime, II Sps pb 1, pb 2,..., pb r amongst a i s, each b j is y-smooth. These yield exactly r 1 mult indep pseudosmooths, (pb 1 )(pb 2 ), (pb 1 )(pb 3 ),..., (pb 1 )(pb r ).

59 Analysis; one large prime, II Sps pb 1, pb 2,..., pb r amongst a i s, each b j is y-smooth. These yield exactly r 1 mult indep pseudosmooths, (pb 1 )(pb 2 ), (pb 1 )(pb 3 ),..., (pb 1 )(pb r ). Use identity r 1 = I {1,...,r} I 2 ( 1) I ;

60 Analysis; one large prime, II Sps pb 1, pb 2,..., pb r amongst a i s, each b j is y-smooth. These yield exactly r 1 mult indep pseudosmooths, (pb 1 )(pb 2 ), (pb 1 )(pb 3 ),..., (pb 1 )(pb r ). Use identity r 1 = I {1,...,r} I 2 ( 1) I ; so total # smooths and pseudo-smooths: η k η + ( 1) k π(y) (k 1)k! k 2

61 Analysis; one large prime, II Sps pb 1, pb 2,..., pb r amongst a i s, each b j is y-smooth. These yield exactly r 1 mult indep pseudosmooths, (pb 1 )(pb 2 ), (pb 1 )(pb 3 ),..., (pb 1 )(pb r ). Use identity r 1 = I {1,...,r} I 2 ( 1) I ; so total # smooths and pseudo-smooths: η k η + ( 1) k π(y) (k 1)k! k 2 Constant = 1 for η = And for two large primes?

62 Two large primes, I Expected # pairs pqb 1 & pqb 2, and Expected # triples pqb 1, prb 2, qrb 3, bounded, so not useful!

63 Two large primes, I Expected # pairs pqb 1 & pqb 2, and Expected # triples pqb 1, prb 2, qrb 3, bounded, so not useful! Expected # triples pb 1, pqb 2, qb 3, is η 3 π(y).

64 Two large primes, I Expected # pairs pqb 1 & pqb 2, and Expected # triples pqb 1, prb 2, qrb 3, bounded, so not useful! Expected # triples pb 1, pqb 2, qb 3, is η 3 π(y). How do you tell the difference?

65 Two large primes, I Expected # pairs pqb 1 & pqb 2, and Expected # triples pqb 1, prb 2, qrb 3, bounded, so not useful! Expected # triples pb 1, pqb 2, qb 3, is η 3 π(y). How do you tell the difference? Construct matrix M for p, pq, p, with 2 ones in each col:

66 Two large primes, I Expected # pairs pqb 1 & pqb 2, and Expected # triples pqb 1, prb 2, qrb 3, bounded, so not useful! Expected # triples pb 1, pqb 2, qb 3, is η 3 π(y). How do you tell the difference? Construct matrix M for p, pq, p, with 2 ones in each col: Expect cπ(y) such triples iff #ones = #rows + #columns 1.

67 Two large primes, I Expected # pairs pqb 1 & pqb 2, and Expected # triples pqb 1, prb 2, qrb 3, bounded, so not useful! Expected # triples pb 1, pqb 2, qb 3, is η 3 π(y). How do you tell the difference? Construct matrix M for p, pq, p, with 2 ones in each col: Expect cπ(y) such triples iff #ones = #rows + #columns 1. Yields exactly #rows rank(m) mult indep pseudosmooths. Combinatorial identity like in one large prime case?

68 Many large primes, II Before used r 1 = I {1,...,r} I 2 ( 1) I.

69 Many large primes, II Before used r 1 = I {1,...,r} I 2 ( 1) I. Generalization: M := matrices s.t. #ones = #rows + #columns 1. M R has rows R.

70 Many large primes, II Before used r 1 = I {1,...,r} I 2 ( 1) I. Generalization: M := matrices s.t. #ones = #rows + #columns 1. M R has rows R. If M R M then #rows rank(m R ) = S R M S M ( 1) #ones(s)

71 Many large primes, II Before used r 1 = I {1,...,r} I 2 ( 1) I. Generalization: M := matrices s.t. #ones = #rows + #columns 1. M R has rows R. If M R M then #rows rank(m R ) = S R M S M ( 1) #ones(s) How do we count the different type of matrices that arise?

72 A graph theory approach Construct graph G = G(M): For each a i a vertex v i G, With v i v I of colour p j if p j (n i, n I ) M i,j = M I,j = 1.

73 A graph theory approach Construct graph G = G(M): For each a i a vertex v i G, With v i v I of colour p j if p j (n i, n I ) M i,j = M I,j = 1. If M M, G(M) is simple, & only cycles in G(M) are monochromatic

74 A graph theory approach Construct graph G = G(M): For each a i a vertex v i G, With v i v I of colour p j if p j (n i, n I ) M i,j = M I,j = 1. If M M, G(M) is simple, & only cycles in G(M) are monochromatic So cycles are subsets of the complete graph of edges of that colour.

75 A graph theory approach Construct graph G = G(M): For each a i a vertex v i G, With v i v I of colour p j if p j (n i, n I ) M i,j = M I,j = 1. If M M, G(M) is simple, & only cycles in G(M) are monochromatic So cycles are subsets of the complete graph of edges of that colour. Hence any two-connected subgraph of G(M) is a complete graph: This is known as a Husimi graph:

76 A graph theory approach Construct graph G = G(M): For each a i a vertex v i G, With v i v I of colour p j if p j (n i, n I ) M i,j = M I,j = 1. If M M, G(M) is simple, & only cycles in G(M) are monochromatic So cycles are subsets of the complete graph of edges of that colour. Hence any two-connected subgraph of G(M) is a complete graph: This is known as a Husimi graph: Inspired combinatorics of species, Central to gas thermodynamics

77 The theory of species Generating functions known for counting Husimi graphs with different parameters.

78 The theory of species Generating functions known for counting Husimi graphs with different parameters. Leads to:for T = ηj 0, the number of pseudosmooths is f(η)π(y 0 ) where f(η) satisfies ηf (η) = log(1 f(η)).

79 The theory of species Generating functions known for counting Husimi graphs with different parameters. Leads to:for T = ηj 0, the number of pseudosmooths is f(η)π(y 0 ) where f(η) satisfies ηf (η) = log(1 f(η)). This implies f(η) is monotone increasing, f(e γ ) = 1, but f(η) diverges for η > e γ.

80 The theory of species Generating functions known for counting Husimi graphs with different parameters. Leads to:for T = ηj 0, the number of pseudosmooths is f(η)π(y 0 ) where f(η) satisfies ηf (η) = log(1 f(η)). This implies f(η) is monotone increasing, f(e γ ) = 1, but f(η) diverges for η > e γ. Sadly we re-organized a non-abs cvgent series in our proof, and we have been unable to fix this proof! In fact we swapped order of summation in applying #rows rank(m R ) = S R M S M ( 1) #ones(s)

81 Lower bound on T Suppose T < ( π 4 ɛ ) e γ J 0 (x).

82 Lower bound on T Suppose T < ( π 4 ɛ ) e γ J 0 (x). Write each a i = b i d i where for each p a i we have p y p b i p > y p d i. If i I a i = then i I d i =.

83 Lower bound on T Suppose T < ( π 4 ɛ ) e γ J 0 (x). Write each a i = b i d i where for each p a i we have p y p b i p > y p d i. If i I a i = then i I d i =. Idea: For each k, Expected # of I with I = k & i I a i = Expected # of I with I = k & i I d i =.

84 Lower bound on T Suppose T < ( π 4 ɛ ) e γ J 0 (x). Write each a i = b i d i where for each p a i we have p y p b i p > y p d i. If i I a i = then i I d i =. Idea: For each k, Expected # of I with I = k & i I a i = Expected # of I with I = k & i I d i =. Bound this using Rankin s trick.

85 Lower bound on T Suppose T < ( π 4 ɛ ) e γ J 0 (x). Write each a i = b i d i where for each p a i we have p y p b i p > y p d i. If i I a i = then i I d i =. Idea: For each k, Expected # of I with I = k & i I a i = Expected # of I with I = k & i I d i =. Bound this using Rankin s trick. Picking y = y(k) carefully we show the prob is T 2 (log x)/x over all k 2

86 Lower bound on T Suppose T < ( π 4 ɛ ) e γ J 0 (x). Write each a i = b i d i where for each p a i we have p y p b i p > y p d i. If i I a i = then i I d i =. Idea: For each k, Expected # of I with I = k & i I a i = Expected # of I with I = k & i I d i =. Bound this using Rankin s trick. Picking y = y(k) carefully we show the prob is T 2 (log x)/x over all k 2, so most likely is I = 1 (which has probability T/ x).

87 Hypergraphs to the rescue Vertices correspond to primes in (y, My), and hyperedges to the odd power prime factors of each a i.

88 Hypergraphs to the rescue Vertices correspond to primes in (y, My), and hyperedges to the odd power prime factors of each a i. Viewpoint: Construction of a random hypergraph, using only a i that are helpful.

89 Hypergraphs to the rescue Vertices correspond to primes in (y, My), and hyperedges to the odd power prime factors of each a i. Viewpoint: Construction of a random hypergraph, using only a i that are helpful. Use Poisson point processes. Translate our discrete problem to continuous setting megatechnical!

90 Hypergraphs to the rescue Vertices correspond to primes in (y, My), and hyperedges to the odd power prime factors of each a i. Viewpoint: Construction of a random hypergraph, using only a i that are helpful. Use Poisson point processes. Translate our discrete problem to continuous setting megatechnical! This very different approach yields the same answer e γ J 0 (x).

91 Hypergraphs to the rescue Vertices correspond to primes in (y, My), and hyperedges to the odd power prime factors of each a i. Viewpoint: Construction of a random hypergraph, using only a i that are helpful. Use Poisson point processes. Translate our discrete problem to continuous setting megatechnical! This very different approach yields the same answer e γ J 0 (x). And the same divergence now implies one gets many square products soon after getting the first!

92 Pomerance s application If one optimizes parameters in Pomerance s problem, then the running time of the factoring algorithm is dominated by finding the square product (i.e. the matrix step). Matrix step: Wiedemann or Lanczos take time y 2 C log y log log y

93 Pomerance s application If one optimizes parameters in Pomerance s problem, then the running time of the factoring algorithm is dominated by finding the square product (i.e. the matrix step). Matrix step: Wiedemann or Lanczos take time y 2 C log y log log y To optimize random squares need y = y 1 = y 1 (1+o(1))/ log log x 0, much smaller than y 0, so Pomerance s problem not so useful as had appeared!

94 Pomerance s application If one optimizes parameters in Pomerance s problem, then the running time of the factoring algorithm is dominated by finding the square product (i.e. the matrix step). Matrix step: Wiedemann or Lanczos take time y 2 C log y log log y To optimize random squares need 1 (1+o(1))/ log log x y = y 1 = y0, much smaller than y 0, so Pomerance s problem not so useful as had appeared! Expected running time is: J 1 := J 0 y (1+o(1))/(log log x)2 0

95 Practical speed-ups for random squares algorithm from large prime variations Reduction in T obtained: l M = M = 100 M = For l-large primes variation, each large prime in (y, M y).

96 Practical speed-ups for random squares algorithm from large prime variations Reduction in T obtained: l M = M = 100 M = For l-large primes variation, each large prime in (y, M y). If reduction in T here is a factor η, then the random squares algorithm is sped up by a factor 1 (log x) log(1/η).

97 What practical people say Practical considerations (not theory): Design of the computer, Language & implementation, Memory issues (large arrays), swaps How reports handled Programmer s prejudices and prior experiences.

98 What practical people say Practical considerations (not theory): Design of the computer, Language & implementation, Memory issues (large arrays), swaps How reports handled Programmer s prejudices and prior experiences. Recognizing y-smooths: Quadratic sieve (& MPQS) Early abort strategies (for a i s with small y 2 -smooth part)

99 What practical people say Practical considerations (not theory): Design of the computer, Language & implementation, Memory issues (large arrays), swaps How reports handled Programmer s prejudices and prior experiences. Recognizing y-smooths: Quadratic sieve (& MPQS) Early abort strategies (for a i s with small y 2 -smooth part) Keep a i = b i p 1... p j, where b i is y- smooth for j k and p l (y, My): If M is large, then more a j s, more pseudosmooths, but slows down sieving (as there are more primes to test).

100 What practical people say, II Keep a i = b i p 1... p j, where b i is y- smooth for j k and p l (y, My): If k is large, then more a j s, but smaller proportion actually useful (lots of effort on useless a j ).

101 What practical people say, II Keep a i = b i p 1... p j, where b i is y- smooth for j k and p l (y, My): If k is large, then more a j s, but smaller proportion actually useful (lots of effort on useless a j ). Fix: Discard if two larger prime factors

102 What practical people say, II Keep a i = b i p 1... p j, where b i is y- smooth for j k and p l (y, My): If k is large, then more a j s, but smaller proportion actually useful (lots of effort on useless a j ). Fix: Discard if two larger prime factors Speed-ups in practice (Lenstra et al):.4 to.5 for k = 1;.15 to.25 for k = 2;.1 and.14 for k = 3.

103 What practical people say, II Keep a i = b i p 1... p j, where b i is y- smooth for j k and p l (y, My): If k is large, then more a j s, but smaller proportion actually useful (lots of effort on useless a j ). Fix: Discard if two larger prime factors Speed-ups in practice (Lenstra et al):.4 to.5 for k = 1;.15 to.25 for k = 2;.1 and.14 for k = 3. For more: Willemien Ekkelkamp s talk

104 What practical people say, II Keep a i = b i p 1... p j, where b i is y- smooth for j k and p l (y, My): If k is large, then more a j s, but smaller proportion actually useful (lots of effort on useless a j ). Fix: Discard if two larger prime factors Speed-ups in practice (Lenstra et al):.4 to.5 for k = 1;.15 to.25 for k = 2;.1 and.14 for k = 3. For more: Willemien Ekkelkamp s talk For x our predictions: Speedups of.41, 0.25, 0.20 resp not bad! Run experiments on Pomerance s problem directly?

105 Methods used First and second moment methods from probabilistic combinatorics. Husimi graphs from statistical physics. Lagrange inversion from algebraic combinatorics. Analytic continuation of solutions to functional equations. Comparative estimates on smooth numbers, via comparative estimates on saddle points. Random graph theory, Poisson processes and conversion from continuous to discrete.

Industrial Strength Factorization. Lawren Smithline Cornell University

Industrial Strength Factorization Lawren Smithline Cornell University lawren@math.cornell.edu http://www.math.cornell.edu/~lawren Industrial Strength Factorization Given an integer N, determine the prime