# 数学代写|密码学代写Cryptography Theory代考|CMSC456 Pollard's $p-1$ Algorithm

## 数学代写|密码学Cryptography Theory代考|Pollard’s $p-1$ Algorithm

Recall Fermat’s Little Theorem:
If $p$ is a prime and $a$ is not a multiple of $p$, then $a^{p-1}=1(\bmod p)$.
So, if $m$ is a multiple of $p-1$, then $a^m=1(\bmod p)$. In other words, $p$ divides $a^m-1$. So, $\operatorname{gcd}\left(a^m-1, n\right)$, where $a^m-1$ is first reduced $\bmod n$, might reveal a factorization of $n$, because $p$ divides both $a^m-1$ and $n$.

But how can we find a multiple $m>1$ of $p-1$ ? Well, we hope that $p-1$ is $B$-smooth (i.e., all prime factors of $p-1$ are less than $B)^{22}$ for some small $B$. We let $m$ be defined as the product of all primes $q$ less than $B$. Just as a capital sigma denotes a summation, a capital pi denotes a product. We have
$$m=\prod_{q \leq B} q \quad q \text { prime }$$

## 数学代写|密码学Cryptography Theory代考|Dixon’s Algorithm

John D. Dixon’s (Figure 15.7) algorithm has its roots in Fermat’s method of factorization. Rather than insist on finding $x$ and $y$ such $x^2-y^2=n$, in order to factor $n$, we could content ourselves with an $x$ and $y$ such that $x^2-y^2=k n$. This may also be expressed as $x^2=y^2(\bmod n)$. So, if we can find two squares, $x^2$ and $y^2$, that are equal modulo $n$, we may have a factorization given by $(x-y)(x+y)$. It’s only “may,” because this broadening of Fermat’s method allows the possibility that $(x-y)=k$ and $(x+y)=n$. This idea goes back to Maurice Kraitchik in the 1920 s. $^{25}$
We can find potential $x$ and $y$ values quicker by not insisting that $y$ be a perfect square.
$$20^2=3^2(\bmod 391) \Rightarrow 20^2-3^2=391 \text { (from the Fermat example) }$$
But, if this didn’t work we could investigate further:
\begin{aligned} & 21^2=50=(2)(5)^2(\bmod 391) \ & 22^2=93=(3)(31)(\bmod 391) \ & 23^2=138=(2)(3)(23)(\bmod 391) \ & 24^2=185=(5)(537)(\bmod 391) \ & 25^2=234=(2)(117)(\bmod 391) \ & 26^2=285=(5)(57)(\bmod 391) \ & 27^2=338=(2)(13)^2(\bmod 391) \ & 28^2=2=(2)(\bmod 391) \end{aligned}

## 数学代写|密码学Cryptography Theory代考|Pollard’s $p-1$ 算法

$$m=\prod_{q \leq B} q \quad q \text { prime }$$

## 数学代写|密码学Cryptography Theory代考|Dixon’s Algorithm

John D. Dixon (图 15.7) 的算法源于费马的因式分解方法。而不是坚持寻找 $x$ 和 $y$ 这样 的 $x^2-y^2=n$, 为了考虑 $n$ ，我们可以满足于 $x$ 和 $y$ 这样 $x^2-y^2=k n$. 这也可以表示 为 $x^2=y^2(\bmod n)$. 所以，如果我们能贱到两个正方形， $x^2$ 和 $y^2$ ，是相等的模数 $n$, 我 们可能有一个因式分解 $(x-y)(x+y)$. 它只是“可能”，因为费马方法的这种扩展允许 这样的可能性 $(x-y)=k$ 和 $(x+y)=n$. 这个想法可以追溯到 20 年代的 Maurice Kraitchik。25

$20^2=3^2(\bmod 391) \Rightarrow 20^2-3^2=391$ (from the Fermat example)

$21^2=50=(2)(5)^2(\bmod 391) \quad 22^2=93=(3)(31)(\bmod 391) 23^2=138=(2)(3)(23)(\bmod 391)$

