Chapter-5

Prabal Paul

Department of Mathematics
BITS Goa, Goa

28th February 2023

Introduction

We have seen that RSA Cryptosystem will completely breakdown if

we can break N into two primes. So it is important to factor a
composite number. In the proceeding lectures, we will see some
factoring algorithms. We will start with Pollard p − 1 algorithm.

Prabal Paul Factoring algorithms

The Pollard p − 1 algorithm

Suppose n is a composite integer and p is a prime with p|n. Also

suppose that all the prime factors of p − 1 is less than B where B
is a positive real number, i,e., in other words q|(p − 1) and q is
prime implies that q ≤ B. Then

(p − 1) | B!.

Also let a = 2B! (mod n). Then by Fermat’s little theorem,

2p−1 ≡ 1 (mod p). Hence 2B! ≡ 1 (mod p). Hence a ≡ 1
(mod p), i.e., p|(a − 1). Now let d = gcd(n, a − 1). Then p|d.
Thus d will give a non-trivial factor of n.

Prabal Paul Factoring algorithms

Pollard p − 1 factoring algorithm (n, B)

a←2
for j ← 2 to B
do a ← aj (mod n)
d ← gcd(a − 1, n)
if 1 < d < n
then return (d)
else return (“failure”)

Prabal Paul Factoring algorithms

Exercise

Please look into the board for some examples.

Prabal Paul Factoring algorithms

The Pollard p − 1 algorithm

Example
Suppose n = 15770708441. If one applies the above algorithm
with B = 180, then a = 11620221425 and d = 135979. In fact,
the complete factorization of n into primes is

15770708441 = 135979 × 115979.

In the example, the factorization suceeds because

135978 = 2 × 3 × 131 × 173.

Prabal Paul Factoring algorithms

 Thank you

Prabal Paul Factoring algorithms