Integer factoring and compositeness witnesses

Maciej Radziejewski,Jacek Pomykała

doi:10.1515/jmc-2019-0023

Maciej Radziejewski, Jacek Pomykała

Open Access

https://doi.org/10.1515/jmc-2019-0023

Copy DOI

Abstract

AbstractWe describe a reduction of the problem of factorization of integers n ≤ x in polynomial-time (log x)M+O(1) to computing Euler’s totient function, with exceptions of at most xO(1/M) composite integers that cannot be factored at all, and at most x exp $\begin{array}{} \displaystyle \left(-\frac{c_M(\log\log x)^3}{(\log\log\log x)^2}\right) \end{array}$ integers that cannot be factored completely. The problem of factoring square-free integers n is similarly reduced to that of computing a multiple D of ϕ(n), where D ≪ exp((log x)O(1)), with the exception of at most xO(1/M) integers that cannot be factored at all, in particular O(x1/M) integers of the form n = pq that cannot be factored.

Highlights

The computational problems of factorization of a composite integer n and computation of discrete logarithms in Z*n play a significant role in the current public key cryptography
The security of many popular cryptosystems rests on the difficulty of the integer factorization problem
If anyone came up with a fast method of computing such a multiple of reasonable size, as we show at the end of the paper, it would seriously impact the security of the RSA cryptosystem

Summary

Introduction

The computational problems of factorization of a composite integer n and computation of discrete logarithms in Z*n play a significant role in the current public key cryptography. The reduction of the general factorization problem to computing the values of Euler’s totient function φ(n) or to computing the discrete logarithms in Z*n has attracted much attention in the last decades The existence of such a reduction (which is trivial in the special case n = pq) would, render the cryptosystems in question insecure if somebody developed a method to quickly compute, e.g., φ(n) for large n. We investigate the problem of complete factorization with the aid of the oracle O = Φ In this case we were able to obtain the bound O(x/(log x)6.5M) for the number of the related exceptions when the oracle is queried once, and cM (log log (log log log x) x). M3−ε, when the oracle is queried multiple times The former bound depends on the current top results related to the Vinogradov-Linnik problem on the least character non-residue. [10], and the enhanced analysis of the Hensel-Berlekamp method applied in [18]

Notations and basic definitions

Factoring based on witnesses of small order

Fermat-Euclid compositeness witnesses and nontrivial factorization

Factorization by iterated use of the Φ oracle