MFFV2 and MNQSV2:
Improved Factorization Algorithms
Kritsanapong Somsuk
Sumonta Kasemvilas
Department of Computer Science, Faculty of Science
Khon Kaen University, KKU
Khon Kaen, Thailand
[email protected]
Department of Computer Science, Faculty of Science
Khon Kaen University, KKU
Khon Kaen, Thailand
[email protected]
Abstract—we propose a method to decrease processing time
for two factorization algorithms. One is Modified Fermat
Factorization Version 2 (MFFV2) modified from Modified
Fermat Factorization (MFF). The other is Modified Non – sieving
Quadratic Sieve Version 2 (MNQSV2) modified from Modified
Non – Sieving Quadratic Sieve (MNQS). A key concept of this
method is to decrease processing time to compute an integer’s
square root. This method can be used with all factorization
algorithms which the modulus is written as the difference of
squares. The experiments showed that the speed of MFFV2
increases when compares with MFF and the speed of MNQSV2
increases when compares with MNQS. In addition, if two primes’
differences are small, the factorization speed of MNQSV2 is
faster than the factorization speed of MFFV2.
Keywords—RSA; Modified Fermat Factorization (MFF);
Modified Fermat Factorization Version 2 (MFFV2); Modified Non
– Sieving Quadratic Sieve (MNQS); Modified Non – Sieving
Quadratic Sieve Version 2 (MNQSV2); Factorization algorithm
I.
INTRODUCTION
Data security is important. We need to consider the
security problem when we send data over the network [10,
11]. Cryptography is one of the methods to protect the
information in the insecure channel [9]. Formerly,
cryptography used to protect the information was symmetric
cryptography. For using symmetric cryptography, both parties
share the same key for encryption and decryption. The
problem of using the same key is that, we cannot ensure the
methods to exchange a key in the insecure channel.
Latter, Diffie and Hellman [12] proposed asymmetric
cryptography or public key cryptography. It uses a pair of keys
to encrypt and decrypt message: one key which is disclosed,
called the public key, and the other key which is kept secret,
called the private key. Because the public key is disclosed for
users to encrypt message, it can solve a key exchange
problem. There are many kinds of public key algorithms but
RSA algorithm [1] is the most well-known. The idea of RSA
is that finding the product of the large two primes is very
simple, but finding the factors which are the product of these
primes is computationally much harder. The security of RSA
is based on the difficulty of factorization problem [3]. If some
malicious persons can find the factors of the modulus n, then
RSA is broken.
Recently, there are many factorization algorithms such as
Trial division algorithm [8], Fermat factorization algorithm [2,
3] and Monte Carlo factorization algorithm [8]. Trial division
is the simplest factorization algorithm [7]. The concept is,
assume that we want to find the factors of n = p*q, q < p and
q is an integer in range 2,3,…,floor(sqrt(n)). If q is found, then
p is computed: p = n/q. Latter, Pierre de Fermat [6, 7]
observed that n can be rewritten as the difference of squares: n
= x2 – y2, x = (p + q)/2 and y = (p – q)/2, because of ((p +
q)/2)2 – ((p -q)/2)2 = p*q = n, if we can find x and y, then we
can recover p and q as follows: p = x + y and q = x – y.
B R Ambedkar et al [2] proposed the method modified
from Fermat factorization. This method can finish all trivial
and nontrivial value of n, called Modified Fermat
Factorization (MFF). Qingfend Huange et al [3] proposed the
factorization method modified from Primitive Non - sieving
Quadratic Sieve (PNQS), called Modified Non - sieving
Quadratic Sieve (MNQS). Both PNQS and MNQS must use
the difference of squares equation. For MNQS, we do not need
to choose a factor base but PNQS do.
In this paper, we propose a method to decrease processing
time for some factorization algorithms. Our method can be
used with all factorization algorithms which n is rewritten as
the difference of squares. That is, we will compute the square
root of integer only if we can strongly confirm that the result
may be an integer. The experiments showed that our method
combined with MFF, called Modified Fermat Factorization
Version 2 (MFFV2), is faster than MFF. Also, our method
combined with MNQS, called Modified Non-sieving
Quadratic Sieve Version 2 (MNQSV2), is faster than MNQS.
However, if two primes’ differences are small, the speed of
MNQSV2 is faster than factorization speed of MFFV2.
II.
RSA SCHEME
RSA is the most well-known public key cryptography
based on the difficulty of integer factorization. The main idea
of RSA is that it is relatively easy to multiply but much more
difficult to factor. The RSA scheme is as follows:
1.
2.
Generate the large two primes, p and q, randomly and
secretly.
Compute n = p*q.
978-1-4799-0604-8/13/$31.00 ©2013 IEEE
3.
Compute Φ(n) = (p-1)(q-1).
4.
Choose an integer e, 1<e< Φ(n) , such that gcd(e,
Φ(n) ) = 1.
5.
Compute an integer d, 1<d< Φ(n) , such that e*d mod
6.
Φ(n) = 1 using Extended Euclid Algorithm [4].
Encryption: c = me mod n, m is the plaintext and c is
the ciphertext.
Decryption: m= cd mod n.
7.
III.
FERMAT FACTORIZATION AND MODIFIED FERMAT
FACTORIZATION
For Fermat Factorization, n is rewritten in the difference of
squares: n = ((p + q)/2)2- ((p - q)/2)2, where p and q are odd
primes and p > q, so the results of (p + q)/2 and (p - q)/2 are
integers.
Let x = (p + q)/2 and y = (p - q)/2, we have:
2
n=x –y
2
(1)
If we find the value of x and y, then two primes are
recovered by p = x + y and q = x – y.
For MFF, (1) is rewritten in this way, y = sqrt(x2 – n), start
with x = ceil(sqrt(n)).
If y is an integer then we accept the pair (x, y). Otherwise,
we continue computing x = x+1 and y =sqrt(x2 – n) until we
find y which is an integer.
IV.
PRIMITIVE NON – SIEVING QUADRATIC SIEVE
PNQS is the factorization algorithm using the difference of
squares equation. First, a factor base: S = {2, 3, 5,…, pt} is
choosen. Then, x = ceil(sqrt(n)) and y = sqrt(x2 mod n) are
computed. If y is S-smooth, then we accept the pair (x, y).
Otherwise, we discard it and continue computing x = x+1 and
y = sqrt(x2 mod n) until the integer y which is S-smooth is
found. Finally, we can recover two primes p = gcd((x + y), n)
and q = gcd((x - y), n).
V.
MODIFIED NON – SIEVING QUADRATIC SIEVE
A disadvantage of PNQS is that we have to choose a factor
base first. The reason is that if this factor base is inadequate,
then we may spend much time to find the integer x and y.
MNQS is the algorithm modified from PNQS. This method
does not need to use a factor base. For this method, n is
distinguished in two forms: n = 6k – 1 and n = 6k + 1 [3]. The
algorithms of each form is as follows:
Case 1: Form n = 6k - 1. The first step, we choose the
smallest x which is in range ceil(sqrt(n)) to n and x mod 3 = 0,
x/3 is an odd number. Next, compute y = sqrt(x2 mod n). If y is
an integer, then we accept the pair (x, y). Otherwise, we
discard it and continue computing x = x+6 and y = sqrt(x2
mod n) until the integer y is found. Finally, we can recover
two primes p = x + y and q = x - y.
Case 2: Form n = 6k + 1. First, we choose the smallest x
which is in range ceil(sqrt(n)) to n and x mod 6 = 1 or x mod 6
= 5. Next, compute y =sqrt(x2 mod n). If y is an integer, then
we accept the pair (x, y). Otherwise, we discard it and continue
computing x = x+4 (if x mod 6 = 1) or x = x+2 (if x mod 6 =
5) and y = sqrt(x2 mod n) until the integer y is found. Finally,
we can recover two primes p = x + y and q = x - y.
VI.
PROPOSED METHOD
The factorization algorithms which use the difference of
squares equation must compute the square root of an integer to
find the integer result. We know that the square root of some
integers are not an integer. Assume z is an integer, if its last
digit is 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, then the last digit of z2 is 0, 1,
4, 9, 6, 5, 6, 9, 4, 1, consecutively.
From these results we conclude that for any integer z the
last digit of z2 is only 0, 1, 4, 5, 6 or 9. Therefore, if the last
digit of z is 2, 3, 7 or 8, then the square root of z is not an
integer.
Algorithm: Assume we have: y2 = x2 – n
First, a = y2 mod 10 is computed. If the result of a is 2, 3, 7
or 8, no need to compute y = sqrt(y2), because we can strongly
confirm that the result of y is not an integer. Otherwise, we
compute y = sqrt(y2) as it may be an integer.
Example 1: MFF VS. MFFV2, given n = 6280753 =
2203*2851.
For MFF (The previous study): The first step is that x =
ceil(sqrt(6280753)) = 2507 and y2 = 25072 – 6280753 = 4296
are computed and y = sqrt(4296) = 65.544 is taken. Here, it is
not an integer. So, we continue computing x = x+1 = 2508, y2
= 25082 – 6280753 = 9211, then taking y = sqrt(9211) =
96.494. As seen, it is still not an integer. We continue
computing x, y2 and y until x = 2527, y2 = 25272 – 6280753 =
104976 are found. Then y = sqrt(104976) = 324. Here, is an
integer. So, the factors of n are 2527 + 324 = 2581 and 2527 –
324 = 2203, respectively.
According to the example above, there are 21 ((2527 2507) + 1) iterations of computing. Therefore, y = sqrt(y2)
will be computed 21 iterations.
If we use MFFV2 to compute in the third iteration: x =
2509, y2 = 25092 – 6280753 = 14328, and the last digit of y2 is
8, then y is not an integer. We do not compute y = sqrt(y2).
We continue computing x, y2 and y until an integer y is found.
Although MFFV2 uses 21 iterations of computing like MFF,
MFFV2 uses only 9 iterations to compute y = sqrt(y2).
Example 2: MNQS VS. MNQSV2, given n = 6280753 =
2203*2851.
For MNQS (The previous study): n = 6280753 has the
form 6k+1, 6*1046792 +1. First, x = ceil(sqrt(6280753)) =
2507 is computed. Due to 2507 mod 6 = 5, we start with x =
2507. Next, we compute y2 = 25072 mod 6280753 = 4296 and
y = sqrt(4296) = 65.544 is taken. Here, it is not an integer. So,
we continue computing x = x+2 = 2509 (as a result of x mod 6
= 5), y2 = 25092 mod 6280753 = 14328 and take: y =
sqrt(14328) = 119.699. As seen, it is still not an integer. We
continue computing x, y2 and y until x = 2527, y2 = 25272 mod
6280753 = 104976 are found. Then y = sqrt(104976) = 324.
Here, is an integer. So, the factors of n are 2527 + 324 = 2581
and 2527 – 324 = 2203, respectively.
According to the example above, there are 8 iterations of
computing. Therefore, y = sqrt(y2) will be computed 8
iterations.
If we use MNQSV2 to compute in the second iteration: x =
2509, y2 = 25092 – 6280753 = 14328, and the last digit of y2 is
8, then y is not an integer. We do not compute y = sqrt(y2) and
continue computing x, y2 and y until an integer y is found.
Although MNQSV2 uses 8 iterations of computing like
MNQS, MNQSV2 use only 3 iterations to compute y =
sqrt(y2).
From the examples 1 and 2, our proposed method can
decrease iterations to compute the square root of the integer.
That is, the processing time of this method is decreased.
VII. RESULT
The experiments were conducted in two parts: First, the
comparison of MFF and MFFV2, and second, the comparison
of MNQS and MNQSV2. The algorithms were implemented
using BigInteger Class in Java. We choose this class because it
is a data type which is unlimited in size. All of the algorithms
in this paper were implemented by using the same resources
such as hardware, cpu speed and programming language.
TABLE I.
COMPARISION OF MFF AND MFFV2
n
MFF
ComProcess
puting
ing
y = sqrt(y2)
Time
(Iterations
(s)
)
34148097482646341
= 193950553 *
176065997
28141005701727301
= 207752947 *
135454183
5883255032751007097
= 2622941411 *
2242999027
337838988533956487317
= 18949526263 *
17828360659
MFFV2
Processing
ComTime (s)
puting
(Speed Up
y = sqrt(y2)
(Iterations
(%))
)
216237
0.65
129743
0.50
(23.08%)
3850754
10.49
2310453
7.58
(27.74%)
7428005
20.45
2971203
11.47
(43.91%)
8546607
24.97
3418644
13.82
(44.65%)
TABLE II.
COMPARISION OF MNQS AND MNQSV2
n
MNQS
ComProcess
puting
ing
2
y = sqrt(y )
Time
(Iterations
(s)
)
34148097482646341
Form: n = 6k - 1
28141005701727301
Form: n = 6k + 1
5883255032751007097
Form: n = 6k - 1
337838988533956487317
Form: n = 6k + 1
MNQSV2
Processing
ComTime (s)
puting
2
(Speed Up
y = sqrt(y )
(Iterations
(%))
)
36040
0.17
21263
1283585
4.09
770150
1238001
4.03
495201
2848870
9.84
1139549
0.15
(11.76%)
3.25
(20.54%)
2.32
(42.43%)
6.11
(37.91%)
According to table I and II, MFFV2 is faster than MFF and
MNQSV2 is faster than MNQS. Both MFFV2 and MNQSV2
can decrease computation time of the square root of the
integer compared with MFF and MNQS. For example, in table
I: n = 337838988533956487317 = 18949526263 *
17828360659 , MFF takes 24.97 seconds and 8546607
iterations for computing the square root of the integer to find
the factors of n but MFFV2 takes only 13.82 seconds and
3418644 iterations for computing the square root of the integer
to find the factors of n. In this case MFFV2 is faster than MFF
44.65%.
VIII. CONCLUSION
In this paper, the aim is to propose a method to decrease
computation time for some factorization algorithms. This
method computes the square of the integer only if we expect
the result of the square root of the integer is only integer.
MFFV2 modified from MFF and MNQSV2 modified from
MNQS are proposed. The results showed that MFFV2 can
find the factors of n much faster than MFF and MNQSV2 can
find the factors of n much faster than MNQS. However, if q is
close to p, then MNQSV2 is faster than MFFV2.
REFERENCES
[1]
R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital
signatures and public key cryptosystems,” Communications of ACM. 21
164-158 (1978).
[2] B. R Ambedkar, Ashwani Gupta, Pratiksha Gautam, Sarabjeet S.Bedi,
“An Efficient Method to Factorize the RSA Public Key Encryption ,”
Communication Systems and Network Technologies. (2011) 108 – 111.
[3] Qingfeng Huang, Zhi-Tang Li, Yejing Zhang, Chuiwei Lu, “A Modified
Non-Sieving Quadratic Sieve For Factoring Simple Blur Integers,”
Multimedia and Ubiquitous Engineering. (2007) 729 – 732.
[4] Jianqin Zhou, Jun Hu, Ping Chen, “Extended Euclid algorithm and its
application in RSA,” Information Science and Engineering. (2010) 2079
– 2081.
[5] A. K. Lenstra and H. W. L. Jr., editors. “The development of the number
field sieve” , volume 1554 of LNCS. Springer,1993.
[6] Bell, E. T. “The Prince of Amateurs: Fermat”. New York: Simon and
Schuster. (1986) 56-72.
[7] Garrett Paul B.,Making, “Breaking codes:An Introduction to
Cryptology”, Prentice Hall, 2000.
[8] David Bishop, “Introduction to Cryptography with java Applets”, Jones
and Bartlett Publisher, 2003.
[9] R.S. Vignesh, S. Sudharssum, K.J.J. Kumar, “Limitations of Quantum &
the Versatility of Classical Cryptography: A Comparative Study” ,
Environmental and Computer Science, 2009. ICECS '09. (2009) 333337.
[10] Taek- Won Kwon, Chang-Seok You, Won-Seok Heo, Yong-Kyu Kang,
Jzin-Rim Choi, “Two implementation methods of a 1024-bit RSA
cryptoprocessor based on modified Montgomery algorithm” , Circuits
and Systems, 2001. ISCAS 2001. (2001) 650 – 653.
[11] Ren-Junn Hwang, Feng-Fu Su, “An Efficient Decryption Method for
RSA Cryptosystem”, Advanced Information Networking and
Applications, 2005. AINA 2005. (2005) 585-590.
[12] W. Diffie and M. E. Hellman, “New Directions in Cryptography”, In
IEEE Transactions on Information Theory, volume IT–22, no. 6, pages
644–654, November 1976