Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Quadratic sieve
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Checking smoothness by sieving=== There are several ways to check for smoothness of the ''y''s. The most obvious is by [[trial division]], although this increases the running time for the data collection phase. Another method that has some acceptance is the [[Lenstra elliptic curve factorization|elliptic curve method]] (ECM). In practice, a process called ''sieving'' is typically used. If ''f''(''x'') is the [[polynomial]] <math>f(x)=x^2-n</math> we have :<math>\begin{align} f(x)&=x^2-n \\ f(x+kp) &= (x+kp)^2-n \\ &= x^2+2xkp+(kp)^2-n \\ &= f(x)+2xkp+(kp)^2\equiv f(x)\pmod{p} \end{align}</math> Thus solving ''f(x)'' β‘ 0 (mod ''p'') for ''x'' generates a whole sequence of numbers ''y'' for which ''y''=''f''(''x''), all of which are divisible by ''p''. This is finding a square root modulo a prime, for which there exist efficient algorithms, such as the [[Shanks–Tonelli algorithm]]. (This is where the quadratic sieve gets its name: ''y'' is a quadratic polynomial in ''x'', and the sieving process works like the [[Sieve of Eratosthenes]].) The sieve starts by setting every entry in a large array ''A''[] of bytes to zero. For each ''p'', solve the quadratic equation mod ''p'' to get two roots ''Ξ±'' and ''Ξ²'', and then add an approximation to log(''p'') to every entry for which ''y''(''x'') = 0 mod ''p'' ... that is, ''A''[''kp'' + ''Ξ±''] and ''A''[''kp'' + ''Ξ²'']. It is also necessary to solve the quadratic equation modulo small powers of ''p'' in order to recognise numbers divisible by small powers of a factor-base prime. At the end of the factor base, any ''A''[] containing a value above a threshold of roughly log(''x''<sup>2</sup>β''n'') will correspond to a value of ''y''(''x'') which splits over the factor base. The information about exactly which primes divide ''y''(''x'') has been lost, but it has only small factors, and there are many good algorithms for factoring a number known to have only small factors, such as trial division by small primes, [[SQUFOF]], [[Pollard rho]], and ECM, which are usually used in some combination. There are many ''y''(''x'') values that work, so the factorization process at the end doesn't have to be entirely reliable; often the processes misbehave on say 5% of inputs, requiring a small amount of extra sieving.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)