Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Algorithm 2 Example 3 Example implementation 4 References 5 External links

Shanks's square forms factorization

●Español ●Русский ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (March 2015) (Learn how and when to remove this message)

Shanks' square forms factorization is a method for integer factorization devised by Daniel Shanks as an improvement on Fermat's factorization method.

The success of Fermat's method depends on finding integers $x$ and $y$ such that $x^{2}-y^{2}=N$ , where $N$ is the integer to be factored. An improvement (noticed by Kraitchik) is to look for integers $x$ and $y$ such that $x^{2}\equiv y^{2}{\pmod {N}}$ . Finding a suitable pair $(x,y)$ does not guarantee a factorization of $N$ , but it implies that $N$ is a factor of $x^{2}-y^{2}=(x-y)(x+y)$ , and there is a good chance that the prime divisorsof $N$ are distributed between these two factors, so that calculation of the greatest common divisorof $N$ and $x-y$ will give a non-trivial factor of $N$ .

A practical algorithm for finding pairs $(x,y)$ which satisfy $x^{2}\equiv y^{2}{\pmod {N}}$ was developed by Shanks, who named it Square Forms Factorization or SQUFOF. The algorithm can be expressed in terms of continued fractions or in terms of quadratic forms. Although there are now much more efficient factorization methods available, SQUFOF has the advantage that it is small enough to be implemented on a programmable calculator. Shanks programmed it on an HP-65, made in 1974, which has storage for only nine digit numbers and allows only 100 steps/keystrokes of programming. There are versions of the algorithm that use little memory and versions that store a list of values that run more quickly.

In 1858, the Czech mathematician Václav Šimerka used a method similar to SQUFOF to factor $(10^{17}-1)/9$ $=$ $11111111111111111$ $=$ $2071723\cdot 5363222357$ .^[1]

Algorithm[edit]

Note This version of the algorithm works on some examples but often gets stuck in a loop.

This version does not use a list.

Input: $N$ , the integer to be factored, which must be neither a prime number nor a perfect square, and a small positive integer, $k$ .

Output: a non-trivial factor of $N$ .

The algorithm:

Initialize $i=0,P_{0}=\lfloor {\sqrt {kN}}\rfloor ,Q_{-1}=1,Q_{0}=kN-P_{0}^{2}.$

Repeat

$i=i+1,b_{i}=\left\lfloor {\frac {P_{0}+P_{i-1}}{Q_{i-1}}}\right\rfloor ,P_{i}=b_{i}Q_{i-1}-P_{i-1},Q_{i}=Q_{i-2}+b_{i}(P_{i-1}-P_{i})$

until $Q_{i}$ is a perfect square at some odd value of $i$ .

Start the second phase (reverse cycle).

Initialize $b_{0}=\left\lfloor {\frac {P_{0}-P_{i}}{\sqrt {Q_{i}}}}\right\rfloor$ , $Q_{-1}={\sqrt {Q_{i}}}$ , and $P_{0}=b_{0}{\sqrt {Q_{i}}}+P_{i}$ , where $P_{0},P_{i}$ , and $Q_{i}$ are from the previous phase. The $b_{0}$ used in the calculation of $P_{0}$ is the recently calculated value of $b_{0}$ .

Set $i=0$ and $Q_{0}={\frac {kN-P_{0}^{2}}{Q_{-1}}}$ , where $P_{0}$ is the recently calculated value of $P_{0}$ .

Repeat

$i=i+1,b_{i}=\left\lfloor {\frac {P_{0}+P_{i-1}}{Q_{i-1}}}\right\rfloor ,P_{i}=b_{i}Q_{i-1}-P_{i-1},Q_{i}=Q_{i-2}+b_{i}(P_{i-1}-P_{i})$

until $P_{i}=P_{i-1}.$ ^{[citation needed]}

Then if $f=\gcd(N,P_{i})$ is not equal to $1$ and not equal to $N$ , then $f$ is a non-trivial factor of $N$ . Otherwise try another value of $k$ .^{[citation needed]}

Shanks' method has time complexity $O({\sqrt[{4}]{N}})$ .^[2]

Stephen S. McMath wrote a more detailed discussion of the mathematics of Shanks' method, together with a proof of its correctness.^[3]

Example[edit]

Let $N=11111$

$Q_{-1}=1$

Cycle forward
$i$	$b_{i}$	$P_{i}$	$Q_{i}$
$0$		$105$	$86$
$1$	$2$	$67$	$77$
$2$	$2$	$87$	$46$
$3$	$4$	$97$	$37$
$4$	$5$	$88$	$91$
$5$	$2$	$94$	$25$

Here $Q_{5}=25$ is a perfect square, so the first phase ends.

For the second phase, set $Q_{-1}={\sqrt {25}}=5$ . Then:

Reverse cycle
$i$	$b_{i}$	$P_{i}$	$Q_{i}$
$0$	$2$	$104$	$59$
$1$	$3$	$73$	$98$
$2$	$1$	$25$	$107$
$3$	$1$	$82$	$41$
$4$	$4$	$82$

Here $P_{3}=P_{4}=82$ , so the second phase ends. Now calculate $gcd(11111,82)=41$ , which is a factor of $11111$ .

Thus, $N=11111=41\cdot 271$ .

Example implementation[edit]

Below is an example of C function for performing SQUFOF factorization on unsigned integer not larger than 64 bits, without overflow of the transient operations. ^{[citation needed]}

#include <inttypes.h>
#define nelems(x) (sizeof(x) / sizeof((x)[0]))

const int multiplier[] = {1, 3, 5, 7, 11, 3*5, 3*7, 3*11, 5*7, 5*11, 7*11, 3*5*7, 3*5*11, 3*7*11, 5*7*11, 3*5*7*11};

uint64_t SQUFOF( uint64_t N )
{
    uint64_t D, Po, P, Pprev, Q, Qprev, q, b, r, s;
    uint32_t L, B, i;
    s = (uint64_t)(sqrtl(N)+0.5);
    if (s*s == N) return s;
    for (int k = 0; k < nelems(multiplier) && N <= UINT64_MAX/multiplier[k]; k++) {
        D = multiplier[k]*N;
        Po = Pprev = P = sqrtl(D);
        Qprev = 1;
        Q = D - Po*Po;
        L = 2 * sqrtl( 2*s );
        B = 3 * L;
        for (i = 2 ; i < B ; i++) {
            b = (uint64_t)((Po + P)/Q);
            P = b*Q - P;
            q = Q;
            Q = Qprev + b*(Pprev - P);
            r = (uint64_t)(sqrtl(Q)+0.5);
            if (!(i & 1) && r*r == Q) break;
            Qprev = q;
            Pprev = P;
        };
        if (i >= B) continue;
        b = (uint64_t)((Po - P)/r);
        Pprev = P = b*r + P;
        Qprev = r;
        Q = (D - Pprev*Pprev)/Qprev;
        i = 0;
        do {
            b = (uint64_t)((Po + P)/Q);
            Pprev = P;
            P = b*Q - P;
            q = Q;
            Q = Qprev + b*(Pprev - P);
            Qprev = q;
            i++;
        } while (P != Pprev);
        r = gcd(N, Qprev);
        if (r != 1 && r != N) return r;
    }
    return 0;
}

References[edit]

^ Lemmermeyer, F. (2013). "Václav Šimerka: quadratic forms and factorization". LMS Journal of Computation and Mathematics. 16: 118–129. doi:10.1112/S1461157013000065.

^ (Riesel 1994:189)

^ "Daniel Shanks' Square Forms Factorization". 2004. CiteSeerX 10.1.1.107.9984.

D. A. Buell (1989). Binary Quadratic Forms. Springer-Verlag. ISBN 0-387-97037-1.
D. M. Bressoud (1989). Factorisation and Primality Testing. Springer-Verlag. ISBN 0-387-97040-1.
Riesel, Hans (1994). Prime Numbers and Computer Methods for Factorization (2nd ed.). Birkhauser. ISBN 0-8176-3743-5.
Samuel S. Wagstaff, Jr. (2013). The Joy of Factoring. Providence, RI: American Mathematical Society. pp. 163–168. ISBN 978-1-4704-1048-3.

External links[edit]

Daniel Shanks: Analysis and Improvement of the Continued Fraction Method of Factorization, (transcribed by S. McMath 2004)
Daniel Shanks: SQUFOF Notes, (transcribed by S. McMath 2004)
Stephen S. McMath: Parallel integer factorization using quadratic forms, 2005
S. McMath, F. Crabbe, D. Joyner: Continued fractions and parallel SQUFOF, 2005
Jason Gower, Samuel Wagstaff: Square Form Factorisation (Published)
Shanks's SQUFOF Factoring Algorithm
java-math-library

v t e Number-theoretic algorithms
Primality tests	AKS APR Baillie–PSW Elliptic curve Pocklington Fermat Lucas Lucas–Lehmer Lucas–Lehmer–Riesel Proth's theorem Pépin's Quadratic Frobenius Solovay–Strassen Miller–Rabin
Prime-generating	Sieve of Atkin Sieve of Eratosthenes Sieve of Pritchard Sieve of Sundaram Wheel factorization
Integer factorization	Continued fraction (CFRAC) Dixon's Lenstra elliptic curve (ECM) Euler's Pollard's rho p − 1 p + 1 Quadratic sieve (QS) General number field sieve (GNFS) Special number field sieve (SNFS) Rational sieve Fermat's Shanks's square forms Trial division Shor's
Multiplication	Ancient Egyptian Long Karatsuba Toom–Cook Schönhage–Strassen Fürer's
Euclidean division	Binary Chunking Fourier Goldschmidt Newton-Raphson Long Short SRT
Discrete logarithm	Baby-step giant-step Pollard rho Pollard kangaroo Pohlig–Hellman Index calculus Function field sieve
Greatest common divisor	Binary Euclidean Extended Euclidean Lehmer's
Modular square root	Cipolla Pocklington's Tonelli–Shanks Berlekamp Kunerth
Other algorithms	Chakravala Cornacchia Exponentiation by squaring Integer square root Integer relation (LLL; KZ) Modular exponentiation Montgomery reduction Schoof Trachtenberg system
Italics indicate that algorithm is for numbers of special forms

Retrieved from "https://en.wikipedia.org/w/index.php?title=Shanks%27s_square_forms_factorization&oldid=1190177862" Category: ●Integer factorization algorithms Hidden categories: ●Articles lacking in-text citations from March 2015 ●All articles lacking in-text citations ●All articles with unsourced statements ●Articles with unsourced statements from October 2023 ●Articles with unsourced statements from May 2017 ●This page was last edited on 16 December 2023, at 11:13 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view