Prime Numbers

226 Chapter 5 EXPONENTIAL FACTORING ALGORITHMS
factorization is nontrivial. Further, every factorization of every odd number
n arises in this way. Indeed, if n is odd and n = uv, whereu, v are positive
integers, then n = a2 − b2 with a = 1
1
2 (u + v) andb = 2 |u − v|.
For odd numbers n that are the product of two nearby integers, it is easy to
find a valid choice for a, b and so to factor n. For example, consider n = 8051.
Thefirstsquareabovenis 8100 = 902 , and the difference to n is 49 = 72 .So
8051 = (90 + 7)(90 − 7) = 97 · 83.
To formalize this as an algorithm, we take trial values of the number a
from the sequence √ n , √ n +1,...and check whether a2−n is a square. If
it is, say b2 ,thenwehaven = a2−b2 =(a+b)(a−b). For n odd and composite,
this procedure must terminate with a nontrivial factorization before we reach
a = ⌊(n +9)/6⌋. The worst case occurs when n =3p with p prime, in which
case the only choice for a that gives a nontrivial factorization is (n+9)/6 (and
the corresponding b is (n − 9)/6).
Algorithm 5.1.1 (Fermat method). We are given an odd integer n > 1.
This algorithm either produces a nontrivial divisor of n or proves n prime.
1. [Main loop]
for ⌈ √ n⌉≤a ≤ (n +9)/6 {
// Next, apply Algorithm 9.2.11.
if b = √ a 2 − n is an integer return a − b;
}
return “n is prime”;
It is evident that in the worst case, Algorithm 5.1.1 is much more tedious than
trial division. But the worst cases for Algorithm 5.1.1 are actually the easiest
cases for trial division, and vice versa, so one might try to combine the two
methods.
There are various tricks that can be used to speed up the Fermat method.
For example, via congruences it may be discerned that various residue classes
for a make it impossible for a 2 − n to be a square. As an illustration, if n ≡ 1
(mod 4), then a cannot be even, or if n ≡ 2 (mod 3), then a must be a multiple
of 3.
In addition, a multiplier might be used. As we have seen, if n is the product
of two nearby integers, then Algorithm 5.1.1 finds this factorization quickly.
Even if n does not have this product property, it may be possible for kn to
be a product of two nearby integers, and gcd(kn, n) may be taken to obtain
the factorization of n. For example, take n = 2581. Algorithm 5.1.1 has us
start with a = 51 and does not terminate until the ninth choice, a = 59,
where we find that 59 2 − 2581 = 900 = 30 2 and 2581 = 89 · 29. (Noticing that
n ≡ 1(mod4),n ≡ 1 (mod 3), we know that a is odd and not a multiple of
3, so 59 would be the third choice if we used this information.) But if we try
Algorithm 5.1.1 on 3n = 7743, we terminate on the first choice for a, namely
a = 88, giving b =1.Thus3n =89· 87, and note that 89 = gcd(89,n),
29 = gcd(87,n).