Prime Numbers

254 Chapter 5 EXPONENTIAL FACTORING ALGORITHMS
5.9. Here we describe an interesting way to effect a second stage, and end up
asking an also interesting computational question. We have seen that a second
stage makes sense if a hidden prime factor p of n has the form p = zq+1 where
z is B-smooth and q ∈ (B,B ′ ] is a single outlying prime. One novel approach
([Montgomery 1992a], [Crandall 1996a]) to a second-stage implementation is
this: After a stage-one calculation of b = aM(B) mod n as described in the
text, one can as a second stage accumulate some product (here, g, h run over
some fixed range, or respective sets) like this one:
c =
b gK
hK
− b mod n
g=h
and take gcd(n, c), hoping for a nontrivial factor. The theoretical task here is
to explain why this method works to uncover that outlying prime q, indicating
a rough probability (based on q, K, and the range of g, h) of uncovering a factor
because of a lucky instance g K ≡ h K (mod q).
An interesting computational question arising from this “g K ” method is,
how does one compute rapidly the chain
b 1K
,b 2K
,b 3K
,...,b AK
,
where each term is, as usual, obtained modulo n? Find an algorithm that in
fact generates the indicated “hyperpower” chain, for fixed K, inonlyO(A)
operations in ZN.
5.10. Show that equivalence of quadratic forms is an equivalence relation.
5.11. If two quadratic forms ax 2 + bxy + cy 2 and a ′ x 2 + b ′ xy + c ′ y 2 have
the same range, must the coefficients (a ′ ,b ′ ,c ′ ) be related to the coefficients
(a, b, c) as in (5.1) where α, β, γ, δ are integers and αδ − βγ = ±1?
5.12. Show that equivalent quadratic forms have the same discriminant.
5.13. Show that the quadratic form that is the output of Algorithm 5.6.2 is
equivalent to the quadratic form that is the input.
5.14. Show that if (a, b, c) is a reduced quadratic form of discriminant D