Prime Numbers

6.1 The quadratic sieve factorization method 263
Note that 41 · 43 = 1763 ≡ 114 (mod 1649) and that 114 ≡ ±80 (mod 1649),
so we are in business. Indeed, gcd(114 − 80, 1649) = 17, and we discover that
1649 = 17 · 97.
Can this idea be tooled up for big numbers? Say we look at the numbers
x 2 mod n for x running through integers starting at ⌈ √ n⌉. We wish to find a
nonempty subset of them with product a square. An obvious problem comes
to mind: How does one search for such a subset?
Let us make some reductions in the problem to begin to address the issue
of searching. First, note that if some x 2 mod n has a large prime factor to the
first power, then if we are to involve this particular residue in our subset with
square product, there will have to be another x ′2 mod n that has the same
large prime factor. For example, in our limited experience above with 1649,
the second residue is 115 which has the relatively large prime factor 23 (large
compared with the prime factors of the other two residues), and indeed we
threw this congruence away and did not use it in our product. So, what if we
do this systematically and throw away any x 2 mod n that has a prime factor
exceeding B, say? That is, suppose we keep only the B-smooth numbers, (see
Definition 1.4.8)? A relevant question is the following:
How many positive B-smooth numbers are necessary before we are sure
that the product of a nonempty subset of them is a square?
A moment’s reflection leads one to realize that this question is really in the
arena of linear algebra! Let us associate an “exponent vector” to a B-smooth
number m = p ei
i ,wherep1,p2,...,pπ(B) are the primes up to B and each
exponent ei ≥ 0. The exponent vector is
v(m) =(e1,e2,...,e π(B)).
If m1,m2,...,mk are all B-smooth, then k i=1 mi is a square if and only if
k i=1 v(mi) has all even coordinates.
This last thought suggests we reduce the exponent vectors modulo 2 and
think of them in the vector space F π(B)
2 . The field of scalars of this vector
space is F2 which has only the two elements 0, 1. Thus a linear combination
of different vectors in this vector space is precisely the same thing as a subset
sum; the subset corresponds to those vectors in the linear combination that
have the coefficient 1. So the search for a nonempty subset of integers with
product being a square is reduced to a search for a linear dependency in a set
of vectors.
There are two great advantages of this point of view. First, we immediately
have the theorem from linear algebra that a set of vectors is linearly dependent
if there are more of them than the dimension of the vector space. So we have
an answer: The creation of a product as a square requires at most π(B)+1
positive B-smooth numbers. Second, the subject of linear algebra also comes
equipped with efficient algorithms such as matrix reduction. So the issue of
finding a linear dependency in a set of vectors comes down to row-reduction
of the matrix formed with these vectors.