Prime Numbers

6.1 The quadratic sieve factorization method 267
(2) To do the sieving, one must know which residue classes to sieve for each pi
found in Step [Initialization]. (For simplicity, we shall ignore the problem
of sieving with higher powers of these primes. Such sieving is easy to do—
one can use Algorithm 2.3.11, for example—but might also be ignored in
practice, since it does not contribute much to the finding of B-smooth
numbers.) For the odd primes pi in Step [Initialization], we have solved
the congruence x 2 ≡ n (mod pi). This is solvable, since the pi’s have
been selected in Step [Initialization] precisely to have this property. Either
Algorithm 2.3.8 or Algorithm 2.3.9 may be used to solve the congruence.
Of course, for each solution, we also have the negative of this residue class
as a second solution, so we sieve two residue classes for each pi with pi odd.
(Though we could sieve with p1 = 2 as indicated in the pseudocode, we
do not have to sieve at all with 2 and other small primes; see the remarks
in Section 3.2.5.)
(3) An important point is that the arithmetic involved in the actual sieving
can be done through additions of approximate logarithms of the primes
being sieved, as discussed in Section 3.2.5. In particular, one should set up
a zero-initialized array of some convenient count of b bytes, corresponding
to the first b of the x values. Then one adds a lg pi increment (rounded
to the nearest integer) starting at offsets xi,x ′ i , the least integers ≥⌈√ n⌉
that are congruent (mod pi) toai, −ai, respectively, and at every spacing
pi from there forward in the array. If necessary (i.e., not enough smooth
numbers have been found) a new array is zeroed with its first element
corresponding to ⌈ √ n⌉+b, and continue in the same fashion. The threshold
set for reporting a location with a B-smooth value is set as lg |x 2 − n| ,
minus some considerable fudge, such as 20, to make up for the errors in
the approximate logarithms, and other errors that might accrue from not
sieving with small primes or higher powers. Any value reported must be
tested by trial division to see if it is indeed B-smooth. This factorization
plays a role in step [Linear algebra]. (To get an implementation working
properly, it helps to test the logarithmic array entries against actual, hard
factorizations.)
(4) Instead of starting at ⌈ √ n⌉ and running up through the integers, consider
instead the possibility of x running through a sequence of integers centered
at √ n. There is an advantage and a disadvantage to this thought. The
advantage is that the values of the polynomial x 2 − n are now somewhat
smaller on average, and so presumably they are more likely to be Bsmooth.
The disadvantage is that some values are now negative, and the
sign is an important consideration when forming squares. Squares not
only have all their prime factors appearing with even exponents, they are
also positive. This disadvantage can be handled very simply. We enlarge
the exponent vectors by one coordinate, letting the new coordinate, say
the zeroth one, be 1 if the integer is negative and 0 if it is positive. So,
just like all of the other coordinates, we wish to get an even number
of 1’s. This has the effect of raising the dimension of our vector space