IFPNfNNfN 1. Nf 2. fN/f 3. fN/fN

Hugh C. Williams

RSA (1) (2)

NN

NpLehmanShanksSQUFOF ShanksCFRAC

cc=

MPQS

cc=NFS

GNFSNFSN

SNFSNFSN rsr >1e

Np Pollards -Pollards rhoLenstraECM

c

NFS

9.1 nn

2.1nn>1 (1) . n (2) n=1?n=1(5) (3) . . (4). (2). (4) q>k (3) (5)

10.1 2.1 2.2n>1 (1) . n (2) n=1?n=1(5) (3) . . (4). (2). (4) (3) (5)

2.2 (2)(3) n .

n

nn2n=pqpq n= =(x+y)(x-y)n=pqn

9.2 : 10019950 CFRACQSNFS xy (2.1) gcd(x-y, N)gcd(x+y, N)NN|(x+y)(x-y)N(x+y)(x-y)

(2.1) (1) . (2) N (d, d)=(gcd(x-y, N), gcd (x+y, N)) .

(2.1) (2.2)

CFRACQSNFS (2.3) FB (2.4) 10 (2.5)

N

9.2.1 (CFRAC)2020M.KraitchikA.M.Legendre.2030D.H.lLehmerR.E.Powers40 M.A.MorrisonJ.Brillhart1970913

CFRAC|W| W FB

9.2.1 CFRAC W kd x/d

9.2.1 CFRAC CFRAC

9.2.2 QSCarl Pomerance1982Peter MontgometryMPQS129RSA-129Rivest1977RSA-129

9.2.2

FB

9.2.2 N=4033FB={237131719} 511 511

x=64(= )73Q(x) Left

9.2.2 0/1

9.2.2 st65706471

403349584292403337414247964033109

9.2.2 N=991241cycle

9.2.2 MPQS0/1 QS/MPQS QS/MPQS

9.2.3 CFRACMPQSNFSrhop-1Lenstra

Pollard p-1John M. Pollard1974boundpp-1B p mp-1|mNpNpp-1|k! i=1,2,B I Nkk

Pollards Rho 1. nx=2y=x2+1 (1)g=gcd(x-y,n) (2)1

2. n=1133 (1)x=2y=5 (2)g=gcd(3,1133)=1 (3)x2+1=5 x(y2+1)2+1%n=677 y (4)g=gcd(672,1133)=1(5)x2+1=26 (y2+1)2+1%n=884 (6)g=gcd(884-26,1133) =gcd(858,1133)=11 n11

Pollards P-1 1. b1

2. n=9991 (1)b=3g=gcd(3,9991)=1 (2)q=2,r=floor(log29991)=13 bqr mod n=3213 mod 9991=229 g=gcd(229-1,9991)=1 (3) q=3,r=floor(log39991)=8 bqr mod n=338 mod 9991=3202 g=gcd(3202-1,9991)=97 n=999197

2. n-1=ku,gcd(k,u)=1,k>n1/2k kqb bn-1=1 mod n gcd(b(n-1)/q-1,n)=1n k>n1/2b0 b0n-1=1 mod n gcd(b0k-1,n)=1 (1) n=31 (2) n=1033. n=u2m+1nu

Npp-1Pollard p-1Zp Lenstra1987ECMPollard p-1ppECMgGgp GZpPollard p-1 gBNG(g)

9.2.4 (NFS)NFS(SNFS)NFS(GNFS)QSZ/2ZN NFSN

9.2.4

9.2.4

9.2.4 NFS

GNFSN

SNFSN