Publications Meetings The Profession Membership Programs Math Samplings Policy & Advocacy In the News About the AMS
   
Mobile Device Pairing
Green Open Access
Journal of the American Mathematical Society
Journal of the American Mathematical Society
ISSN 1088-6834(online) ISSN 0894-0347(print)

A rigorous time bound for factoring integers


Authors: H. W. Lenstra and Carl Pomerance
Journal: J. Amer. Math. Soc. 5 (1992), 483-516
MSC: Primary 11Y05; Secondary 11E41, 11Y35, 11Y40
MathSciNet review: 1137100
Full-text PDF Free Access

Abstract | References | Similar Articles | Additional Information

Abstract: In this paper a probabilistic algorithm is exhibited that factors any positive integer $ n$ into prime factors in expected time at most $ {L_n}[\tfrac{1}{2},1 + o(1)]$ for $ n \to \infty $, where $ {L_x}[a,b] = {\text{exp}}(b{(\log x)^a}{({\text{log}}\log x)^{1 - a}})$. Many practical factoring algorithms, including the quadratic sieve and the elliptic curve method, are conjectured to have an expected running time that satisfies the same bound, but this is the first algorithm for which the bound can be rigorously proved. Nevertheless, this does not close the gap between rigorously established time bounds and merely conjectural ones for factoring algorithms. This is due to the advent of a new factoring algorithm, the number field sieve, which is conjectured to factor any positive integer $ n$ in time $ {L_n}[\tfrac{1}{3},O(1)]$.

The algorithm analyzed in this paper is a variant of the class group relations method, which makes use of class groups of binary quadratic forms of negative discriminant. This algorithm was first suggested by Seysen, and later improved by A. K. Lenstra, who showed that the algorithm runs in expected time at most $ {L_n}[\tfrac{1}{2},1 + o(1)]$ if one assumes the generalized Riemann hypothesis. The main device for removing the use of the generalized Riemann hypothesis from the proof is the use of multipliers. In addition a character sum estimate for algebraic number fields is used, with an explicit dependence on possible exceptional zeros of the corresponding $ L$-functions.

Another factoring algorithm using class groups that has been proposed is the random class groups method. It is shown that there is a fairly large set of numbers that this algorithm cannot be expected to factor as efficiently as had previously been thought.


References [Enhancements On Off] (What's this?)


Similar Articles

Retrieve articles in Journal of the American Mathematical Society with MSC: 11Y05, 11E41, 11Y35, 11Y40

Retrieve articles in all journals with MSC: 11Y05, 11E41, 11Y35, 11Y40


Additional Information

DOI: http://dx.doi.org/10.1090/S0894-0347-1992-1137100-0
PII: S 0894-0347(1992)1137100-0
Keywords: Factorization algorithm, class groups, binary quadratic forms, smooth numbers
Article copyright: © Copyright 1992 American Mathematical Society