Integer Factorization of Semi-Primes Based on Analysis of a Sequence of Modular Elliptic Equations

In this paper is demonstrated a method for reduction of integer factorization problem to an analysis of a sequence of modular elliptic equations. As a result, the paper provides a non-deterministic algorithm that computes a factor of a semi-prime integer n=pq , where prime factors p and q are unknown. The proposed algorithm is based on counting points on a sequence of at least four elliptic curves


Introduction and Problem Statement
Security of information transmission via communication networks is provided by various cryptographic protocols.Crypto-immunity of these protocols is mostly based on hardness of either the integer factorization or the discrete logarithm problem.
There are several algorithms that factorize a semiprime n=pq, where n is known, but its integer factors p and q are not.Fermat, Euler and other mathematicians/computer scientists introduced various algorithms for integer factorization.A survey of methods for factoring is provided in [1], and modern factoring algorithms are described in [2].Various special methods are considered in [3][4][5]; an application of cubic forms for factorization, as one of these special methods, is provided in [6].A comparison and analysis of factoring algorithms with exponential time complexity is provided in [7].Algorithms based on the quadratic sieve (QS) are discussed in [8,9] while integer factoring via the number field sieve (NFS) is provided in [10].Both the QS and NFS are the algorithms with sub-exponential time complexity.The application of special devises for factoring is described in [11,12].A pioneering paper on application of quantum computing for integer factorization is discussed in [13].
A new factoring algorithm proposed in this paper is based on the analysis of several modular elliptic equations {called elliptic curves} and counting how many integer points {integer pairs (x,y)} satisfy these curves.The application of elliptic curves for factoring is described in [14][15][16][17].Methods of counting points on elliptic curves are considered in [18,19] and more generally on modular equations with several variables in [20,21].A relationship between integer factorization and constrained discrete logarithm problems is analyzed in [22].
Consider n=pq, where both p and q are multi-digit long primes.There are three special cases: where 1) each factor is congruent to 1 modulo4: In this paper we discuss the factorization algorithm for (1.1) and (1.2) cases only.
Consider a sequence of elliptic curves (EC) modulo n: Here is an integer control parameter.(A, Q, R, U).This observation allows us to simplify the computations of S for large n {see the example with "larger" n in the Appendix}.We leave to readers the computation of p and q for the last semi-prime in Table 3.2.
This n is called a RSA-129 Challenge [23]: given n, it was necessary to find its factors p and q.Since in the RSA-129 nmod4=1 and , therefore the proposed algorithm (2.1)-( 2 and where for every i j , otherwise it implies that pd=qc.Since both p and q are primes, the latter equation holds only if c=p and d=q, which is impossible by the conjecture.Consider the smallest product U and the largest product Q {see (4.2) and (4.5)}.
As a result, we derive a system of three equations with four integer unknowns p, q, c and d: pq=n; ; (4.7) Therefore, (4.8) and (4.9) imply that Now consider another system of three equations with the same four unknowns:

Alternative Computation of Factors
It is easy to see that one of the factors is an average arithmetic of two greatest common divisors  , and q n p  ; (5.1).
However, computation of (5.1) is twice more complicated than the previously described procedure.Indeed, in (5.1) we must compute the two greatest common divisors and one addition, while in (2.6) it is necessary to compute only one greatest common divisor and three subtractions.

Generalized Factorization Algorithm
The factorization procedure described in (2. , , and and where for every i j  ; and . (6.11)

Algorithm Acceleration
The numeric experiments provided in Tables 3.1 and 7.1 show that for n=3813809 it is necessary to compute six times {for b=1,2,3,5,7 and 11} and for ( , ) P n b ) n=3858521 eight times {for b=1,2,3,5,7,11,13 and 17} until four distinct integers A, Q, R and U are found.These numbers can be decreased if the following property holds.Let p=q=1(mod4); n=pq and M(n, b) denote the number of points on a dual EC.
and, as a result, for every integer b otherwise for every integer b Hence, (7.5) implies that there is no reason to compute P(3813809,2).

Dual Factorization Algorithm
It is assumed that nmod4=1 and , otherwise the algorithm is not applicable.

Conjecture 7 . 1 :
If primes p and q are randomly selected, then with probability 3/4

. 4 ) 7 . 2 : 7 . 3 :Example 7 . 1 :
Proposition If the factors p and q are congruent to 1 modulo n=pq, then the following identities hold for every positive integer m: provided in the Appendix.Proposition If the factors p and q are congruent to 1 modulo n=pq, Compute P(3813809,1)=38500233 and M(3813809,1)=3774993.

Table 3 .2. Major steps of factorization algorithm.
.6) is applicable to solve this problem.
Definition 4.1:A non-zero integer a is called a quadratic residue (QR) modulo p if there exists an integer z priori it is not obvious how this conjecture can help to factorize n, but, as it is shown below, this is the case.It is assumed in this paper that there exists an efficient algo- A rithm that computes A, Q, R and U {see (4.2)-(4.5)}.From the definitions (4.2)-(4.5), it is easy to see that Q>max(A, R) and U<min(A, R), i.e., that and

Table 7 .1. Excerpts from Table 3.1.
An algorithm and its generalizations for the integer factorization are proposed.These algorithms are as computationally efficient as an algorithm that counts points on elliptic curves(1.3).Numerous computer experiments demonstrate that, if P(n,b) is computed for sequential values of prime b, then on average there are four distinct values among the first six ones.The SQUAR-algorithm (2.1)-(2.6)and its enhanced modification (8.1)-(8.7)described above is based on Conjecture 4.1 and its generalization {Conjecture 5.1}.Although an analogous algorithm can be designed on the basis of Conjecture 5.2, such an algorithm is computationally less efficient since it is a time-consuming procedure to find a QNR modulo n.