The expectation of success using a Monte Carlo factoring method—some statistics on quadratic class numbers
暂无分享,去创建一个
A method has been proposed for factoring an integer N by using the structure of the class groups of quadratic fields of radicand -kN for various small multipliers k. We discuss the method and an implementation of the method, and various theoretical questions which have an impact on the practical use of the method in factoring. Some of the theoretical questions relate to the nature of class numbers and class groups; we present extensive statistical results on the class numbers and class groups of imaginary quadratic fields. 1. The Method. We deal with binary quadratic forms (a, b, c) of discriminant b2 4ac = -N, N > 0. The equivalence classes of forms of a fixed discriminant under transformations of the modular group T form a finite abelian group, the class group. The order of the class group is the class number h = h(N). The crucial fact, used either implicitly or explicitly in several factoring methods, is that for odd N the classes of order 2 in the class group, called ambiguous classes, are precisely the classes containing forms (P, P,(P2 + N)/4P) for the various divisors P of TV. Thus finding ambiguous forms leads to finding factors. (For even TV there are also ambiguous classes represented by forms (P,0, N/P) in addition to the classes mentioned above.) Shanks used the explicit class group structure in his factoring method CLASNO [SHAN]. He estimated h with the product formula, then "fiddled" in the class group until the exact value for h was found. He then found an ambiguous form by finding a form/ = (a, b, c) for which/*/2 was not the identity. The new method, which we shall henceforth refer to as the CPS method ((Classgroup/CLASNO)-(Pollard P-l)-(Synthesis)), is somewhat less direct [SCHN]. We let M be the product of all "small" odd primesp(i) raised to "large" exponents a(i). We then compute/^ = g for forms/until we find an/for which/^ is not the identity. Writing h = 2mh', it is certainly true that if h'\ M, then g2"" is ambiguous. In short, we exponentiate forms to huge odd powers that we hope contain all the odd factors of the class number. If this comes to pass, then we can get ambiguous forms and then factors of N. Actually, as with many factoring methods, there are several deeper levels of subtlety. First, it is not really necessary that h'\M. The class groups, being finite Received March 8, 1983; revised October 11, 1983. 1980 Mathematics Subject Classification. Primary 10-04, 10A25, 12A25. '1984 American Mathematical Society 0025-5718/84 $1.00 + $.25 per page
[1] Claus-Peter Schnorr. Monte-Carlo factoring algorithm with finite storage , 1983 .
[2] Duncan A. Buell,et al. Class groups of quadratic fields II , 1976 .
[3] Donald Ervin Knuth,et al. The Art of Computer Programming , 1968 .
[4] Horst G. Zimmer,et al. Computational problems, methods, and results in algebraic number theory , 1972 .