Shanks's square forms factorization explained

Shanks' square forms factorization is a method for integer factorization devised by Daniel Shanks as an improvement on Fermat's factorization method.

The success of Fermat's method depends on finding integers

and

such that

x^2-y^2=N

, where

is the integer to be factored. An improvement (noticed by Kraitchik) is to look for integers

and

such that

x^2\equivy^2\pmod{N}

. Finding a suitable pair

(x,y)

does not guarantee a factorization of

, but it implies that

is a factor of

x^2-y^2=(x-y)(x+y)

, and there is a good chance that the prime divisors of

are distributed between these two factors, so that calculation of the greatest common divisor of

and

x-y

will give a non-trivial factor of

A practical algorithm for finding pairs

(x,y)

which satisfy

x^2\equivy^2\pmod{N}

was developed by Shanks, who named it Square Forms Factorization or SQUFOF. The algorithm can be expressed in terms of continued fractions or in terms of quadratic forms. Although there are now much more efficient factorization methods available, SQUFOF has the advantage that it is small enough to be implemented on a programmable calculator. Shanks programmed it on an HP-65, made in 1974, which has storage for only nine digit numbers and allows only 100 steps/keystrokes of programming. There are versions of the algorithm that use little memory and versions that store a list of values that run more quickly.

In 1858, the Czech mathematician Václav Šimerka used a method similar to SQUFOF to factor

(10¹⁷-1)/9

11111111111111111

2071723 ⋅ 5363222357

.^[1]

Algorithm

Note This version of the algorithm works on some examples but often gets stuck in a loop.

This version does not use a list.

Input:

, the integer to be factored, which must be neither a prime number nor a perfect square, and a small positive integer,

Output: a non-trivial factor of

The algorithm:

Initialize

i=0,P_{0=\lfloor\sqrt{kN}\rfloor,Q}_-1=1,Q_0=kN-P

	2.

	0

Repeat

i=i+1,b

i=\left\lfloor	P_0+P_i-1
	Q_i-1

\right\rfloor,P_i=b_iQ_i-1-P_i-1,Q_i=Q_i-2+b_i(P_i-1-P_i)

until

Q_i

is a perfect square at some odd value of

Start the second phase (reverse cycle).

Initialize

0=\left\lfloor	P_0-P_i
	\sqrt{Q_i

}\right\rfloor,

Q_-1=\sqrt{Q_i}

, and

P_0=b_0\sqrt{Q_i}+P_i

, where

P_0,P_i

, and

Q_i

are from the previous phase. The

b₀

used in the calculation of

P₀

is the recently calculated value of

b₀

Set

i=0

and

	2
kN-P
	0

Q_-1

, where

P₀

is the recently calculated value of

P₀

Repeat

i=i+1,b

i=\left\lfloor	P_0+P_i-1
	Q_i-1

\right\rfloor,P_i=b_iQ_i-1-P_i-1,Q_i=Q_i-2+b_i(P_i-1-P_i)

until

P_i=P_i-1.

Then if

f=\gcd(N,P_i)

is not equal to

and not equal to

, then

is a non-trivial factor of

. Otherwise try another value of

Shanks' method has time complexity

O(\sqrt[4]{N})

Stephen S. McMath wrotea more detailed discussion of the mathematics of Shanks' method,together with a proof of its correctness.^[2]

Example

Let

N=11111

Q_-1=1

Cycle forward				- ! i	b_i ! P_i	Q_i	-	0	105	86
1	2	67	77
2	2	87	46
3	4	97	37
4	5	88	91
5	2	94	25

Here

Q₅=25

is a perfect square, so the first phase ends.

For the second phase, set

Q_-1=\sqrt{25}=5

. Then:

Reverse cycle				- ! i	b_i ! P_i	Q_i	-	0	2	104	59
1	3	73	98
2	1	25	107
3	1	82	41
4	4	82

Here

P₃=P₄=82

, so the second phase ends. Now calculate

gcd(11111,82)=41

, which is a factor of

11111

Thus,

N=11111=41 ⋅ 271

Example implementation

Below is an example of C function for performing SQUFOF factorization on unsigned integer not larger than 64 bits, without overflow of the transient operations.

include
define nelems(x) (sizeof(x) / sizeof((x)[0]))

const int multiplier[] = ;

uint64_t SQUFOF(uint64_t N)

References

Book: D. A. Buell. Binary Quadratic Forms. registration. Springer-Verlag. 1989. 0-387-97037-1 .
Book: David Bressoud

. D. M. Bressoud. David Bressoud. Factorisation and Primality Testing. Springer-Verlag. 1989. 0-387-97040-1. registration.

Book: Riesel, Hans . Hans Riesel

. Hans Riesel. Prime Numbers and Computer Methods for Factorization. Birkhauser. 2nd. 1994. 0-8176-3743-5 .

Book: Samuel S. Wagstaff, Jr. . The Joy of Factoring . American Mathematical Society . Providence, RI . 2013 . 978-1-4704-1048-3 . Samuel S. Wagstaff, Jr. . 163–168 .

External links

Daniel Shanks: Analysis and Improvement of the Continued Fraction Method of Factorization, (transcribed by S. McMath 2004)
Daniel Shanks: SQUFOF Notes, (transcribed by S. McMath 2004)
Stephen S. McMath: Parallel integer factorization using quadratic forms, 2005
S. McMath, F. Crabbe, D. Joyner: Continued fractions and parallel SQUFOF, 2005
Jason Gower, Samuel Wagstaff: Square Form Factorisation (Published)
Shanks's SQUFOF Factoring Algorithm
java-math-library

Notes and References

Lemmermeyer . F. . Václav Šimerka: quadratic forms and factorization . LMS Journal of Computation and Mathematics . 2013 . 16 . 118–129 . 10.1112/S1461157013000065 . free.
Daniel Shanks' Square Forms Factorization. 2004 . 10.1.1.107.9984.