Congruence Of Squares
   HOME

TheInfoList



Click Here for Items Related To - Congruence Of Squares
OR:
Congruence Of Squares on:   [Wikipedia]   [Google]   [Amazon]

In
number theory Number theory is a branch of pure mathematics devoted primarily to the study of the integers and arithmetic functions. Number theorists study prime numbers as well as the properties of mathematical objects constructed from integers (for example ...
, a congruence of squares is a congruence commonly used in
integer factorization In mathematics, integer factorization is the decomposition of a positive integer into a product of integers. Every positive integer greater than 1 is either the product of two or more integer factors greater than 1, in which case it is a comp ...
algorithms.


Derivation

Given a positive
integer An integer is the number zero (0), a positive natural number (1, 2, 3, ...), or the negation of a positive natural number (−1, −2, −3, ...). The negations or additive inverses of the positive natural numbers are referred to as negative in ...
''n'', Fermat's factorization method relies on finding numbers ''x'' and ''y'' satisfying the
equality Equality generally refers to the fact of being equal, of having the same value. In specific contexts, equality may refer to: Society * Egalitarianism, a trend of thought that favors equality for all people ** Political egalitarianism, in which ...
:x^2 - y^2 = n We can then factor ''n'' = ''x''2 − ''y''2 = (''x'' + ''y'')(''x'' − ''y''). This algorithm is slow in practice because we need to search many such numbers, and only a few satisfy the equation. However, ''n'' may also be factored if we can satisfy the weaker congruence of squares conditions: :x^2 \equiv y^2 \pmod :x \not\equiv \pm y \,\pmod From here we easily deduce :x^2 - y^2 \equiv 0 \pmod :(x + y)(x - y) \equiv 0 \pmod This means that ''n''
divides In mathematics, a divisor of an integer n, also called a factor of n, is an integer m that may be multiplied by some integer to produce n. In this case, one also says that n is a '' multiple'' of m. An integer n is divisible or evenly divisibl ...
the product (''x'' + ''y'')(''x'' − ''y''). The second non-triviality condition guarantees that ''n'' does not divide (''x'' + ''y'') nor (''x'' − ''y'') individually. Thus (''x'' + ''y'') and (''x'' − ''y'') each contain some, but not all, factors of ''n'', and the
greatest common divisor In mathematics, the greatest common divisor (GCD), also known as greatest common factor (GCF), of two or more integers, which are not all zero, is the largest positive integer that divides each of the integers. For two integers , , the greatest co ...
s of (''x'' + ''y'', ''n'') and of (''x'' − ''y'', ''n'') will give us these factors. This can be done quickly using the
Euclidean algorithm In mathematics, the Euclidean algorithm,Some widely used textbooks, such as I. N. Herstein's ''Topics in Algebra'' and Serge Lang's ''Algebra'', use the term "Euclidean algorithm" to refer to Euclidean division or Euclid's algorithm, is a ...
. Most algorithms for finding congruences of squares do not actually guarantee non-triviality; they only make it likely. There is a chance that a congruence found will be trivial, in which case we need to continue searching for another ''x'' and ''y''. Congruences of squares are extremely useful in integer factorization algorithms. Conversely, because finding
square root In mathematics, a square root of a number is a number such that y^2 = x; in other words, a number whose ''square'' (the result of multiplying the number by itself, or y \cdot y) is . For example, 4 and −4 are square roots of 16 because 4 ...
s modulo a
composite number A composite number is a positive integer that can be formed by multiplying two smaller positive integers. Accordingly it is a positive integer that has at least one divisor other than 1 and itself. Every positive integer is composite, prime numb ...
turns out to be probabilistic polynomial-time equivalent to factoring that number, any integer factorization algorithm can be used efficiently to identify a congruence of squares.


Using a factor base

A technique pioneered by Dixon's factorization method and improved by
continued fraction factorization ''...Continued'' is the second album released by Tony Joe White. It was released on Monument Records and contained the single "Roosevelt and Ira Lee" It was recorded at Monument Studios, Nashville and Lyn-Lou Studios, Memphis, Tennessee, Memph ...
, the quadratic sieve, and the
general number field sieve In number theory, the general number field sieve (GNFS) is the most efficient classical algorithm known for factoring integers larger than . Heuristically, its complexity for factoring an integer (consisting of bits) is of the form : \begin & ...
, is to construct a congruence of squares using a factor base. Instead of looking for one pair \textstyle x^2 \equiv y^2 \pmod n directly, we find many "relations" \textstyle x^2 \equiv y \pmod n where the ''y'' have only small
prime A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...
factors (they are
smooth numbers In number theory, an ''n''-smooth (or ''n''-friable) number is an integer whose prime factors are all less than or equal to ''n''. For example, a 7-smooth number is a number in which every prime factor is at most 7. Therefore, 49 = 72 and 15750 = ...
), and multiply some of them together to get a
square In geometry, a square is a regular polygon, regular quadrilateral. It has four straight sides of equal length and four equal angles. Squares are special cases of rectangles, which have four equal angles, and of rhombuses, which have four equal si ...
on the right-hand side. The set of small primes which all the ''y'' factor into is called the factor base. Construct a
logical matrix A logical matrix, binary matrix, relation matrix, Boolean matrix, or (0, 1)-matrix is a matrix with entries from the Boolean domain Such a matrix can be used to represent a binary relation between a pair of finite sets. It is an important tool in ...
where each row describes one ''y'', each column corresponds to one prime in the factor base, and the entry is the parity (even or odd) of the number of times that factor occurs in ''y''. Our goal is to select a subset of rows whose sum is the all-zero row. This corresponds to a set of ''y'' values whose product is a square number, i.e. one whose factorization has only even exponents. The products of ''x'' and ''y'' values together form a congruence of squares. This is a classic
system of linear equations In mathematics, a system of linear equations (or linear system) is a collection of two or more linear equations involving the same variable (math), variables. For example, : \begin 3x+2y-z=1\\ 2x-2y+4z=-2\\ -x+\fracy-z=0 \end is a system of th ...
problem, and can be efficiently solved using
Gaussian elimination In mathematics, Gaussian elimination, also known as row reduction, is an algorithm for solving systems of linear equations. It consists of a sequence of row-wise operations performed on the corresponding matrix of coefficients. This method can a ...
as soon as the number of rows exceeds the number of columns. Some additional rows are often included to ensure that several solutions exist in the nullspace of our matrix, in case the first solution produces a trivial congruence. A great advantage of this technique is that the search for relations is
embarrassingly parallel In parallel computing, an embarrassingly parallel workload or problem (also called embarrassingly parallelizable, perfectly parallel, delightfully parallel or pleasingly parallel) is one where little or no effort is needed to split the problem into ...
; a large number of computers can be set to work searching different ranges of ''x'' values and trying to factor the resultant ''y''s. Only the found relations need to be reported to a central computer, and there is no particular hurry to do so. The searching computers do not even have to be trusted; a reported relation can be verified with minimal effort. There are numerous elaborations on this technique. For example, in addition to relations where ''y'' factors completely in the factor base, the "large prime" variant also collects "partial relations" where ''y'' factors completely except for one larger factor. A second partial relation with the same larger factor can be multiplied by the first to produce a "complete relation".


Examples


Factorize 35

We take ''n'' = 35 and find that :\textstyle 6^2 = 36 \equiv 1 = 1^2 \pmod. We thus factor as : \gcd( 6-1, 35 ) \cdot \gcd( 6+1, 35 ) = 5 \cdot 7 = 35


Factorize 1649

Using ''n'' = 1649, as an example of finding a congruence of squares built up from the products of non-squares (see Dixon's factorization method), first we obtain several congruences :41^2 \equiv 32 = 2^5 \pmod, :42^2 \equiv 115 = 5 \cdot 23 \pmod, :43^2 \equiv 200 = 2^3 \cdot 5^2 \pmod. Of these, the first and third have only small primes as factors, and a product of these has an even power of each small prime, and is therefore a square :32 \cdot 200 = 2^ \cdot 5^2 = 2^8 \cdot 5^2 = (2^4 \cdot 5)^2 = 80^2 yielding the congruence of squares :32 \cdot 200 = 80^2 \equiv 41^2 \cdot 43^2 \equiv 114^2 \pmod. So using the values of 80 and 114 as our ''x'' and ''y'' gives factors :\gcd( 114-80, 1649 ) \cdot \gcd( 114+80, 1649 ) = 17 \cdot 97 = 1649.


See also

*
Congruence relation In abstract algebra, a congruence relation (or simply congruence) is an equivalence relation on an algebraic structure (such as a group (mathematics), group, ring (mathematics), ring, or vector space) that is compatible with the structure in the ...


References

* * * {{DEFAULTSORT:Congruence Of Squares Equivalence (mathematics) Integer factorization algorithms Modular arithmetic Squares in number theory