Fast square-free decomposition of integers using class groups

Erik Mulder
2023-08-11
Abstract:Let $n=a^2b$, where $b$ is square-free. In this paper we present an algorithm based on class groups of binary quadratic forms that finds the square-free decomposition of $n$, i.e. $a$ and $b$, in heuristic expected time: $$ \widetilde{\mathcal{O}}(L_{b}[1/2,1] \ln(n) + L_{b}[1/2,1/2] \ln(n)^2). $$ If $a,b$ are both primes of roughly the same cryptographic size, then our method is currently the fastest known method to factor $n$. This has applications in cryptography, since some cryptosystems rely on the hardness of factoring integers of this form.
Number Theory
What problem does this paper attempt to address?
### What problem does this paper attempt to solve? This paper is mainly devoted to solving the square - free decomposition problem of integers. Specifically, given an integer \(n = a^{2}b\), where \(b\) is square - free, the paper proposes a new algorithm based on the binary quadratic form class group to find \(a\) and \(b\). #### Main contributions and background 1. **Problem description**: - For polynomials, square - free decomposition is an easy problem to solve. But for integers, this problem is still open. - The paper pays special attention to integers of the form \(n = p^{2}q\), where \(p\) and \(q\) are prime numbers of similar size. Integers of this form have important applications in cryptography because some cryptosystems rely on the difficulty of factorization. 2. **Limitations of existing methods**: - Schnorr and Lenstra proposed a general integer factorization algorithm in 1984, claiming that it can be completed in \(O(L_{n}[1/2,1])\) time. However, for integers with large square prime factors, the actual running time of this algorithm is not ideal. - Other existing factorization algorithms such as the elliptic curve method (ECM) and the number field sieve method (NFS) also have certain limitations. 3. **Advantages of the new algorithm**: - The algorithm proposed in the paper is the fastest known method in specific cases (for example, when \(p\approx q\) and \(q\) is in the range of approximately \([10^{20}, 10^{5000}]\)). - The algorithm uses the binary quadratic form class group and introduces a new trick: by introducing an integer \(r\) with known factorization, it is possible to find a suitable representation form in a smaller class group, thus improving efficiency. #### Application scenarios - **Cryptography**: Since some cryptosystems assume that the difficulty of factoring \(n = p^{2}q\) is the same as factoring the product of three large prime numbers, the algorithm in this paper reveals that this assumption is not valid, so a larger modulus needs to be used to ensure security. - **Algebraic number theory**: Problems such as determining the integer ring of a number field and the endomorphism ring of an elliptic curve all depend on square - free decomposition, and this algorithm can be applied to these fields. ### Summary The core problem of the paper is to develop an efficient algorithm to solve the square - free decomposition problem of integers, especially in the context related to cryptography. By using the properties of the binary quadratic form class group, the author proposes a new algorithm, which not only improves the computational efficiency but also reveals the potential vulnerabilities of some cryptosystems.