Main Page: Difference between revisions

From formulasearchengine
Jump to navigation Jump to search
No edit summary
No edit summary
 
(470 intermediate revisions by more than 100 users not shown)
Line 1: Line 1:
'''Pollard's ''p'' − 1 algorithm''' is a [[number theory|number theoretic]] [[integer factorization]] [[algorithm]], invented by [[John Pollard (mathematician)|John Pollard]] in 1974. It is a special-purpose algorithm, meaning that it is only suitable for [[integer]]s with specific types of factors; it is the simplest example of an [[algebraic-group factorisation algorithm]].
This is a preview for the new '''MathML rendering mode''' (with SVG fallback), which is availble in production for registered users.


The factors it finds are ones for which the number preceding the factor, ''p'' − 1, is [[smooth number#Powersmooth numbers|powersmooth]]; the essential observation is that, by working in the multiplicative group [[Modular arithmetic|modulo]] a composite number ''N'', we are also working in the multiplicative groups modulo all of ''N'''s factors.
If you would like use the '''MathML''' rendering mode, you need a wikipedia user account that can be registered here [[https://en.wikipedia.org/wiki/Special:UserLogin/signup]]
* Only registered users will be able to execute this rendering mode.
* Note: you need not enter a email address (nor any other private information). Please do not use a password that you use elsewhere.


The existence of this algorithm leads to the concept of [[strong prime]]s, being primes for which ''p'' − 1 has at least one large prime factor.  Almost all sufficiently large primes are strong; if a prime used for cryptographic purposes turns out to be non-strong, it is much more likely to be through malice than through an accident of random number generation.
Registered users will be able to choose between the following three rendering modes:


==Base concepts==
'''MathML'''
Let ''n'' be a composite integer with prime factor ''p''.  By [[Fermat's little theorem]], we know that for all integers ''a'' coprime to ''p'' and for all positive integers ''K'':
:<math forcemathmode="mathml">E=mc^2</math>


:<math>a^{K(p-1)} \equiv 1\pmod{p}</math>
<!--'''PNG'''  (currently default in production)
:<math forcemathmode="png">E=mc^2</math>


If a number ''x'' is congruent to 1 [[Modular arithmetic|modulo]] a factor of ''n'', then the [[Greatest common divisor|gcd]] (''x''&nbsp;&minus;&nbsp;1,&nbsp;''n'') will be divisible by that factor.
'''source'''
:<math forcemathmode="source">E=mc^2</math> -->


The idea is to make the exponent a large multiple of ''p''&nbsp;&minus;&nbsp;1 by making it a number with very many prime factors; generally, we take the product of all prime powers less than some limit ''B''. Start with a random ''x'', and repeatedly replace it by <math>x^w \mod n</math> as ''w'' runs through those prime powers. Check at each stage, or once at the end if you prefer, whether [[Greatest common divisor|gcd]] (''x''&nbsp;&minus;&nbsp;1,&nbsp;''n'') is not equal to&nbsp;1.
<span style="color: red">Follow this [https://en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-rendering link] to change your Math rendering settings.</span> You can also add a [https://en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-rendering-skin Custom CSS] to force the MathML/SVG rendering or select different font families. See [https://www.mediawiki.org/wiki/Extension:Math#CSS_for_the_MathML_with_SVG_fallback_mode these examples].


==Multiple factors==
==Demos==


It is possible that for all the prime factors ''p'' of ''n'', ''p''&nbsp;&minus;&nbsp;1 is divisible by small primes, at which point the Pollard ''p''&nbsp;&minus;&nbsp;1 algorithm gives you ''n'' again.
Here are some [https://commons.wikimedia.org/w/index.php?title=Special:ListFiles/Frederic.wang demos]:


==Algorithm and running time==
The basic algorithm can be written as follows:


:'''Inputs''': ''n'': a composite integer
* accessibility:
:'''Output''': a non-trivial factor of ''n'' or <u>failure</u>
** Safari + VoiceOver: [https://commons.wikimedia.org/wiki/File:VoiceOver-Mac-Safari.ogv video only], [[File:Voiceover-mathml-example-1.wav|thumb|Voiceover-mathml-example-1]], [[File:Voiceover-mathml-example-2.wav|thumb|Voiceover-mathml-example-2]], [[File:Voiceover-mathml-example-3.wav|thumb|Voiceover-mathml-example-3]], [[File:Voiceover-mathml-example-4.wav|thumb|Voiceover-mathml-example-4]], [[File:Voiceover-mathml-example-5.wav|thumb|Voiceover-mathml-example-5]], [[File:Voiceover-mathml-example-6.wav|thumb|Voiceover-mathml-example-6]], [[File:Voiceover-mathml-example-7.wav|thumb|Voiceover-mathml-example-7]]
** [https://commons.wikimedia.org/wiki/File:MathPlayer-Audio-Windows7-InternetExplorer.ogg Internet Explorer + MathPlayer (audio)]
** [https://commons.wikimedia.org/wiki/File:MathPlayer-SynchronizedHighlighting-WIndows7-InternetExplorer.png Internet Explorer + MathPlayer (synchronized highlighting)]
** [https://commons.wikimedia.org/wiki/File:MathPlayer-Braille-Windows7-InternetExplorer.png Internet Explorer + MathPlayer (braille)]
** NVDA+MathPlayer: [[File:Nvda-mathml-example-1.wav|thumb|Nvda-mathml-example-1]], [[File:Nvda-mathml-example-2.wav|thumb|Nvda-mathml-example-2]], [[File:Nvda-mathml-example-3.wav|thumb|Nvda-mathml-example-3]], [[File:Nvda-mathml-example-4.wav|thumb|Nvda-mathml-example-4]], [[File:Nvda-mathml-example-5.wav|thumb|Nvda-mathml-example-5]], [[File:Nvda-mathml-example-6.wav|thumb|Nvda-mathml-example-6]], [[File:Nvda-mathml-example-7.wav|thumb|Nvda-mathml-example-7]].
** Orca: There is ongoing work, but no support at all at the moment [[File:Orca-mathml-example-1.wav|thumb|Orca-mathml-example-1]], [[File:Orca-mathml-example-2.wav|thumb|Orca-mathml-example-2]], [[File:Orca-mathml-example-3.wav|thumb|Orca-mathml-example-3]], [[File:Orca-mathml-example-4.wav|thumb|Orca-mathml-example-4]], [[File:Orca-mathml-example-5.wav|thumb|Orca-mathml-example-5]], [[File:Orca-mathml-example-6.wav|thumb|Orca-mathml-example-6]], [[File:Orca-mathml-example-7.wav|thumb|Orca-mathml-example-7]].
** From our testing, ChromeVox and JAWS are not able to read the formulas generated by the MathML mode.


:# select a smoothness bound ''B''
==Test pages ==
:#<math>M \gets \prod_{\text{primes}~q \le B} q^{ \lfloor \log_q{B} \rfloor }</math>
:# randomly pick ''a'' coprime to ''n'' (note: we can actually fix ''a'', random selection here is not imperative)
:#<math>g \gets \gcd(a^M - 1, n)</math> (note: the powering can be done mod ''n'')
:# if 1 < ''g'' < ''n'' then return ''g''
:# if ''g'' = 1 then select a higher ''B'' and go to step 2 or return <u>failure</u>
:# if ''g'' = ''n'' then go to step 2 or return <u>failure</u>


If ''g'' = 1 in step 6, this indicates that for all ''p'' &minus; 1 that none were ''B''-powersmooth.  If ''g'' = ''n'' in step 7, this usually indicates that all factors were ''B''-powersmooth, but in rare cases it could indicate that ''a'' had a small order modulo ''n''.
To test the '''MathML''', '''PNG''', and '''source''' rendering modes, please go to one of the following test pages:
*[[Displaystyle]]
*[[MathAxisAlignment]]
*[[Styling]]
*[[Linebreaking]]
*[[Unique Ids]]
*[[Help:Formula]]


The running time of this algorithm is O(''B''&nbsp;&times;&nbsp;log&nbsp;''B''&nbsp;&times;&nbsp;log<sup>2</sup>''n''); larger values of ''B'' make it run more slowly, but are more likely to produce a factor.
*[[Inputtypes|Inputtypes (private Wikis only)]]
 
*[[Url2Image|Url2Image (private Wikis only)]]
==How to choose ''B''?==
==Bug reporting==
 
If you find any bugs, please report them at [https://bugzilla.wikimedia.org/enter_bug.cgi?product=MediaWiki%20extensions&component=Math&version=master&short_desc=Math-preview%20rendering%20problem Bugzilla], or write an email to math_bugs (at) ckurs (dot) de .
Since the algorithm is incremental, it can just keep running with the bound constantly increasing.
 
Assume that ''p''&nbsp;&minus;&nbsp;1, where ''p'' is the smallest prime factor of ''n'', can be modelled as a random number of size less than&nbsp;&radic;''n''. By [[Dixon's theorem]],  the probability that the largest factor of such a number is less than (''p''&nbsp;&minus;&nbsp;1)<sup>''&epsilon;''</sub> is roughly ''&epsilon;''<sup>&minus;''&epsilon;''</sub>; so there is a probability of about 3<sup>&minus;3</sup>&nbsp;=&nbsp;1/27 that a ''B'' value of ''n''<sup>1/6</sup> will yield a factorisation.
 
In practice, the [[elliptic curve method]] is faster than the Pollard ''p''&nbsp;&minus;&nbsp;1 method once the factors are at all large; running the ''p''&nbsp;&minus;&nbsp;1 method up to ''B''&nbsp;=&nbsp;10<sup>6</sup> will find a quarter of all twelve-digit factors and 1/27 of all eighteen-digit factors, before proceeding to another method.
 
==Large prime variant==
{{incoherent}}
A variant of the basic algorithm is sometimes used; instead of requiring that ''p''&nbsp;&minus;&nbsp;1 has all its factors less than ''B'', we can require it to have all but one of its factors less than some ''B''<sub>1</sub>, and the remaining factor less than some ''B''<sub>2</sub>.  Let ''p''<sub>1</sub> be the smallest prime greater than ''B''<sub>1</sub>, ''p''<sub>2</sub> the next-largest, and so on; let ''d''<sub>''n''</sub>&nbsp;=&nbsp;''p''<sub>''n''</sub>&nbsp;&minus;&nbsp;''p''<sub>''n''&minus;1</sub>. The distribution of prime numbers is such that the ''d''<sub>''n''</sub> will all be fairly small.
 
Having computed <math>c = a^M \mod n</math>, we can easily compute once and for all <math>E_r = c^r \mod n</math> for all <math>r</math> which appear as a value of <math>d_n</math>.  Compute <math>t_1 = c^{p_1} \mod n</math>. We can then stop doing exponentiation, and compute
 
: <math>t_2 (= c^{p_2} \mod n) = t_1 E_{d_2} \mod n</math>, <math>t_3 = t_2 E_{d_3} \mod n, \dots</math>
 
with one multiplication rather than one exponentiation at each step; this is quicker by roughly a factor log&nbsp;''B'' than doing the exponentiations.  It can also be accelerated significantly using [[Fast Fourier transform]]s.
 
==Implementations==
 
* The [http://gforge.inria.fr/projects/ecm/ GMP-ECM] package includes an efficient implementation of the ''p''&nbsp;&minus;&nbsp;1 method.
* [[Prime95]] and [[MPrime]], the official clients of the [[Great Internet Mersenne Prime Search]], use p - 1 to eliminate potential candidates.
 
==References==
*{{Citation |last=Pollard |first=J. M. |year=1974 |title=Theorems of Factorization and Primality Testing |journal=Proceedings of the Cambridge Philosophical Society |volume=76 |issue=3 |pages=521–528 |doi=10.1017/S0305004100049252 |issn= }}
 
==See also==
* [[Williams' p + 1 algorithm]]
 
==External links==
*[http://modular.math.washington.edu/edu/2007/spring/ent/ent-html/node81.html Pollard's ''p''&nbsp;&minus;&nbsp;1 Method]
 
{{Number theoretic algorithms}}
 
[[Category:Integer factorization algorithms]]
 
[[de:Pollard-p-1-Methode]]
[[es:Algoritmo p − 1 de Pollard]]
[[fr:Algorithme p-1 de Pollard]]
[[nl:Pollards p-1-methode]]
[[ru:P-1 метод Полларда]]
[[th:ขั้นตอนวิธีพีลบหนึ่งของพอลลาร์ด]]

Latest revision as of 22:52, 15 September 2019

This is a preview for the new MathML rendering mode (with SVG fallback), which is availble in production for registered users.

If you would like use the MathML rendering mode, you need a wikipedia user account that can be registered here [[1]]

  • Only registered users will be able to execute this rendering mode.
  • Note: you need not enter a email address (nor any other private information). Please do not use a password that you use elsewhere.

Registered users will be able to choose between the following three rendering modes:

MathML

E=mc2


Follow this link to change your Math rendering settings. You can also add a Custom CSS to force the MathML/SVG rendering or select different font families. See these examples.

Demos

Here are some demos:


Test pages

To test the MathML, PNG, and source rendering modes, please go to one of the following test pages:

Bug reporting

If you find any bugs, please report them at Bugzilla, or write an email to math_bugs (at) ckurs (dot) de .