Friday, January 11, 2008
Latest advances with factoring congruences
There has been a burst of research lately on an outgrowth of mathematical research I've pioneered for about four years into the question of whether or not factoring one number could be used to factor another.
That there has been a steady and persistent achievement of milestones over a period of years may surprise many of you who just know about the effort from cases when a flurry of newsgroup postings show up, where a lot of people criticize a particular research effort.
The latest and most important chapter though to cap years of basic research is the remarkable discovery of just a few basic equations—factoring congruences:
Given z^2 = y^2 + nT
at least 50% of the time, you can solve for z modulo a given prime p coprime to y, z and odd nT coprime to 3, with the following congruence relations:
z = (2a)^{-1}(1 + 2a^2)k mod p
and
k^2 = (a^2+1)^{-1}(nT) mod p
where 'a' is chosen such that k exists i.e. (a^2+1)^{-1}(nT) is a quadratic residue modulo p, and k is coprime to nT.
Where also, y = (1+2a^2)^{-1} z mod p, or y = -(1+2a^2)^{-1} z mod p.
And I've included some of the latest research found just yesterday from the existence proof, which shows the relations will work for a particular prime p at least 50% of the time, and from which I also found the equations giving y.
That y is given in that way versus my prior belief that you had to solve for y, from
y^2 = z^2 - nT
removes the one area where speed might have been an issue. That is because for any particular 'a' that you choose, 'n' can be chosen such that (a^2+1)^{-1}(nT) is a quadratic residue modulo p, which means you can force solutions easily. The one warning there is that n cannot be divisible by 3, should not be even and should not contain small primes e.g. primes under 100.
The relations are easily derived, and I've made that derivation available so that others can look it over to see if it contains mistakes, and none have been noted. The existence proof was worked out by me mostly yesterday so there is a possibility that there is some error in it, but I doubt that at this time.
Then the mathematics says that the factoring congruence relations are valid, and that they will work with a given prime p when all the conditions listed are met, about 50% of the time.
There has been a push for me to develop a working algorithm from them, and demonstrate that they work by factoring a large number, which may seem like a reasonable request to many of you.
But in the meantime while I work at making sure that my current research is correct, and later work at writing a computer program, the proof that they work is freely available, so it would be a remarkable part of this story for a refusal of the mathematical community to accept proof to be a large part of the delay in informing the world of the situation.
I have sent an early paper to a math journal, which might have been a bit too early as it did not have the existence proof, some of the conditions or the information that they work 50% of the time for a given prime, but there is that to have some hope on.
Also I have emailed some mathematician directly.
If the factoring congruences are correct, and if they do factor about 50% of the time when you use a p>sqrt(nT), then they could allow factoring of what is generally called a public key, which is part of the encryption system developed by RSA. If that is true, then they would probably allow rapid factoring of it as well, which would mean a system that was thought to be capable of protecting information for decades, will have been proven defunct, almost literally overnight.
Of course, there are those who would rather that be demonstrated first, and not left as a claim based solely on mathematical proof, so there is a call for me to factor a public key, and show that RSA encryption is over.
And that covers all the key items and should bring you up to speed on the the latest.
That there has been a steady and persistent achievement of milestones over a period of years may surprise many of you who just know about the effort from cases when a flurry of newsgroup postings show up, where a lot of people criticize a particular research effort.
The latest and most important chapter though to cap years of basic research is the remarkable discovery of just a few basic equations—factoring congruences:
Given z^2 = y^2 + nT
at least 50% of the time, you can solve for z modulo a given prime p coprime to y, z and odd nT coprime to 3, with the following congruence relations:
z = (2a)^{-1}(1 + 2a^2)k mod p
and
k^2 = (a^2+1)^{-1}(nT) mod p
where 'a' is chosen such that k exists i.e. (a^2+1)^{-1}(nT) is a quadratic residue modulo p, and k is coprime to nT.
Where also, y = (1+2a^2)^{-1} z mod p, or y = -(1+2a^2)^{-1} z mod p.
And I've included some of the latest research found just yesterday from the existence proof, which shows the relations will work for a particular prime p at least 50% of the time, and from which I also found the equations giving y.
That y is given in that way versus my prior belief that you had to solve for y, from
y^2 = z^2 - nT
removes the one area where speed might have been an issue. That is because for any particular 'a' that you choose, 'n' can be chosen such that (a^2+1)^{-1}(nT) is a quadratic residue modulo p, which means you can force solutions easily. The one warning there is that n cannot be divisible by 3, should not be even and should not contain small primes e.g. primes under 100.
The relations are easily derived, and I've made that derivation available so that others can look it over to see if it contains mistakes, and none have been noted. The existence proof was worked out by me mostly yesterday so there is a possibility that there is some error in it, but I doubt that at this time.
Then the mathematics says that the factoring congruence relations are valid, and that they will work with a given prime p when all the conditions listed are met, about 50% of the time.
There has been a push for me to develop a working algorithm from them, and demonstrate that they work by factoring a large number, which may seem like a reasonable request to many of you.
But in the meantime while I work at making sure that my current research is correct, and later work at writing a computer program, the proof that they work is freely available, so it would be a remarkable part of this story for a refusal of the mathematical community to accept proof to be a large part of the delay in informing the world of the situation.
I have sent an early paper to a math journal, which might have been a bit too early as it did not have the existence proof, some of the conditions or the information that they work 50% of the time for a given prime, but there is that to have some hope on.
Also I have emailed some mathematician directly.
If the factoring congruences are correct, and if they do factor about 50% of the time when you use a p>sqrt(nT), then they could allow factoring of what is generally called a public key, which is part of the encryption system developed by RSA. If that is true, then they would probably allow rapid factoring of it as well, which would mean a system that was thought to be capable of protecting information for decades, will have been proven defunct, almost literally overnight.
Of course, there are those who would rather that be demonstrated first, and not left as a claim based solely on mathematical proof, so there is a call for me to factor a public key, and show that RSA encryption is over.
And that covers all the key items and should bring you up to speed on the the latest.
# posted by James Harris @ 14:29 
