Ишмухаметов Ш.Т. - Методы Факторизации Натуральных Чисел - 2011

..
2011
511, 519.6
-
() ,

, 6 21 2011 .
-
. . . , . .
..

. . , . ..
( . ..)
..
: /
.. . : . . 2011. 190 .

. .
, RSA,
.
, ,
.

,
. , .
. .

.
c

, 2011
c

.., 2011
1.
10
1.1. . . . . . . . . . . . . . . . . . . . . . . 10
1.2. . . . . . . . 13
1.3. . . . . . . . . . . . . . 14
1.4. . . . . . . . . . . . . . . . . . . . . . . . 15
1.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.6. . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.7. . . . . . . . . . . . . . . . . . . . . . . 20
1.8. . . . . . . . . . . . . . . . . . . 23
1.9. . . . . . . . . . . . . . . . . . . . . . . . . . . 25
1.10. . . . . . . . . . . . . . . . . . . 27
1.11. . . . . . . . 29
1.12. AKS . . . . . . . . . . . . 31
1.13. . . . . . . . . . . . . . . . . . . . . 32
1.14. . . . . . . . . 34
1.15. . . . . . . . . . . . . . . . . . . . 36
1.16. , e . . . . . . . . . . . . . . . . 38
1.17. . . . . . . . . . . . . . . . . . 39
1.18. . . . . . . . . . . . . . . . . . . . . . . . 42
1.19. , . . . . . . . . . . . . . . . 45
2.
52
2.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
2.2. (p 1) . . . . . . . . . . . . . . . . . . . . . . . 54
2.3. (p + 1) . . . . . . . . . . . . . . . . . . . . . . . 60
2.4. - . . . . . . . . . . . . . . . . . . . . . . . . . . 61
2.5. - . . 65
2.6. . . . . . . 68
2.7. . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4
2.8. . . . . . . 75
3.
83
3.1. . . . . . . . . . . . . . . . . 84
3.2. . . . . . . . . . . . . . . . . 87
3.3. . . . . . . . . . . . . . . . . . 89
3.4. . . . 95
3.5. - . . . . . . . . . . . . . . . . . . . . . . 100
3.6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.
115
4.1. . . . . . . . . . . 115
4.2. . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.3. . . . . . . . . . . . . . . . . . . . . 120
4.4. . . . . . . . . . . . . . . 126
4.5.
. . . . . . . . 127
4.6. . . . . . 130
4.7. . . . . . . . . . . . . . 134
4.8. . . . . . . 137
4.9.
. . . . . . . . . . . . . . . . . . . . . . . . . . 139
4.10. (Zhang Special QS) . . . . . . . . . . . . . . . . . . 142
5.
145
5.1. . . . . . . . . . . . . . 146
5.2. . . . . . . . . . . . . . . . . . . . . . . . . 151
5.3. . . . . . . . . . . . . . . . 154
5.4. . . . . . . . . . . . . . . . . . . . 161
5.5. 163
5.6.
. . . . . . . . . . . . 168
5.7. . . . . . . 169
5.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
. .
176
.1. . . . . . . . . . . . 179
.2. . . . . . . . . . . . . . . . . . . . 180
.3. . . . . . . . . . . . . . . . . . . . . 182
.4. . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
.5. . . . . . . 186

192
The problem of distinguishing prime numbers from composite numbers and of

resolving the latter into their prime factors is known to be one of the most
important and useful in arithmetic. Further, the dignity of the science itself
seems to require that every possible means be explored for the solution of a
problem so elegant and so celebrated.
Karl Friedrich Gauss Disquisitiones Arithmeticae (1801)

, ,
. , ,
,
.
(1801)
1977 . (Ronald Linn Rivest),

(Adi Shamir) (Leonard Adleman)
(MIT)
Scientific American ,
,
RSA.

n ( 1024 2048 ),
p q . p q
, RSA
p q , . n
.
RSA
,
.
, 25 30 .
n , 100
,
8
.
129- ,
$100.
1977 . Sci.Amer.
A new kind
of cipher that would take millions of years to break
, ) [24].
, , .

, ,
.
.
80- . XX
- (the Elliptic Curves method)(X. [31]), (the
Quadratic Sieve QS) (C.Pomerance [46]) (the
Number Field Sieve NFS) (J. Pollard [44]).
, ,
(p 1) (. [43]). ,

() .
129-
RSA 1994 .,
, ,
., .
. ,
1600 , 220 ,
, 0,5 .
2
.

.
,
,
. (
2009 .) ,
[30], 768 .
512- 2000 ., .. 512 768- 10 .
1024
, 2020 .

,
.
,
.
..
, , 2002,
[79] .. - ,
, 2003, [64]. , ,
, .
, ,
,
.

, ,
, : ishm2010@yandex.ru
1.
10
1.
,
1. , , .

. , ,
.
1.1.
Z , p 2 .
, a b b|a.
1.1. , a b
p, ,
a b ( mod p),
p|(a b).

:
1. : a a ( mod p).
2. : a b ( mod p) b a ( mod p).
3. : a b ( mod p) & b c ( mod p) a c ( mod p).

. ,
, .
, k , k .
n > 0 n ,
Z n = {0, 1, ... n 1}.
,
, , n
1.
11
, .
n Zn .
, a b a + b = a + b
( ),
,
, [0, n1]
n (.. ,
mod n). , Z7 2 5 = 10 = 3 ( mod 7).
: 2 5 = 3 ( mod 7).
n ,
.
,
+ , :
1. : (a, b, c K) a + (b + c) = (a + b) + c,
2. : (0 K)(a K) a + 0 = 0 + a = a,
3. :
(a K)(b K) a + b = b + a =0,
4. : (a, b, c K) a (b c) = (a b) c,
5. : (a, b, c K) a (b + c) = a b + a c,
(b + c) a = b a + c a.
a (a).
, ,
. < G, + >
a + b = b + a,
. , Z n
.
n
n = pk , k 1 ,
Z n ( Z n )
, .. 1 a1=1a,
a a1 a a1 =1.
1.
12
,
, ,
.
(1811 1832),
, GF (q).
. .
[73].
G .
1.2. a G (
ordG (a)) k , ak = 1.
.
,
, , .

(17361813).
1.1. ().
.
. a < G, >
k > 1. a, a2 , ... , ak1 , ak = 1
A, k
G. b A b G k ,
G. , G
k m, m ,
.
.
Z p p = 29.
, p
1 = 28. a
28, .. :
1, 2, 4, 7, 14 28.
a G
, ordG (a) .
1.
13
. , ,
.
Z n ,
,
n.
() ,
. , 2199 (mod
1003), ,
Windows, .

, .
1.2.
, z = ab mod n.
:
1. b : b = (b0 b1 ... bk )2 ,
bi {0, 1}. , 199 = 110001112 ,
2.
b
b0 b1
...
bk
a0 a1
...
ak
(
a0 = a, ai+1 =
a2i mod n, bi+1 = 0,

a2i a mod n, bi+1 = 1
i 0.
.
. 2199 mod 1003:
b
8 64 84 35 444 93 247
: 2199 mod 1003 = 247.
1.
14
1.3.
, , 2, .
,
, 3 9 ,
3 9 .
5, , 0 5.
,

.
,
, 276 - 194 . ..

B
3 B . , .. ,
, 3, 6.
() ,
.., .
.

(16011665)
, .
1.2. ( ) p,
, p
ap1 1 ( mod p)
(1.1)
(.1.1).
, p Zp
, p 1 .
Zp .
a Zp p 1, ap1 1 ( mod p).
1.
15
, a < p
ap1 6 1 ( mod p), p .

p, a,
p.
1.19.
p
a:
1.3. (
).
a p :
1. ap1 1( mod p),
2. a(p1)/q 6 1( mod p) q|(p 1),
p, a GFp (..
GFp ).
. n = 1 022 333 835 329 657, n 1 = 2 2957 146 063 292 877.
3n1 1( mod n),
3(n1)/2 1 ( mod n),
3(n1)/2597 324224767363906 ( mod n),
3(n1)/146 063 697302646321792 ( mod n),
3(n1)/292 877 736785752408036 ( mod n).
n , 3
GFn .
, n 1
,
.
1.4.
(the trial division)
n
16
. bxc floor(x),
, x ( ).
, dxe ceil(x),
, x ( ).
n
2 n:
int Tr_div(int n)
{
for(int i = 2; i < b nc; i + +)

if (n%i == 0) return i;
return 0}
O(log 2 n),
O(n1/2 log 2 n).
L n, L = dlog2 ne.

:
T (n) = O(L2 eL/2 ).
(1.2)
,
,
.
1.5.

.
:
, ,
. . (A. Atkin) .
(D. Bernstein).
,
.
17
int limit = 1000;
int sqr_lim; bool is_prime[1001]; int x2, y2; int i, j; int n;
//
sqr_lim = (int) sqrt((long double) limit);
for (i = 0; i <= limit; i++) is_prime[i] = false;
is_prime[2] = true; is_prime[3] = true;
// -
// .
// x2 y2 - i j ().
x2 = 0;
for (i = 1; i <= sqr_lim; i++) {
x2 + = 2 * i - 1;
y2 = 0;
for (j = 1; j <= sqr_lim; j++) {
y2 += 2 * j - 1;
n = 4 * x2 + y2;
if ((n <= limit) && (n % 12 == 1 || n % 12 == 5))
is_prime[n] = ! is_prime[n];
// n = 3 * x2 + y2;
n -= x2; //
if ((n <= limit) && (n % 12 == 7))
// n = 3 * x2 - y2;
n -= 2 * y2; //
if ((i > j) && (n <= limit) && (n % 12 == 11))
}
}
// [5,
// ( )
for (i = 5; i <= sqr_lim; i++) {
if (is_prime[i]) {
n = i * i;
for (j = n; j <= limit; j += n) {
is_prime[j] = false;
}
}
}
// .
limit ].
18
printf("2, 3, 5");
for (i = 6; i <= limit; i++) {
// 3 5.
// .
if (is_prime[i]) && (i % 3 <> 0) && (i % 5 <> 0){
printf( % d , i); }
}
.
, , . , (
60) 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42,
44, 46, 48, 50, 52, 54, 56 58, .
, ( 60) 3, 9, 15, 21, 27, 33, 39, 45, 51 57,
. , ( 60) 5, 25,
35 55, . (
60) .
, ( 60) 1, 13, 17, 29, 37, 41, 49 53,
4 1.
, 4x2 + y 2 = n
(squarefree).
, ( 60) 7, 19, 31 43,
6 1. ,
3x2 + y 2 = n
.
, ( 60) 11, 23, 47 59,
12 11. ,
3x2 y 2 = n
.
2, 3 5,
. ,
, 22, 32 52.
19

n
O
ln ln n
O(n1/2+o(1) ) .
,
.
1.6.
n 1 ,
n
, n .
:
1.4. (H.C. Pocklington). n 1
F R ,
F . ,
a < n :
1. an1 1 (mod n),
2. ...(a(n1)/q , n) 6= 1 q|F ,
n 1 F.
.
n.
.1 , k aR
GFp (n 1)/F = R .
, k
, .. k = F . F |(p 1), .. p = 1 + m F
m.
. F >
n, n.
20
, , p
n n, .
. n = 618 970 019 642 690 137 449 462 111. n 1

n 1 = 2 3 5 17 23 89 353 397 683 2113 2 931 542 417.
, n 1, 2 931 542 417,
b nc = 24 879 108 095 803.

a = 2 , .. 2(n1)/q 1 ( mod
n) q . a = 3:
m = 3(n1)/p 1 180 591 065 836 317 083 554 066 745 6= 1 ( mod n),
, ...(n, m) = 1. , n 1 + k
p < n, , 0 < k < 8486. k ,

n , , , .

F , n 1 (
a = 3), F > b nc, ,

n.
1.7.

.

- . , .

p(x) = x2 + x + 41,
40
.
21
,
[1970],
,
. (
.. [77]):
F (a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z) =
(k + 2)(1 (wz + h + j q)2 (2n + p + q + z e)2 (a2 y 2 y 2 + 1 x2 )2
((e4 + 2e3 )(a + 1)2 o2 )2 (16(k + 1)3 (k + 2)(n + 1)2 + 1 f 2 )2
(((a + u4 u2 a)2 1)(n + 4dy)2 + 1 (x + cu)2 )2
(ai + k + 1 l i2 ((gk + 2g + k + 1)(h + j) + h z)2
(16r2 y 4 (a2 1) + 1 u2 )2 (p m + l(a n 1)+
+b(2an + 2a n2 2n 2))2 (z pm + pla p2 l + t(2ap p2 1))2
(q x + y(a p 1) + s(2ap + 2a p2 2p 2))2
(a2 l2 l2 + 1 mr)2 (n + l + v y)2 )
, .
10- , ,
,
.

.
,
,
(.19)
p:
1. R p
R 4p + 2 n = pR + 1.
2. n ,
.
3. n - (. c.27)
a < p.
22
, n , R
.

. (..1.13)
().
, .

, ,
. , p(x),
x ( Wolfram Mathematica
, p(x) x).
, x,
:
1. {n, n + 2, n + 4, ..., n + 2m},
n x , n + 2m .
2.
(. .16)
{3, 5, ..., pk }, B . B = 10,
. pk < 1000, 5/6
.
3. ,
.
. x 10260 ,
B = 1000. 67
x + 782. B = 8000
50, B = 50 000 36. , B
, .. ,
, ,
23
.
1.8.
()
.
. A B
(greatest common divisor d) d.
... A B
:
...(A, B) = ...(B, A mod B),
(1.3)
A mod B
A B .
,
0.
:
int Euclid(int A, B )
{
while (A mod B !=0) {
int C=A mod B;
A=B; B=C ; }
return B ;
}
Ax+By = d, A, B ,
d ,
. ... d,
, . A, B ,
A B , 4 .

, x y .
x y 0 1. , xi+1 yi+1 ,
24
xi yi , i 0, :
yi = xi+1 yi+1 (A div B)i
xi = yi+1 ,
. 72x + 25y = 1.
A = 72, B = 25. A mod B
A B , A div B A B .
B A mod B .
. ,
A mod B 0.
x y 0 1, ,
.
A
A mod B A div B
72
25
22
-25
25
22
-7
22
-7
: ...(72, 25) = 1 B . (x, y) =

(8, 25), 72x + 25y = 1,
.

,

.

(A; B), , ,
. ,
, k :
1. B < A/2. k + 1 A,
B , , A/2.
25
2. B A/2. r = A mod B = A B
A/2, k + 2 A r < A/2.
, A
, 2 , ,
, 2 log2 A.
( ,
Ax+By = d), , O(L), L = dlog2 Ae
.
..
, {Fn },
.
:
F0 = 1, F1 = 1, Fn+2 = Fn + Fn+1 , n 2.
:
S = {1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, 610, 987, 1597, 2584, 4181}.
1.9.
1.3. n > 1 . a,
[0, n 1] n,
x , x2 a ( mod n).
x , a
. , [0, n 1]
.
, a
p, , , :
1, ( x) x2 a mod p,

a
=
(1.4)
1, ( x) x2 a mod p,
0, p | a.
26

, :

p1
a
= a 2 mod n.
p
(1.5)

,
,
17 .
:
p q

q
p
=
(1)(p1)(q1)/4 .
p
q
,

q
p
q
p
=
, p q 3 mod 4,
=
, .
p
q
p
q

,
.

:

q
q mod p
qr
q
r
=
,
=
,
p
p
p
p
p

p2 1
2
= (1) 8 mod n.
p
. (15/17):

15
3
5
2
2
=
= (1) (1)3 = 1
17
17
17
3
5
n ,

:
r1 r2
rk
a
a
a
a
...
,
=
n
p1
p1
pk
n = pr11 pr22
.
(1.6)
... prkk n
27
1.10.
, n
, :
1.5. ( ) n 3
, n
, x y ,
x 6 y ( mod n), x2 y 2 ( mod n).
(1.7)
. (1.7) , ...(n, x2 y 2 ) 6=
1, 6= n. , n = p q , p > q , x = (p + q)/2,
y = (p q)/2. , x y (1.7).
, x y
1,
n,
n 1 n 1 = 2s d, d.
a Z n n,
:
1. x = ad 1 (mod n),
k
2. (k, 0 < k < s) x2 1 (mod n).
(1.8)
, a n.
, n
, n.
, a Z n
.12 (1.8),
x0 = ad (mod n), x1 = x20 (mod n), ... , xs1 = x2s2 (mod n)
1. xs , x2s1 ( mod n). 1.
s
n, xs = ad2 = an1
. , n .
28

.
(n)
,
, n
, n - n.
, n > 1 (n) < n. p
(n) p 1, n,
n = n1 n2 , (n) = (n1 ) (n2 ).
, n > 2
,
(n)/4 < n/4. , k
a < n n, n
, 4k .
.

n > 2 n1 = 2s d, d.
a 2 r + 1, r ,
:
1. x0 = ad (mod n).
2.
x0 {1, n 1}. ,
a . a.
3. , n 1
{x1 , x2 , ..., xs1 }, x
xi+1 = x2i (mod n).
, a .
a r + 1.
, n.
n.
29
r r ,
n .
. n = 1729 (. . 50).
n 1 = 26 33 . a = 2:
x0 = 227 mod 1729 = 645 6= 1, 6= n 1,
x1 = x20 mod 1729 = 6452 mod 1729 = 1065.
x2 = x21 mod 1729 = 10652 mod 1729 = 1.

{xi }
3, 4, 5
1,
{x1 , x2 , ..., xs1 }, n 1. , 2

n, n = 1729 .

(. 33):
1.1. n , n1 = 2s d, d.
x, 0 < x < 2 ( log2 n)2 xd 1 (mod n),
k
x2
1 (mod n) 0 k < s. n
.
, , , ,
,
,
.
, .
O(log2 n) (. [50]).
1.11.
(.
1.2) (. 1.9):
30
1.6. n ,
a, n n,

a
a(n1)/2
( mod n),
(1.9)
n
n/2.

k 1. n k .
:
1. a < n,
d =...(a, n).
2. d > 1, , n .
(1.9). , n - . ,
a n.
k k ,
n .

1/2,
k
, 2k .
,
, (.. 1.19).
, ,
k , 4k .

O(k log2 n).
31
1.12. AKS
. ,
, ,
. , (.1.6),
, .
2004 . ,
([1])
AKS
. AKS :
1.7. (Agrawel,
Kayal,
Saxena
[2004].)
, r :
1. n , r ,
2. n Z p GFp
(log2 (n))2 ,
3. a, 0 a r ,
(X + a)n X n + a Zn [X]/
Xr 1
.
X 1
(1.10)
n .
Z n [X]
, n,

r (X) =
Xr 1
= X r1 + X r2 + ... + X + 1.
X 1
, n, (X +a)n X n +a mod n
Z n [X],
32
, .
, ,
Z n [X] Z n [X]/r (X).
n:
1. , n ,
2. r = 2, 3, 5, ..., r
, r n, ni 1
i {0, 1, 2, ... , (log2 n)2 )}.
3. , 3 .
, n, n.
. , AKS
,
. 3
,
O(log18 n) (. . . [53]).
,
, n
.
1.13.
, . ,
, {2, 3, 5, ..., pm B }
, B , M
M=
m
Y
pi + 1
i=1
.
. ,
.
33
, . (x)
1 x.
1796 . (1752
1833) , (x)
x
B, B 1, 08.
ln x
XIX .. (18211894)
(x)
(x) 1 x:
A
x
x
< (x) < B
,
ln x
ln x
A = 0, 921, B = 1, 06, , (x) x/ ln x,

, 1.
1896 ., ,
- ,
(x) x/ ln x 1.
(x)
[1; 10k ] k :
x
(x)
102 103
25
104
106
108
1012
168 1 229 78 498 5 761 455 37 607 912 018

. 7 ,
(Clay Mathematics Institute, , ) 1 . . ,
- ,

(s) = 2s s1 sin
s
(1 s) (1 s),
2
X (n)
1
=
,
(s) n=1 ns
34
(n) .
1901 . ,
:
Z x
dt
+ O( x ln x) x
(x) =
2 ln t
1.14.

, 4- 5- ,
,
. .
GFp , p > 2, a,
p. x , a
x2 ( mod p).
p 1 p 1 = 2r s, s. ,
p 1, r 1. z
p. y = z s mod p.
2r s, y 2r ,
r
y 2 1 ( mod p). , y 2
1 ( mod p),
.. y 2r .
0 = as ( mod p), w0 = a(s+1)/2 ( mod p).
(1.11)
,
w02 a 0 ( mod p) x2 a( mod p) x2s as = 0 ( mod p).
(1.12)
xs 2r ,
0 2r1 .
(i , wi ),
wi2 a i ( mod p), i = 0, 1, 2, ... ,
(1.13)
35
i+1 i ,
, i 0.
i i = 1
wi2 a ( mod p),
x = wi .
(0 , w0 ), (1.13),
(1.12), ,
(i+1 , wi+1 ):
i+1 = i y 2
rm
wi+1 = wi y 2
rm1
(1.14)
2m i .
. a = 2
GFp p = 41:
1. , p 1 = 40 = 23 5, , s = 5, r = 3.
2. (0 , w0 ) (1.11):
0 = as ( mod p) = 25 ( mod 41) = 32,
w0 = a(s+1)/2 ( mod p) = 23 ( mod 41) = 8.
3. 0 :
20 mod p = 322 mod 41 = 40 1 ( mod 41), 40 1 mod p.
, ord(0 ) = 2m = 4, m = 2.
4. .
z = 3:

z
3
41 mod 3
2
(411)(31)/2
=
=
(1)
=
= 1,
p
41
3
3
, z = 3
(i+1 , wi+1 ).
36
5. y = z s ( mod p) = 35 ( mod 41) = 38.
6. , y :
d = 2rm = 232 = 2,
y d = 32 = 9.
7. 1 = 0 y d ( mod p) = 32 9( mod 41) = 1, w1 = w0 y d1 ( mod

p) = 8 3( mod 41) = 24. i 1,
. x = w1 = 24. :
x2 mod p = 242 mod 41 = 2 = a.
1.15.
,
.
,
..
1.8. m1 , m2 , ..., mn
, r1 , r2 , ..., rn , 0 r1 < mi
i, x, mi ri
1 i n. , x1 x2
x1 x2 ( mod m ), m = m1 m2 ... mn .

(Jiushao Qin) (1247 . ..) x,
:
x=
n
X
i=0
ri ei , ei =
mi
m
mi
1
!
mod mi , 1 i n.
(1.15)
, mi m/mi ,
ei 1 i n. ,

(
ei ei ei ( mod m ),
ei ej 0 ( mod m ) i 6= j,
37
.. ei m.

x
(Garner algorithm), x n-
{xi }. {xi }, {yi }
:
y1 = x1 = r1 ,
i+1 xi
mod mi+1 ,
yi+1 = m1rm
2 ... mi
xi+1 = xi + yi+1 m1 m2 ... mi .
(1.16)
,
(xi+1 , yi+1 )
(xi , yi ), x.
. x,
:
x 2 ( mod 3 )
x 5 ( mod 7 )
x 4 ( mod 11 ).
. m1 = 2, m2 = 7, m3 = 11, r1 = 2, r2 =
5, r3 = 4. yi xi , i = 1, 2, 3:
y1 = x1 = 2,
y2 = (r2 x1 ) (m1 )1 mod m2 = (5 2) (3)1 mod 7 = 1
x2 = x1 + (y2 m1 mod m2 ) = 2 + (1 3 mod 7) = 5,
y3 = (r3 x2 ) (m1 m2 )1 mod m3 = (4 5) 211 mod 11 = 1,
x3 = x2 + y3 m1 m2 = 5 + 1 3 7 = 26.
: x = 26.
38
1.16. , e

.
.

= 3, 14159265358979323846264338327950288419716939937510...
,
. .
.
, 1997 . (Simon Plouffe):

X
4
2
1
1
1
=
16k 2 8k + 1 8k + 4 8k + 5 8k + 6
k=0
e
e = 2, 718281828459045235360287471352662497757...
. e
. e. e
:

n
X
1
1
e = lim 1 +
e =
n
n
n!
n=1
e,
i = 1:
eix = cos x + i sin x, ,
ei = 1
2 = 1, 414213562373095048801688724210...
ln 2 = 0, 693147180559945309417232121458...
39
log2 e = 1, 44269504088896340735992468100...
ln 10 = 2, 302585092994045684017991454684...
1.17.
,
(1877
1938) 1912 .
(
(19081968)). ,
., .
( ):
, , ,
,
, 5,
.
:
(.. ,
2) ?
( ): , n2
(n + 1)2 ?
:
n2 + 1?

,
, . .

.
40

1742 .
, :
5
.
:

.
,
( ).

:
> 2 , 3
, > 5.
1923 . ,

.
1937 . ,
(18912007) ,
,
.
, .
15
, 33 . 6
,
. ,
.
,
1989 3, 3 1043000 , ,
.
41
1997 . , , ,

.
1020 ,
. ,
.
, -,
. 1937 . 1938 . ,
(
, , ).
1975 . . (H. Montgomery) .. (R.C. Vaughan). , c C,
, N,
, C N 1c .
1939 . ,
300 000 .
. 1995 . (Ramare) ,
6 .
1966 . (Chen Jingrun) ,
,
(
). , 100 = 23 + 7 11.
2008 .
, 1, 2 1018 .

4-
.

(twins) , ,
2. ,
42
.
X .
(3, 5), (101, 103)
(65 516 468 355 2333 333 1).
. ,
2 (3, 5 7).
2005 .
, (Dan Goldston, Janos Pintz and
Cem Yildirim),
lim inf
pn+1 pn
= 0,
log pn
(1.17)
pn n . ,
x
n > x , pn+1 pn < log pn , ,
f (x) = min{pn+1 pn | pn > x} , log x.
Front
For ArXiv Are there infinitely many twin primes?
http://front.math.ucdavis.edu/0710.2728 http://www.math.sjsu.edu/ goldston/twinprimes.pdf

,
.
1.18.
,

xn + y n = z n
(1.18)
n 3.
1637 .
:
43
, ,
, ,
. ,
.

n = 4, ,
,
.
1770 . n = 3,
1825 . n = 5, n = 7. ,
n, 100,
.
,
R(2/p ) p.
.
37, 59 67.

; ,
.
XIX
.
. , :
.
z n .
1972 . ,
, :
,
( )
.
,
, ,
: . . . !
44
.
. . . . . . . .
.
1908 . 100 000
, .
.

.
1980- . .
, 1983 ., , an +bn =
cn n > 3 .
,
(Andrew John Wiles).
1993 . ,
.
.
,
21, 22 23 1993 .
,
.
. .
200- Inventiones Mathematicae, .
.
, 4 1993 .
.
, ,
, . 1994 .
.
, , 19 1994 . ,
. 1995 .
Annals of Mathematics
45
130 . Modular elliptic curves and
Fermats Last Theorem, 14 1994 .,
Ring-theoretic properties of certain
Hecke algebras, 7 1994 .
,
.
357- . 27 1995 .
, --,
, ,
.
,
27 1997 . .
,
75000 .
1.19. ,

,
.
an 1. , ,
:
xn 1 = (x 1)(xn1 + xn2 + ... + x + 1)
n, , x x 1,
:
xn + 1 = (x + 1)(xn1 xn2 + ... x + 1)
(1.19)
:
1.9. a, n , a, n 2,
an +1 n = 2k k.
46
. n = tu, u.
(1.2) x = at ,
an + 1 = xu + 1 = (x + 1)(xt1 xt2 + ... x + 1)
x + 1 = at + 1
an + 1. .

n
Fn = 22 + 1 ,
. ,
, ,
. 5 :
F0 = 3, F1 = 5, F2 = 17, F3 = 257, F4 = 65537.
Fn 1732 .
(17071783) ,
:
5
22 + 1 = 4 294 967 297 = 641 6 700 417

, ,
, 800 20
,
I ,
( 1741 . 1766 .,
, ). 1766 . 1783
. -, 13 ( 5),
, ,
,
, II ,
-,
.
.
47
n
1.10. ( (-)). Fn = 22 +
1, n 1, p Fn , p 1 (mod 2n+2 ).
. r Fn , h
,
n
22
2h
1 (mod r ). ..
1(mod r ), h = 2n+1 . ,
2r1 1(mod r ), h r 1. .. n 2,
r 1 ( mod 8). (.c.25), 2
r , , 2(r1)/2 1(modr),
.
. F5 = 232 + 1.
1 + 128k . , F5 = 4 294 967 297 = 641
6 700 417 = (1 + 5 128) (1 + 52347 128).

([28]): http://www.prothsearch.net/fermat.html
:
F0 = 3
F1 = 5
F2 = 17
F3 = 257
F4 = 65537
F5 = 641 6700417
F6 = 274177 67280421310721
F7 = 59649589127497217 5704689200685129054721
F8 = 1238926361552897 P 62
F9 = 2424833 7455602825647884208337395736200454918783366342657 P 99
F10 = 45592577 6487031809 4659775785220018543264560743076778192897
P 252
F11 = 319489 974849 167988556341760475137 3560841906445833920513
P 564
P k k , P 564,
k .
48
,
, F12 . ,
2010 . (Michael Vang) F12 ,
P6 = 17353230210429594579133099699123162989482444520899 215 +1.

, F12 1877 .,
1903 . ( ), 1974 . 1986 . . ,
, 1033
, .
,
! , (J.Young) ,
F 213319 3 2 213321 + 1.

Mp = 2p 1
p. :
1, 3, 7, 31, 127, 2047, 8191, 131071, 524287, 8388607, 536870911, 2147483647.
1.11. ( ). p 3 ,
q Mp = 2p 1, q 1 (mod 2p) q 1 (mod 8).
. , 2p 1 (mod q)
, 2q1 1 (modq). , 2 (..
t , 2t 1 (modq) ordq (2))
p q 1. 1,
p, p|(q 1), .. q = 1 + mp. .. p q ,
m = 2k , q = 1 + 2kp. , p (q 1)/2. .
2p 1 (mod q), 2(q1)/2 1 (mod q), (2/q) = 1
q 1 (mod 8).

,
49

. (Lucas) 1878 . 1930 .
(Lehmer).
,
Mp p, :
. p 3 Mp
, Lp 1, Lk
:
L1 = 4, Lk+1 = L2k 2
Mp
Mp ,
p . Lp 1(modMp )
. , Mp
, p
.
1876 . ,
2127 1 = 170141183460469231731687303715884105727
.
1951 ., .. 75 .
2004 . 44 , 4
2006 . 45- 232 582 657 1.
47 .
Mp = 243112609 1,
2008 . GIMPS.
12978189 , GIMPS
2009 . 100000 ,
Electronic Frontier Foundation ,
10 .
50
.

M (k, n) = k 2n 1,
n , k .

, ap1 1 (mod p )
p a, p.
, n ,
n a an1 1( mod n).
(Carmichael Numbers).
.
1.12. (, 1899) n
, n ,
p n p 1 n 1.
, ,
, , ,
, , ,
(p1) | (n1) , , .
, ,
- . 1910 .
561. :
561, 1105, 1729, 2465, 2821, 6601, 8911, 10585, 15841, 29341, 41041, 46657, 52633,
62745, 63973, 75361, 101101, 115921, 126217, 162401, 172081, 188461, 252601,
278545, 294409, 314821, 334153, 340561, 399001, 410041, 449065, 488881, 512461.

(Cunningham Numbers) bn an .

51
( a
1).
(Allan Cunningham), (18481928),

1925 . ( . H. Woodall).
, , ,
(John Brillhart, D.H. Lehmer, J.L. Selfridge, Bryant Tuckerman, and S.S. Wagstaff, Jr.) 1988 . ()
AMS 2002 . Factorizations of bn 1, b =
2, 3, 5, 6, 7, 10, 11, 12 Up to High Powers, Third Edition. :
http://www.ams.org/publications/online-books/conm22-index
2.
52
2.
. ,
, (
).
:
.
,
.
,

.

.

, .
2.1.
n = p q ,
p q , .
,
,
A B , :
n = A2 B 2 .
:
1. n:
m = d ne.
(2.20)
2.
53
2. x = 1, 2, ...
q(x) = (m + x)2 n,
(2.21)
, q(x)
.
3. q(x) , , B : q(x) =
B 2 . A = m + x, A2 n = B 2 n =
A2 B 2 = (A + B) (A B), p q ,
p = A + B, q = A B.
. n = 19 691. m =
b nc = 140. n
:
190
13,78
473
21,75
758
27,53
1045 32,33
1334 36,52
1625 40,31
1918 43,79
2213 47,04
2510 50,10
10 2809
53
: (140 + 10)2 n = 532 , n =

1502 532 = 203 97. , 19 691 = 203 97,
10 , 1 ,
1 , ..
.

2.
54
, q 1, p n,
, . , A = (p +
q)/2,
Iter(n) =
n
p+q
bn1/2 c bn1/2 c,
2
2
.. 0(n). , ,
, Iter(n) n1/2 ,
p < 4n1/2 .
, ,
.
,
n 2 B ,
n B ,
.
2.2. (p 1)

1974 . [43].
n , 1 < p < n .
, a, 1 a < p,
ap1 1( mod p).
, p 1
M p1, .. M = (p1)k ,
aM = (ap1 )k 1k 1( mod p). aM 1 = pr
r . , p n,
p ...(n, aM 1)
...(n, aM 1), aM 1 < n.
t
p 1 = pri 1 pr22 ... prt .
(2.22)
(p 1) M

2.
55
, M pri i ,
(2.22). , ...(n, aM 1) .
:
(p-1)
1. B1 .
2. P , ,
B1 :
P = {pr11 , pr22 , ... prkk }, piri < B1 .
3.
M = M (B1 ) =
pri i
pi i P
4. a, 2, aM mod n.
5. ...(n, aM 1), ,
n.
. n = 10 001. B = 10, ,
M (B1 ) = 23 32 5 7 = 2520. , 22520 mod 10 001 = 3579. ,
...(n, aM 1) = ...(10 001, 3578) = 73.
, B1 M (B1 )
( B1 !).
M (B1 ) l ,
, Mi
i, M (B) M1 M2 ... Ml . ,
aM (B) {ai }, a1 = aM1 (mod
n), ai :
Mi+1
ai+1 = ai
mod n, i < l.
, ,
n.
2.
56
(p-1)

, B1 ,
.
,
q p 1, B1 .
B2 B1 , , B2 = B 2 . b
aM (B) mod n, .
q0 < q1 < ... < qs
[B; B2 ].
, (..1).
{qi }
,
, , .
.
p 1 qi ,
n, ci = bqi mod n, ...(n, i 1).
, q ,
qi [B1 ; B2 ].
.
i i = qi+1 qi .
, di ,
D = {2, 4, ..., 2t}. b mod n
D .
:
1. c0 = bq0 mod n, d =...(n, 0 1).
2. d = 1, c1
= bq1 mod n
d =...(n, 1 1) ..
3. ci+1
bqi+1 mod n = bqi +i mod n = bqi bi mod n = ci bi mod n.
(2.23)
2.
57
bi mod n ,
ci+1
n.
.
(p 1)
,
B1 B2 .
[2; B].
(B1 ),
B1 / ln B1 . pr , B , r
, . 13,
log2 p log2 B1
n.
O(B1 log B1 log2 N ).
( 20-25 ).
(p 1) 960119 1, 66
, . (T. Nohara) 2006 .

. ,
O(log2 B2 ) + O(log q(B1 ) ) + 2((B2 ) (B1 ))
n ... n.
, O((B2 )).
(p 1)
p n q t
, p1. , q t
qiti | p 1. , (p 1)
n,
q t p 1 p | n.
2.
58
q t B1 ,
. , ,
q t B2 , (p 1) q r
B1 . , p 1
rk k 2, B1 B2 .
rk :
rk1 B,
B1 < rk < B2 ,
1/k
B1
1/k
< p < min{B 1/(k1) , B2 }.
(2.24)
B2 = cB1 k = 2 (2.24) :
p
p
B1 < r < min{B1 , cB1 }.
B2 ,
B2 B12 ,
p
p
B1 < r < c1 B1 , c1 = c.
(2.25)
, (2.25),
(B1 , B2 ),
. ,
r ,
(2.25), .
q t
p 1, (p 1)
n,
n . RSA
n , p 1 - ,
B2 ,
(p 1) .

a.
p 1
a < n, ak 1 (modp)
2.
k
<
59
p 1. a
<
n,
a2 1 (modp). a
. , (p 1)
a. Pollard on the Play Station 3,

http://www.hyperelliptic.org/tanja/SHARCS/slides09/03-bos.pdf,
, (p 1)

Sony Play Station 3, 8 .
p = 29 n, , p 1 = 28 = 22 7.
a 28 k , ak 1 ( mod p).
:
a
10 11 12 13 14 15 16 17
k 28 28 14 14 14 7 28 14 28 28
14 28 28
28 a < 29 12 k = 28,
6 k = 14 k = 7, 2 k = 4,
k = 2 k = 1. k :
M [k] = (12 28 + 6 14 + 6 7 + 2 4 + 2 1)/28 16, 85
, a < n,
.

(a Fast Fourier Transform)
.
.
[36]. ,
qi [B1 ; B2 ]
2.
60
...(n, i 1), ci = bqi .

ci Gj h =
Q
(ci 1) mod n ci Gj , ...(n, h). ...(n, i
1) > 1, ...(n, h). ,
,
.
www.loria.fr/zimmerma/records/Pminus1.html
,
(p 1) .
.
En n
, .
n M [k]
k a < p, p n.
En
M [k]. ,
(p1)
.
2 , (p 1)-
.
.
2.3. (p + 1)
.
(Lucas)
un , :
u0 = 0, u1 = u, un+1 = P un Q un1 ,
(2.26)
P , Q .
(p + 1) (Williams) (p 1)
p + 1. p
2.
61
n, p + 1
p+1=
k
Y
qiai .
i=1
max{qiai |1
k}. -
r B -,
pai i r ,
B . , B
, p + 1 B -.
, p , B .
:
1. B ,
.
2. 2 < 3 < 5 < ... < pm ,
B ai , pai i < B .
3. R =
Qm
ai
i=1 qi .
p B -,
R p.
4.
, uR .
5. ...(n, uR ) = d. 1 < d < n, .
, Q p

2
P 4Q
= 1,
p
n.
2.4. -
1975 . n
, . -
:
2.
62
1. x0
{xn }, n = 0, , 1, 2, ..., xn+1
xn+1 = (x2n 1) (mod n).
2. i .. d n
|xi xj |, j < i.
3. d =...(n, |xi xj |), 1,
. d n. n/d
, ,
n n/d.
F (x) = (x2 1) mod n xn+1
, , x2 + 1 2-
F (x) = ax2 + bx + c.

xj . ,
(xj xi ) 0 ( mod p), (f (xj ) f (xi )) 0 ( mod p),
, (xi , xj ) ,
(xi+k , xj+k ).
, (xi , xj ),
(xi , xj ), j = 2k , k
1, 2, 3, ..., i
[2k + 1; 2k+1 ]. , k = 3 j = 23 = 8, i [9; 16].
2.
63
int -Pollard (int n)

{ int x = random (1, n-2);
int y = 1; int i = 0; int stage = 2;
while(...(n, abs(x y)) = 1)
{
if (i = = stage ){
y = x;
stage = stage*2; }
x=x x + 1(modn);
i=i + 1;
}
return ...(n, abs(x y)); }

n, x y ,
.
-
(Floyd). , y
y = F 2 (y) = F (F (y)), i
xi = F i (x0 ), yi = x2i = F 2i (x0 ), ...
n y x.
-
.
.
2.1. ( ) > 0.
l + 1 , q , l = 2q ,
,
p > 1 e .
, p = 0, 5
0, 69.
2.
{un }
64
|xi xj |, .
{zn }, zn = un mod q , q
n. {zn } n.
{zn } , q , ,
, , l + 1
, 1/2 0, 69, l
2q 1.4q 1, 18 q .
zi = zj , xi xj 0 mod q xi xj = kq
k Z. xi 6= xj , ,
q n ...(n, xi xj ). q
n1/4 , , 0,5, n
1, 18 n1/4 .
, - ,
q n O(q 1/2 )
O(n1/4 ) .
, n.
, ,
, n, .
, , {yn }
(.. t xt = x0 ,
), x0
F (x) .
.
1. n ,
.
( )
n.
n?
2. 1 .
.
2.
65
2.5. -
(Discrete Logarithm Problem DLP)

Fq g
t k , g k = t.
,
. L DLP
, L,
DLP
, , -
- .

. 5 . [54]
. -
DLP, , -
. Fp , p ,
Fp = {1, 2 ... p 1}. , g Fp
, t Fp
g : t = g k . g (-) ,
t - Fp .
k , g k = t,
(ai , bi ) p 1
xi p xi = tai g bi .
a0 = b0 = 0, x0 = 1.
:
0 < xi < p/3,
(ai + 1, bi ) mod (p 1),

(ai+1 , bi+1 ) =
(2ai , 2bi ) mod (p 1),
p/3 < xi < 2p/3,
(ai , bi + 1) mod (p 1)
2p/3 < xi < p,
(2.27)
2.
66
, ,
xi+1
txi mod p,
=
x2i mod p,
gxi mod p
0 < xi < p/3,

p/3 < xi < 2p/3,
(2.28)
2p/3 < xi < p,
,
i, j , xi = xj . , tai g bi = taj g bj , ,
(aj ai )k bi bj (mod(p 1))
(2.29)
...(aj ai , p 1) = 1, k (2.29)
,

x(aj ai ) + y(p 1) = bi bj
(2.30)
x, y k = x mod (p 1).
...(aj ai , p 1) = d > 1, , (2.30) , ,
(p 1)/d, ..
x = x0 + m(p 1)/d
(2.31)
m [0, d 1] . d - ,
(2.31) g X t mod t.
, ,
, i-
(ai , bi , xi ) (a2i , b2i , x2i ), i,
xi = x2i . i
(aj , bj , xj ) j i, (ai , bi , xi )
(a2i , b2i , x2i ).
. Fp p = 43. g = 2
(..19), ..214 mod 43 = 1.
g = 3
3X mod 43 = 15.
(2.32)
2.
67
, p = 43, g = 3, t = 15. (0 , b0 , x0 ) = (0, 0, 1),

(ai , bi , xi ) (a2i , b2i , x2i ) (2.27) (2.28):
i
ai bi xi a2i b2i x2i
0 10
11
0 21
22
0 11 15
36
0 36 30
11
1 22 31
22
5- xi x2i . (2.30):
x(317)+y(431) 17 ( mod 42),
, 24x+42y 36 ( mod 42).
...(aj ai , p 1) =...(24, 42) = 6 6= 1.

6:
4x + 7y 6 ( mod 42).
(. 1.8)
4x + 7y = 1, A B
( , A B ):
A B A mod B A div B y
-1 2
1 -1
, 7 (1) + 4 2 = 1, , 7 (6) + 4 12 = 6. ,
x0 = x = 12. , d > 1, X (2.32)
(p 1)/d = 7, .. X = x0 + 7k ,
k Z. (2.32) 12, 19, 25, ...,
325 mod 43 = 15. .
2.
2.6.
68

. .
. q0
, . =
q0 +
1
1 ,
1 > 1. 1 , . . . , s1
1 = q1 +
1
2 ,
2 > 1,
...
s1 = qs1 +
1
s ,
s > 1.
:
1
= q0 +
(2.33)
q1 +
q2 + . . . +
1
qs1 +
1
s
= [q0 , q1 , q2 , ... qs1 ]

(2.33).
, s ,
.
,
.
1. =
.
A
B A mod B qi = bA/Bc
72 25
22
25 22
22
72
25
2.
1
72
= 2+
25
1 + 7 +1
69
= [2, 1, 7, 3]
1
3
0 = q0 , 1 = [q0 , q1 ], . . . , s = [q0 , q1 , ..., qs ], . . .
= limn n .
2.
14
. q0 = [ 14] = 3.
1
= 3+( 143) = q0 + .
1
1
14 + 3
14 2
1 =
=
= 1+
, q1 = 1.
5
5
14 3
14 + 2
14 2
5
=
= 2+
, q2 = 2.
2 =
2
2
14 2
2
14 + 2
14 3
3 =
=
= 1+
, q3 = 1.
5
5
14 2
5
4 =
= 14+3 = 6+( 143), q4 = 6.
14 3
:
0 = 3, 1 = 3+1/1 = 4, 2 = 3+
1
1
3.667, 3 = 3+
3.75,
1
1 + 1/2
1 + 2+1/2
20
3.741 ....
27
,
14 , , |s+1 s |
4 = 3
2.
70

Ax2 + Bx + C = 0, A, B, C Z, D = B 2 4AC > 0.
(2.34)
B D
.
=
2A
(2.34)
(2.35)
P = B , Q = 2A
,
P+ D
=
Q
(2.36)
m = [ D].
:
0 =
P +m
Q
(2.37)
r = [P + D/Q] (2.35). , ,
:
1 =
Q
1
Q
=
=
q0
P + D r Q)
D (r Q P )
(2.38)
,
. :
Q ( D + (r Q P ))
1 =
D (r Q P )2
(2.39)
Q|(D P 2 ), Q,
:
D + (r Q P ) P 0 + D
1 =
=
Q0
Q0
(2.40)
2.
71
P 0 = rQ P , Q0 = (D (r Q P )2 )/Q = (D (P 0 )2 )/Q.
{Pn }, {Qn } {qn }:

"
#
P0 + D
,
P0 = B, Q0 = 2B, r0 =
Q0
#
Pj+1 + D
.
=
Qj+1
"
2
Pj+1 = rj Qj Pj , Qj+1 = (D Pj+1
)/Qj , rj+1
(2.41)
:
0 = r0 ,
j+1 =
1 = r0 +
1 + r0 r1
1
=
,
r1
r1
rj+1 pj + pj1
pj+1
=
qj+1
rj+1 qj + qj1
, =
(2.42)
n, D = n, P0 = 0,
Q0 = 1. ,
P0 = [ D], Q0 = D . rj+1 (2.42)
D m = [ D] Qj > 0, D m + 1
Qj < 0.
. , {Pj } {Pj }
[ D], (Pj , Qj ),
k , (P0 , Q0 ) = (Pk , Qk ). k
.
2.7.

x2 ny 2 = 1
(2.43)
-
(J. Pell 1611-1685),
,
(Williams Brouncker 16201684),
2.
72
.
,
(Brahmagupta 598668).
1
:
2.2. n > 0 ,
. x2 ny 2 = 1
(x, y),
{xk /yk }, n, k
.
: xt + yt n = (x0 + y0 n)t ,
t = 0, 1, 2, ... .
3. x2 ny 2 = 1 n = 14.
3 + 14
1
14 2
=
(2)
= 1+
,
(1) 14 = 3+( 143),
5
5
14 3
2 + 14
2
2 + 14
5
14 2
14 3
=
= 2+
, (4)
=
= 1+
,
(3)
2
2
5
5
14 2
14 2
5
= 3+ 14 = 6+( 143).
(5)
14 3
4.
k = 4 ( ):
3 +
1
1+
1
2+
=3 +
1
1
1
1+
1
3
=3 +
3 15
= .
4
4
x1 = 15, y1 = 4 .
152 14 42 = 225 224 = 1. ,
t (x0 + y0 n), t = 0, 1 2, 3 ... . , t = 2
(15 + 4 14)2 = 449 + 120 14, .. (x2 , y2 ) = (449, 120).

,
i {ri } = {3, 1, 2, 1, 6 ... }.
2.
73
,
(2.41),
.
1 ,
:
2.3. n > 0 ,
. x2 ny 2 = 1
,
k .
(x1 , y1 ) () x2 ny 2 = 1,
(xt , yt )
(x1 + y1 n). (x1 + y1 n)

x2 ny 2 = 1.
4. x2 ny 2 = 1 n = 29.
29
, k = 5. , 5-
, (x5 , y5 ) = (70, 13). 702
132 29 = 1. 70+13 29 (x2 , y2 ) = (9801, 1820),

x2 29y 2 = 1.

(the
continued fraction factorization method CFRAC) 1975 .
(.[40]).

x2 y 2 n = 1
{pi /qi }, i = 1, 2, 3, ...
2.
0,
Pk =
b nc,
rk1 Qk1 Pk1 ,
0,
rk =
:
k = 0
k 2.
k = 0
(
b nc,
pk =
qk =
(2.44)
k = 1
n r02 ,
Qk2 + rk1 (Pk1 Pk ),
Qk =
74
k
c,
b r0Q+P
k
(2.45)
k = 1
k 2.
k = 0
(2.46)
k 2.
r0 ,
1 + r0 r1 ,
rk pk1 + pk2 ,
1,
r1 ,
rk qk1 + qk2 ,
k = 0
(2.47)
k = 1
k 2.
k = 0
(2.48)
k = 1
k 2.
,
Si = p2i qi2 n
Si = B 2 . , qi2 n = p2i B 2 =
(pi +B)(pi B), n
c (pi +B), (pi B). ,
...(n, pi B ). ,
Qi , 2.2 -
.

:
11111
2.
k
p2 nq 2
105
105
-86
1 105 86
211
77
67
77
1527
-46
87
46
2319
22
37
97
37
12122 115
-91
88
91
26563 252
25
75
p2 nq 2
25, 252n = 265632 52 .
d=..(n, 26563 + 5) =..(26568, 11111),
d = 41 n.
,
n = 11 111. , 11 111 =
105, 408 728 3..., p5 /q5 =
105, 408 730 1, , 2 106 .
. , CFRAC
,
n,
. 4-
.
2.8.
, ,
SQUFOF SQUare FOrm Factorization
1975 . (D. Shanks),
, .

(J. Gover, S.S. Wagstaff [25]).

2.
76
, 1010 1018 .
,
.
.
x y :
f (x, y) = ax2 + bxy + cy 2 = (x y)
a b
0 c
x
y
!
.
f = ax2 + bxy + cy 2
f = (a, b, c). (a, b, c)
D = b2 4ac.
definite,
indefinite.
.
. f = (a, b, c) g = (p, q, r)
,
!

1, f g :
!
!
!
!

a b

p q
=
0 r

0 c

,

.
, ,
. f = (a, b, c)
,
| D 2|a|| < b < D.
(2.49)
2.
77
, ,

f = (f ), f :
. (f )
,
:

r2 D
,
(f ) = (a, b, c) = c, r,
4c
(2.50)
r
= r(b, c) ,
:
1. r b ( mod 2c),
2. |c| < r |c|, D < |c|,
3. D 2|c| < r < D , |c| < D .

f n
n (f ). 1 :
2

r
D
1 (a, b, c) =
, r, a ,
4a
(2.51)
r = r(b, c) . :
2.4. f
, f k (f )
k . f , (f ) .
.
(a, b, c)
(c, b0 , c0 )
(adjacent), b + b0 0 (mod 2c ).
(a, b, c) , ,
(a, b, c) (c, b, a)
(2.52)

(), , a b
2.
78
,
(a, b, ac)2 (a2 , b, c)
(2.53)
f = (a, b, c2 ),
,
(square). f .
f
f (c2 , b, a), (2.53).
:
g=f
1/2
(a, b,
c2 )
(c2 , b, a) = (c, b, ac).
(2.54)
. (k, kn, c) (ambiguous). , k :

D = (kn)2 4kc = k(kn2 4c).
n,
, f D = 4n,

f (a0 , b0 , c0 ). , ...(a0 , b0 )
n.
:
: n, .
n mod 4 = 1, n 2n.
n mod 4 = 2 3.
,
, .
: n.
1. f = (1, 2b, b2 D),
D = 4n, b = b nc.
2. f = (f ), f
:
while not (f square ) do f = (f );
2.
79
3. f (2.54):
g = (a0 , b0 , c0 ) = f 1/2
4. g = (g),
b0i+1 = b0i . m

. a0 n (
).

. ,
,
(2.44)(2.46)
P, Q r
.
.
fk = (ak , bk , ck ) :
(ak , bk , ck ) = (1)k1 Qk1 , 2Pk , (1)k Qk
(2.55)
SQUFOF
:
SQUFOF n
: n.
: n.
I. .
1. , n . , d =
n, . , .
2. n 1 (mod 4), n 2n. D = 4n, q0 =
b Dc.
2.
80
3. P, Q, r :
P0 = 0, Q0 = 1, r0 = P1 = b nc, Q1 = nr02 , r1 = b2r0 /Q1 c.

II. . P Q
(2.44)-(2.46)
CFRAC ( 2.6):

Pk + b nc
, k 2.
Pk = rk1 Qk1 Pk1 , Qk = Qk2 +(Pk1 Pk )rk1 , rk =
Qk
(2.56)
Pk , Qk rk , k = 2, 3, ... ,
Qk , .
k . Qk = d2 d > 0.
.
III. .
Pj0 , Q0j , rj0 , j = 0, 1, 2, ....
, .
P 0 , Q0 r0 :
0

P
+
b
nc
0
0
P00 = Pk , Q00 = d, r00 =
, P10 = r00 Q00 P00 , Q01 = (N P12 )/Q00 .
0
Q0
$
%
0
+
b
P
nc
j
0
0
0
0
, j 2.
Pj0 = rj1
Q0j1 Pj1
, Q0j = Q0j2 +(Pj1
Pj0 )rj1
, rj0 =
Q0j
,
0
Pj0 Pj+1
. , Qj
n.
.

n = 11 111.
. n mod 4 = 3, r0 = b nc = 105.
2.
81
1. P , Q r
(2.56). , Q
:
k
105
1 105 86
67
77
87
46
97
37
88
91
94
25
Q d2 = 25,
d = 5, .
2. . ,
P 0 .
Qj1 , Q,
n.
P0
Q0
r0
0 -94
1 104
59
73
98
25
107 1
82
41
82
107 1
P 82.
. Q
41 n = 11 111.
, 2-
(
j = 4 k = 6).
2.
82

, ,
w n

C
n1/4 ,
w
2 2
C , 2, 4 .
,
O(n1/4 ) , ,
18
.
83
3.
(Elliptic Curves)
,
. 1985 .,
. (N. Coblitz) . (V. Miller)

.

.
, ,
,
, ,
(. [31]).
(p 1) .
, . (p 1) ,
n,
, , n
,
. (p 1)
(.. 2.2), .

. . ,
, . [8].

.
, ,
, .
[69] . , . , . .

84
[60] [61].
, , 2-
. Elliptic Curves Number Theory and Cryptography. [54]

[16].

.
3.1.
.
Fq , q = pk ,
p 2. Fq
(x, y) Fq Fq ,
y 2 + ay + b = x3 + cx2 + dx + e (mod q).
(3.57)
, ,
.
p 3 (
), (3.57)

y 2 = x3 + ax + b (mod q),
(3.58)
a, b Fq . a b
4a3 + 27b2 6= 0, x3 + ax + b
0, .

q , (3.58)
, , ,
=.
E
+,
.
3.
85
P = (x, y) E , P P =
(x, y). P + (P ) = . P = (x1 , y1 ) Q = (x2 , y2 ),
P 6= Q, :
x3 = 2 x1 x2
y3 = (x1 x3 ) y1
(
y2 y1
x2 x1 , P 6= Q,
=
3x21 +a
2y1 P = Q
(3.59)
Fq
E(Fq ), ( ) #E(Fq ).
, E(Fq )
= Cn Cn , Cn - n,
1
n2 n1 , n2 q 1.
. E(Fq ) - y 2 = x3 +x+1
F23 . P (0, 1).
kP P :
P (0, 1)
2P = (6, 4)
3P = (3, 10)
4P = (10, 7)
5P = (5, 3)
6P = (7, 11)
7P = (11, 3)
8P = (5, 4)
9P = (4, 5)
10P = (12, 14) 11P = (1, 7)
12P = (6, 3)
13P = (9, 7)
14P = (4, 10)
16P = (6, 3)
17P = (1, 7)
18P = (12, 4) 19P = (4, 5)
21P = (11, 3)
22P = (7, 11) 23P = (5, 3) 24P = (10, 7)
25P = (3, 10)
26P = (6, 4)
15P = (9, 7)
27P = (0, 1)
20P = (5, 4)
28P = ()
, 28 . A
k , kA = .
, ,
{1, 2, 4, 7, 14, 28}.
. 3P = (3, 10) 7P = (11, 3).
. = (y2 y1 )/(x2 x1 ): y2 y1 = 3 (10) =
13, x2 x1 = 11 3 = 8. 81 3 (mod 23), = 13/8 =
3.
86
13 3 mod 23 = 16. , x3 = 2 x1 x2 = (162 3 11) mod 23 = 12,

y3 = (x1 x3 ) y1 = (16 12 (10)) mod 23 = 14.
: (3, 10) + (11, 3) = (12, 14).
.
Fq .
(..1.8).
kQ Q
,
kQ Q(x1 , y1 ),
,
. k
k = bt bt1 ... b0 , bi {0, 1}, 2Q, 4Q,
... , 2t Q 2i Q, bi = 1.
. k = 13. k = 1 1 0 12 , ,
13Q = 8Q + 4Q + Q. 16Q 2Q Q.

. ,
.
,
.

Y 2 Z = X 3 + aXZ 2 + Z 3 ,
(3.60)
(3.58)
. E(Fq )
(X, Y, X)
(X, Y, X)
(aX, aY, aX).
(X, Y, X)
3.
87
(0, 1, 0)
. P = (X, Y, Z) 6= , P
P 0 = (x, y), x = X/Z, y = Y /Z , -
.

, (3.58)
2y1 , ,
,
(X 0 , Y 0 , Z 0 ) 8y13 .
,
,
:
2
2 2
2
X3 = 2Y1 Z1 ((3X1 + aZ1 ) 8X1 Y1 Z1 )(modp)
Y3 = 4Y12 Z1 (3X1 (3X12 + aZ12 ) 2Y12 Z1 ) (3X12 + aZ12 )3 (modp)
(3.61)
Z3 = 8Y 3 Z 3 (modp)
1 1
Z3 = Z1 Z2 (X1 X2 X1 Z2 )3 (modp),
:
X3 = (X2 Z1 X1 Z2 )[Z1 Z2 (Y2 Z1 Y1 Z2 )2 (X2 Z1 + X1 Z2 )
(X Z X Z )2 ](modp)
2
Y3 = (X2 Z1 X1 Z2 )2 [Y2 Z1 (Y2 Z1 + 2Y1 Z2 ) Y1 Z2 (X1 Z2 + 2X2 Z1 )]
Z1 Z2 (Y2 Z1 Y1 Z2 )3 (modp)
(3.62)
3.2.
,
,
. (Hasse) ,
#E(Fq ) = q + 1 t,
|t| 2 q .
(3.63)
3.
88
p | t,
(supersingular), (ordinary). ,
p | t p 5 t = 0.

X
#E(Fq ) = pk + 1
(x3 + ax + b),
(3.64)
xFpk
(z) Fq ( , (z) = 1, 1, 0
, z ,
0). ,
(. 1.9).
(3.64) ,
.

. , . . [54], . 4.3, .
98:
3.1. (W. Waterhous). Fq , q = pn N =
q + 1 t. Fq
#E(Fpk ) = N t 2 q :
1. ...(a, p)=1,
2. n , t = 2 q ,
3. n , p 6 1 (mod 3) , t = q ,
4. n , p 6 1 (mod 4) , t = 0,
5. n , p = 2 3, t = p(n+1)/2 ,
6. n , t = 0.
,
q = pn
t O(q 1/2 ).
3.
89
, .
, G k ,
G = kP , P , .. ,
,
.
-
,
, (
Fpk ) . ,
160 1024
RSA (.[74], .132).
3.3.
.
n ,
p. ,
,
, n.
Zn = {0, 1, 2, ..., n1}
EC(Zn ) : y 2 = x3 + ax + b.

( ), . F ,
, ,
, .
, P (x1 , y1 )
Q(x2 , y2 ) , x2 x1
0 n, ,
... (n, x2 x1 ), .

EC(Zn ) P0
3.
90

kP0 = (mod p),
(3.65)
p n.
1. , n
, (3.65) ,

...(n, C) = d > 1

C P0 .
2. ,
1 2 (stage-one and stage-two).
B1 , 1
(stage-one limit).
(p 1) (. 2.2),
p
p. ,
(p 1).

I. :
1. B1 , , B1 = 10000.
2. x, y, a [0, n 1].
3. b = y 2 x3 ax mod n g = ... (n, 4a3 +27b2 ).
g = n, .2. 1 < g < n,
. , E : y 2 = x3 + ax + b
- P0 (x, y).
4. P (x, y) ,
P0 .
II. :
3.
91
1. p < B1 r
, pr < B1 . for (j = 0; j < r; j + +)
P = pP,
P pr . p
,
.86.
2. ,
, B1 , ,
.. (n, P ) = d > 1.
, n .
, B1 ,
.

,
q > B1 , P ,
, (3.65).
1. B2 ,
[B1 ; B2 ] : {q1 , q2 , ..., qm }.
2. q1 P, q2 P, q3 P, ...
B2 , (3.65).
(p 1) ,
qi+1 P qi P i P ,
i = qi+1 qi .
, i P .
.
qi P .
.

2 P q1 P
(3.65).
3.
92
1. n = 455 839.

y 2 = x3 + 5x 5,
P = (1, 1) 10! P .
1. 2P . .P
= (3 2 + 5)/(2y) = 4 P2 = 2P = (x2 , y2 ) =
(14, 53) (modn).
2. , P3 = 3(2P ) = 3P2 .
3P2 , 2P2 ,
3P2 , 2P2 P2 . 2P2 = (259 851, 116 255),
3P2 = (195 045, 123 227).
3. 4!P , 5!P ..
8!P 599
...(n, 599) d = 599. 599 n,
n 599 n: 455839 = 599 761.
, 8!P ,
, y 2 = x3 + 5x 5 ( mod 599) 640 = 27 5 .
y 2 = x3 + 5x 5 ( mod 761) 640 = 27 5 .
8! 640, 777.
p = 599.

,
.
n, , p,
n,
, ,
kP = , k =
Y
a
pi i B1
pai i ,
(3.66)
3.
93
y 2 = x3 + ax + b
Fp .
l = #E(Fp ) . e
p
p
l [p + 1 2 (p), p + 1 + 2 (p)]. Q(x, y)
lQ = , , ,
, , k (3.66)
l . , l
B1 .
(smoothness),
. B
. x
B , x
B . , x = 25 5 132 B - B 13.
,
. ,
l pr , ,
B1 , pr r = 1
B2 . , #EC(Fp ) = 25 5 132 233 B1 , B2
B1 132 = 169, B2 233.
l , pr , p ,
B , B . .
, l
#EC(Fp ), , ,
a b . ,

#EC(Fp ).
2. p = 1007
B1 , B2 k
[1001, 1013], p. :
3.
k
94
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013
B1
16
11
B2
143
167
1003
251
67
503
1007
16
1009
101
1011
23
1013
, n,
p = 1007, B1 = B2 = 16,
B2 , 1007,
. , B1
( = 16), B2
.

.
1987 .
. ,
, ., n
, l ,
B1 .
. [61],
[36] [37].

n p. ,

p
2 + o(1) ln p ln ln p) ,
exp
(3.67)
, B1

p
exp
2/2 + o(1) ln p ln ln p) .
p , B1
,
. ,
,
3.
95

.

,
, , , ,
.
QS
NFS,
n. n RSA
, ,
,
.

QS NFS, (,
RSA NFS 768
), n
.
3.4.
.
-
-

.
2160 a b
. Ep (a, b).
Ep (a, b) G = (x1 , y1 ). G
, n, nG = 0,
3.
96
. G .
Ep (a, b)
, .
:
1. nA < n.
.
PA = nA G,
Ep (a, b).
2. nB
PB = nB G.
3. ,
KA,B :
A KA,B = nA
PB , . B
KA,B = nB PA .
KA,B = nA PB = nA (nB G) = nB (nA G). ,
,
x, y ,
x + y .
, nA , nB G,
, ..
(..
k . kG G).
. 1993
, ( MOV)
([34]), -,
()
(),
.
3.
97

.
2000 . ([27])
- ,
.
, 3.5.

/
.
, ,
Pm (x, y).
, /
Ep (a, b)
G . B nB ,
2 n, n G
PB = nB G, .
k Cm ,
:
Cm = {k G, Pm + k PB }.
,
:
Pm + k PB nB (k G) = Pm + k (nB G) nB (k G) = Pm .
Pm kPB .
k , , PB ,
k PB .
k , G k G. , ..
. k ,
k G. k G
, ,
3.
98
. , k ,
, .
. ,
.
, .
- ASCII, DOS-866
WIN1251
.
(.. 0 255)
- .
, k x kG.
, x [n/2]

U1 (2x, y1 ) U2 (2x + 1, y2 ),
x. , (x0 , y 0 ) U1
U2 x, x0 /2.

ECDSA (Elliptic Curve Digest Signature Algorithm)
ANSI X9F1 IEEE P1363. :
1. Ep (a, b).
n.
2. G Ep (a, b) n, n G = .
3. d (1, n).
4. Q = d G.
5. d, - <
a, b, G, n, Q >.
:
3.
99
1. k (1, n).
2. k G = (x1 , y1 ) r = x1 (mod n).
3. r 6= 0,
. r = 0,
k.
4. k 1 (mod n).
5. s = k 1 ((M ) + dr) (mod n).
6. s 6= 0,
s1 (mod n) . s = 0,
k .
(r, s).
:
1. , r s (1, n).
,
.
2. w = s1 (mod n), H(M ),
3. u1 = H(M )w (mod n), u2 = rw (mod n)
4. u1 P + u2 Q = (x0 , y0 ), v = x0 (mod n)
5. , v = r .

[21] [37].
100
3.5. -

,
( ) ,
.

RSA (160 1024 ),
, .
, 1993 . , . . [34]
,
GF (q) .
(Weils Pairing)
(19061998),
.
E : y 2 = x3 +ax+b Fq , q = pm .
, K
( K ).
p.
E[n] E n
Fq Fq , ..
P (x, y) EC(Fq ), nP = .
Fq , . ,
E[n] ( ,
Zn Zn ) , ,
Fqk . k .

n | (q k 1). n n-
1, Fqk .

e : E[n] E[n] n ,
:
(3.68)
101
() e(A + B, C) = e(A, C) + e(B, C),

e(A, B + C) = e(A, B) + e(A, C),
e(P, P ) = 1 P E[n],
() (P, Q E[n]) e(P, Q) 6= 1,
() e(X, Y ) .
k (
k = 6),

q k . , ,
k ,
. , ,
, k {1, 2, 3, 4, 5, 6}.
E
= EC(GFpr ) ,
#E = pr + 1 t, p | t.
E : y 2 =
x3 + 1 (mod p), p 2 (mod3), E
p + 1 , t = 0 E , 2.
,
, MOV- (MOV-attack)

,
,
. ,
.
2002 . [27]
-. ,
, , ,

102
, , , (identity based open

keys) (. Advances in Elliptic Curve [4]).

MOV
5 . [54].
EC : y 2 = x3 + ax + b (modpr ),
P , Q EC n, n ,
m , Q = mP . m.
e(X, Y ). m
:
1. T EC(Fqk ).
2. M T .
3. d =...(n, M ). d = 1, .1.
, . , .T
n.
4. a = e(P, T ) = e(Q, T ).
5. Fqk ,
m.
, n,
d n
m mod d.
Ti , mi = m mod di ,
di n.
m .
. Q, ,
, ,
m, Q = mP . ,
:
3.2. .Q EC(Fqk ) m ,
103
Q = mP , :
1. nQ = ,
2. e(P, Q) = 1.
3.6.

() ,
.
. . [54].

, .
, P (x) ri
xi ,
P (x) = a
Y
(x xi )ri .
, ..
x y ,
.
E : y 2 = x3 +ax+b K ,
f (x, y) : E K - . f ,
P E , f (P ) = 0
f (P ) = . f ,
f .
f ,
. f
() k P , f
f = ukP g , uP P () ,
g(P ) 6= 0, 6= . uP f
P
104
. y 2 = x3 x f (x, y) = x/y .
f
f (x, y) =
xy
y
1
x xy
= 2 = 3
= 2
=y 2
.
y
y
x x x 1
x 1
, P (0, 0) 1-
f (x, y) = x/y , u(x, y) = y
P (0, 0).
M1 , M2
f (x, y). f
f (x, y)
rP [P ]
P M1
rP [P ],
(3.69)
P M2
rP () P .
3.1. E : y 2 = x3 + ax + b
k . D E
D=
rP [P ],
P E
rP
) rP
.

P ,
rP
6=
0,
(support) D supp(D).
P
k =
rP , P supp(D), D deg(D).
P
,
P E rP P ,
D sum(D).
.

, ,
0.
, (principal divisors).
105
l : ax + by + c,
P1 (x1 , y1 ) P2 (x2 , y2 ) E . l
.P1 P2 , E
.P3 (x3 , y3 ), . P1 , P2
P3 l 1 , . 3 .
, y 2 = x3 + Ax + B :
1

2
B
A
x
1
=x
1+ 2 + 3
,
(3.70)
y
x
x
x1

2
B
A
x
=
1+ 2 + 3 .
y
x
x
(3.71)
(3.70) , x/y 0 .,
(3.71) , x/y
x1 . . x1 . .
2 x. y = x (y/x), .
3 y l = Ax + By + C .
l
div(lP1 ,P2 ) = 1[P1 ] + 1[P2 ] + 1[P3 ] 3[].
(3.72)
.P3 v = x x3 .
.P3 (x3 , y3 ), P3 (x3 , y3 ) .,
div(vP3 ) = 1[P3 ] + 1[P3 ] 2[].
(3.73)
(3.72) (3.73)

Ax + By + C
div
= div(Ax+By+C)div(xx3 ) = [P1 ]+[P2 ][P3 ][].
x x3
P1 + P2 = P3 E ,

[P1 ] + [P2 ] = [P1 + P2 ] + [] + div
Ax + By + C
x x3

.
(3.74)
106
(3.72) (3.73) ,
3.1 lP1 ,P2 vP3 0, ,
, :
3.3. D E ,
0, ,
sum(D) = .

(3.74) f
D , 3.3. f
E : y 2 = x3 + 4x(mod 11),
D = [(0, 0)] + [(2, 4)] + [(4, 5)] + [(6, 3)] 4[].
l , .(0, 0) (2, 4) l = y 2x,
.(2, 4) 2 ,
div(y 2x) = [(0, 0)] + 2[(2, 4)] 3[].
.(2, 4) v = x 2
div(x 2) = [(2, 4] + [(2, 4)] 2[].
,

[(0, 0)] + [(2, 4)] = [(2, 4)] + [] + div

y 2x
.
x2
,

[(4, 5)] + [(6, 3)] = [(2, 4)] + [] + div

y+x+2
,
x2

D = [(2, 4)] + div
y 2x
x2

+ [(2, 4)] + div
y+x+2
x2

2[].
107
(2, 4)] + (2, 4)] = div(x 2) + 2[],

y 2x
y+x+2
D = div(x 2) + div
+ div
=
x2
x2

(y 2x)(y + x + 2)
= div
.
x2
y 2 x3 + 4x,
x 2 , (y 2x)(y + x + 2) = (x 2)(x2 y),
D = div(x2 y).

, (3.76),

K , ..
f (D1 + D2 ) = f (D1 ) f (D2 ), f (D1 D2 ) =
f (D1 )
.
f (D2 )
(3.75)
(3.75) ,
X
Y
f(
kP ) =
f (P )k .
(3.76)
(Weil
reciprocity).
3.4. f g ,
div(f ) div(g) ,
:
f (div(g)) = g(div(f )).

(Weil and Tate Pairings). E : y 2 = x3 + ax + b
108
K , n
E[n] E n:
E[n] = {P E |n P = }.
Zn Zn .
.T E[n]. D = n[T ] n[].
0, . 3.3 f ,
D :
div(fT ) = n[T ] n[].
(3.77)
fT , (3.77),
. .P E[n] .T , ..
kT , k n, T .
DS = [S] [], DT = [T + R] [R],
(3.78)
R E[n].
3.2. ()
en : E[n] E[n] n ,
(3.79)
n n 1 K ,
:
en (T, S) =
fT ([S] [])
fT (DS )
=
.
fS (DT ) fS ([T + R] [R])
(3.80)
(3.75), (3.80)
en (T, S) =
fT (R)fT (S)
.
fS (T + R)fT ()
(3.81)
, .R ,
(3.78) R
E[n]. . ([54])
109
(3.78),
T S . .
.
. E F7 ,
y 2 = x3 + 2.
, E(F7 )[3] ' Z3 Z3 . e3 ((5, 1), (0, 3)).
S = (0, 3), T = (5, 1) R = (6, 1). DS =
[(0, 3)] [], DT = [(3, 6)] [(6, 1)] = [(5, 1) + (6, 1)] [(6, 1)].
, (3.77) S T :
f(0,3) = y 3, f(5,1) =
4x y + 1
.
5x y 1
,
f(0,3) (DT ) =
f(0,3) (3, 6) 6 3
=
2 (mod 7).
f(0,3) (6, 1) 1 3
,
f(5,1) (DS ) = 4.
e3 ((5, 1), (0, 3)) =
2
4 ( mod 7).
4
, 4 1, .. 43 = 64 1 (mod 7).
- .T E[n].
nE {nQ | Q E}, E/nE
E nE .
3.3. ()
n : E[n] E/E[n] Fqk Fqk \ n ,
(3.82)
110
n n 1 Fqk ,
:
n (T, S) =
fT (S + R)
,
fT (R)
(3.83)
R 6 {T, S, T S, }.
,
( 1) P = Q. m
, Q = mP . ,
(P, Q) = (P, mP ) = (P, P )m = b ( mod q).
m,
loga b (modq), a = (P, P ), K = Fq .
, (P, Q)
P Q , n .
, (P, Q)
(q k 1)/n). un :
un (P, Q) = (P, Q)(q
1)/n
(3.84)

f ,
D . .T E[n].
(3.77) n[T ]n[] fn,T ,
n .T .
Dj = j[S + R] j[R] [jS] + [],
(3.3). fj,T
, Dj .
.
111
fn,P (Q)
,
fj,P (Q) j < n :
f1,T (Q) = 1 .Q E(K),

li,j
,
fi+j,T (Q) = fi,T (Q) fj,T (Q)
vi+j Q
(3.85)
li,j = Ax + By + C , .iT jT ,
vi+j = x x0 , . R =
(i + j)T .
A, B C
lP,Q , .P (x1 , y1 ) Q(x2 , y2 ):
1. P = Q.
= (3x21 + a)/(2y1 ) ( mod p).
(3.86)
2. P 6= Q.
= (y2 y1 )/(x2 x1 ) ( mod p).
(3.87)
, P (x1 , y1 )
, y y1 = (x x1 ),
l :
l = y x + (x1 y1 ).
(3.88)
P +
Q = (x3 , y3 ) ( ,
x2 = x1 ):
(
x3 = 2 x1 x2
y3 = y1 + (x1 x3 ).
fP,n
(3.89)
112
1. n = (nt ... n0 )2 .
2. Z f
P 1 .
3. i i = t 1 i = 0:

f = f 2 lZ,Z /v2Z ,
Z = 2Z.
ni = 1, P + Z :
f = f 2 lP,Z /vP +Z ,
Z = P + Z.
4. fP,n = f .
1. y 2 = x3 + 11 F31 .
25 Z5 Z5 .
P = (2; 9) Q = (3; 10), n = 5.
k = 1, .. p1 1 = 30 n = 5. f5,P ,
:
1. n = 5 = (101)2 , t = 2.
2. Z = (2; 9). 3
i = t 1 = 1.
= 3 22 /(2 9) mod 31 = 2/3 mod 31 = 2 21 mod 31 = 11.
l = y x + (x1 y1 ) = y 11x + 11 2 9 = y 11x + 13.
Z = 2Z = (2 2x1 ; y1 (x2 x1 )) = (24; 28)
v = x 24 x + 7.
f2,P = (11x + y + 13)/(x + 7).
ni = 1. .. ni = 0, i
. i = 0.
113
3. Z = (24, 28). .Z : = 22, l2,2 =

9x + y + 4, 2Z = (2; 22), v4 = x 2.
f4,P =
2
f2,P
9x + y + 4 (11x + y + 13)2 (9x + y + 4)

=
x2
(x + 7)2 (x 2)
.. ni = 1, 3 .
.5P = l = x 2, v = 1,
f5,P = f4,P (x 2) =
(11x + y + 13)2 (9x + y + 4)

(x + 7)2
(P, Q), Q = (3; 10).

R . , , R =
Q. S = 2Q = (1; 14).
S R:
f (S) = f (1; 14) = 20, f (Q) = f (3; 10) = 10. (P, Q) = 20/10( mod 31) = 2.
(P, Q), R =
2Q. , , R = 2Q = (1; 14). S = 2Q+Q =
(1, 17).
f (S) = f (1; 17) = 23, f (2Q) = 20. (P, Q) = 23/20 = 12( mod 31) = 2.
,
R .
(q k 1)/n. (31
1)/5 = 6. ,
26 ( mod 31) = 2,
126 ( mod 31) = 2.
2. P = (2; 9) xP = (24; 3).

x y 2 = x3 + 11( mod 31) .
. fP, 5 ,
. (P, P ), R = (15, 10):
S = P + R = (2; 9) + (15, 10) = (3, 10), fP, 5 (S) = 30,
fP, 5 (R) = 7,
114
(P, P ) = 30/7 22( mod 31), a = un (P, P ) = 226 8( mod 31).

(P, xP ), - R = (15, 10):
S 0 = xP + R = (24; 3) + (15, 10) = (6, 14), fP, 5 (S 0 ) = 29,
(P, xP ) = 29/7 13( mod 31), b = un (P, xP ) = 136 16 ( mod 31).
x x = loga b(modp) =
log8 16 ( mod 31). x :
82 mod 31 = 2,
83 mod 31 = 16, x = 3.
115
4.

,
. .
4.1.
20- . XX (Maurice Kraitchik),
, , A2
B 2 = n (2.20), ,
A2 B 2 (mod n)
(4.90)
, q(x) (2.21)
(..
). [46]:
. n = 2041, .
n , , m = 45,
m2 = 2025. {x; q(x)},
q(x) = (m + x)2 n,
(4.91)
x 0 :
{(2; 192), (1; 105), (0; 16), (1; 75), (2; 168), (3; 263), (4; 360), (5; 459),
(6; 560)}.
,
:
192 = 26 3, 105 = 3 5 7, 16 = 24 , 75 = 3 52 , 168 =
23 3 7, 360 = 23 32 5, 560 = 25 5 7.

F B = {2, 3, 5, 7}. ,
,
. ,
. ,
4.
116
v = (r1 , r2 , ... rk ), k
. , 560 v = (5, 0, 1, 1).
,
, :
75 168 360 560 = 504002 , (192) (16) 75 = 4802 .
4.1.
(A, B)
( F ), :
1. A2 B (modn),
2. B F .
, M = {(2, 192), (1, 105),
(0, 16), (2, 168), (4, 360), (5, 560)}, ,
.
? , ,
.
,
,
. , 75 168 360 560
(0, 1, 2, 0) + (3, 1, 0, 1) + (3, 2, 1, 0) + (5, 0, 1, 1) =
(8, 4, 4, 2).

2, ..
F2
{0, 1}, M
,
2 .
k F2 = {0, 1}
Lk k ,
, k , ,
,
. ,
,
2.
4.
117
0,
1,
. ,
, ,
k + 1 , k .
, k+1 , ,
4.90 ,
, ,
.
1981
[22]
. ,
,
, ..
.
4.2.
1982 .
, , .
, p F B x
, q(x) 0 ( mod p), p q(y), y
x , p, .. y = x+kp, k Z. ,
p x q(x) 0 ( mod p),
y , y x (mod p) q(y) 0 (mod p).
:
1. [L; L],
,
2. W [L .. L] q(x)
x [L; L],
3. p F B 0 x < p
4.
118
,
q(x) 0 mod p
(4.92)
, 2 ,
.
4. x (4.92)
xk = x + kp [L; L], k Z,
W [xk ] p.
p
pk < B , B .
W [x] W
1. (x, q(x)) .
(4.90)
, , -
, 1 .

,
.
,
(A; B),
(4.90). ,
n
k > 1, ,
k = 3 k = 4.

.
(the Quadratic Sieve).
, 1994 . , ,
129- , RSA.
4.
119

.
(A, B),
A2 B mod n.
(4.93)

, .
,
.
L
, .
,
,
. , 129-
RSA , 524338 .
k .
n, k 0 (A; B), k 0 k + 2.
k k 0
F2 = {0, 1}
. ,
M (x, q(x)).
(A, B), (4.90),
A=
(x + m) mod n, B =
xM
q(x) mod n.
(4.94)
xM
...(n, A B).
( 1 n),
(A, B).
.
4.
120
4.3.

:
I. :
1. ,
B : F B = {2, 3, 5, . . . , pk }.
n 10100 106 107 .
2. , F B p,
n p.
,
n = k 2 mod p
k . p
.
O (log n log p) (. [17], . 29-31), ..
n.
3.
q(x) = (x + m)2 n = x2 + 2mx a,
(4.95)
m = [ n] a = n m2 .
(p)
(p)
4. p F B , r1 , r2
q(x) = 0(modp)
(4.96)
p
0, 1, . . . , (p 1)/2 (4.96), .
p (D. Shanks, Tonelli),
. 1.14, O(log2 p).
4.
121
,
(p)
(p)
: r1 + r2
= 2m(modp). ,
(p)
(p)
p F B < p, r1 , r2 > .

q(x) = 0(mod pk )
k > 1,
(4.97)
pk < B .
p = 2 p > 2:
p=2. :
a) a (4.95) . (4.97)
x, x = 2y + 1,
(2y + 1)2 + 2m(2y + 1) a 0 mod 4 1 + 2m a 0 mod 4.
(4.98)
, (4.95)
k > 1. (4.98) ,
y = 2y + 1 (4.97), 4
.
(4.97).
b) a (4.95) . , (4.97)
x, x = 2y ,
4y 2 + 4my a 0 mod 4 a 0 mod 4.
(4.99)
:
: n = 3159302165809317095910228615234377.
n = 56207669990930215, a = n m2
m
603298676152881520
p = 2
, B = 1500,
, B , 10: 210 = 1024 < B .
4.
122
m mod 1024 = 897, a mod 1024 = 856.

(4.99) :
x2 + 1614x 856 0(mod 2k ).
a 0(mod 4), x = 2y .
x = 2y :
4y 2 + 4 807x 856 0 (mod 2k ).
4:
y 2 + 807y 214 0 (mod 2k2 ).
(4.100)
:
1. k=3. (4.100) 8.

y 2 + y 0 (mod 2),
y .
2. k=4. (4.98) 16.

y 2 + 3y 2 0 (mod 2),
y 2 (mod 4) y 3 (mod 4).
3. k > 4 (4.98)
.
z = y + 2k r , y
(4.99) , r - ,
. z = y + 2k r s(z) = z 2 + 807z 214
0 (mod 2k+1 ):
(y + 2k r)2 + 807(y + 2k r) 214 0 (mod 2k+1 )
s(y) + 807 2k r 214 0 (mod 2k+1 ).
4.
123
, s(y) 0 (mod 2k ),
2k :
f + r 0 (mod 2), f = [s(y)/2k ] (mod 2).
(4.101)
, z = y+2k f , f
(4.101).

k + 1 = 5 y {2, 3}:
f = ((y 2 + 807y 214) mod 8)/4 = ((y 2 + 7y 6) mod 8)/4
1. y = 2, f = ((4 + 14 6) mod 8)/4 = 1.
z1 = 2 + 4f = 6 z = 6 + 8t, t Z .
1. y = 3,
f = ((9 + 21 6) mod 8)/4 = 0.
z2 = 3 + 4f = 3 z = 3 + 8t, t Z .
p> 2

q(x) = (x + m)2 n = x2 + 2mx a 0 (mod pk ),
(4.102)
p > 2.
z n p. ,
(4.102) k = 1
x = (m z)(mod p).
, x (4.102)
k 1. k + 1.
y = x + pk+1 r , r .
y (4.102):
(x + pk+1 r)2 + 2m(x + pk+1 r) a 0 (mod pk+1 ).
:
q(x) + 2(x + m) pk r 0 (mod pk+1 ).
4.
124
q(x) 0 (mod pk ),
pk . :
f + 2(x + m)r 0 (mod p),
f q(x)/pk p.
f = 0, r = 0 y = x. ,
u,
2(x + m) Fp , y :
y = x uf pk+1 .
(4.103)
II.

L. W
2L. q(x) W
q(x): W [x] = logq(x) log(2m) + logx
x [L; L], .
. , n 34
,
.
- ,

,
W . , < 19, 3, 10 >
FB, , 19 q(3), q(10),
q(y), y [L, L], y 3 mod 19 y 10 mod 19.
, x 3 mod 19, L, W [x]
log19, , x x+19, W [x] log19
.. [L, L].

, . , ,
< 19, 22, 105, 2 > .
q(x) , x 22 mod 361 x 105 mod 361
4.
125
361 = 192 .
, em 19,
[L; L] c 361 361, 19.
q(x) ,
, W [x] ,
0 ( - ).
,
,
B.
[L; L] q(x) = x2 + 2mx a
. m
a 0(n1/2 ). , L
m, q(x) 0(L n1/2 ).
,
q(x), B/, c ,
, , c = 10,
,
q(x) [L; L]:
k logB/c (L2 n1/2 ).
34- n
B = 104 , c = 10, L = 2 106 , ,
k log103 (4 1012 1017 ) 10.
,
, , , 10 .

Smooth = {x1 , x2 , ..., xk },
[L, L], q(x)
4.
126
. L
.
q(xi )
, .. ,
Smooth.
, ,
[L, L]
Smooth.
.
Smooth
V ec[1..k, 0..sz ], sz
+ 1. V ec[i, 0]
:
(
V ec[i, 0] =
0, q(xi ) > 0,
1, .
V ec[i, j] ,
FB pj q(xi ). V ec[i, j]
j = 1, 2 ... log2 q(L).
4.4.

F2 = {0, 1}, m
k .
Amk X = 0.
(4.104)
,
j -
2. k m
. ,
,
(. ).
4.
127
.
,
106 106 .

, , (Lanszos
Block method). ([38])
.
([23]).
.
.
,
, .
i
SystM atr[1..m, 1..k]. i- 1
, 0. SystM atr[i, i] = 1,
. SystM atr[i, i] = 0,
i- , SystM atr[i, i],
SystM atr[i, j] = 1 i < j k . SystM atr[i, j] =
1 , i j ,
SystM atr[i, i] .
, SystM atr[i, j]
. SystM atr[i, i]
, , i .

.
4.5.
[47]. ,
(0, 1) ,
L L + N .
q(x) [L, L]
4.
128
max q(x) 2n1/2+ . ,

q(x), x [L, L], B , B
. (X, B) B -
[1, X].
(X, B) B = x1/2 :
X
1/2
(X, X ) = X
[X/p],
(4.105)
X 1/2 <pX
p [1, X]. ,
, X 1/2 X 1/2 .
[1, X] , -
p, X 1/2 < p < X . p
bX/pc (.. X/p). ,
[1, X], (x),
X/ ln X .
(X, X 1/2 ) = X 1
1/p + 0(X/ ln X).
(4.106)
X 1/2 <pX
,
X
1/p = ln ln t + C + 0(1/ ln t),
(4.107)
pt
C. ,
X
X
X
1/p =
1/p
1/p = ln ln X ln ln(X 1/2 ) + 0(1/ ln X 1/2 ) =
X 1/2 <pX
pX
pX 1/2
= ln 2 + 0(1/ ln X).
(4.106),
(X, X 1/2 ) = (1 ln 2)X + 0(1/ ln X 1/2 ),
(4.108)
(X, X 1/2 )
1 ln 2 x
X
(4.109)
4.
129
, 30 % , X ,
B
X .
X 1/u
. (K. Dickman [1930]):

(X, X 1/u )
(u),
X
(4.110)
(u) u > 0 .

u0 (u)+(u1) = 0 u > 1 c (u) 1 [0, 1].
(u) uu .

u
(u) 0.25 3, 7 102 3, 9 104 3, 2 104 2, 1 105 1, 2 106 5, 96 108

, X/(X, X 1/u )
.
ln ln B .
, , .. (B) (
,
, .. p
n). , T (u)
T (u) = (B) ln ln BX/(X, X 1/u ) X 1/X u1/u .

(4.111)
. :
ln T (u) =
1
ln X + u ln u.
u
0, u2 (ln u + 1) = ln X ,
1/2
u (2 ln X/ ln ln X) B e 2 ln X ln ln X) .
(4.112)
B (4.112) X = n,
n
4.
130
c ln n ln ln n
T (n) = e
c (1, 2).
(4.113)
L(k, n)

Ln (; c) = exp (c + o(1))(ln n) (ln ln n)1 ,
(4.114)

1/2
1/2
T (n) = Ln (1/2; c) = exp (c + o(1))(ln n) (ln ln n)
,
4.6.
(4.115)
n = 750513679, m n = 27396, a = n m2 = 27137.

(4.95) :
q(x) = x2 + 54792x 27137
(4.116)
. n
(4.111)
p

. , B exp
2 ln n ln ln n) 104
. B 100.
I.
1. B = 100. , B ,
25. p np = n mod p
g = Leg(np , p). g <> 1, p
. 14
F B = {2, 3, 5, 11, 17, 23, 29, 43, 47, 53, 59, 61, 67, 83}.
2. p ,
, x2 np (mod p), np = n mod p,
4.
131
(x, p) Roots:
Roots = {(1, 2), (3, 1), (5, 2), (11, 5), (17, 5), (23, 9), (29, 1), (43, 35), (47, 17),
(53, 36), (59, 7), (61, 22), (67, 39), (83, 17)}.
3. Roots2, < x, p, r >, x
q(x) 0(mod pr ) 2 r k, pk B .
4. L ,
[L; L] .
14,
16. ,
L = 300.
5. W [L .. L]
q(x), x [L, L].
, , a = 2 e = 2, 71828....
n .
56
. 2
.
6. LogF B[1..14],
: LogF B[i] = log pi .
II.
1. ,
[L .. L]. ,
,
x [L .. L], x r(modp),
r q(x) 0 (mod p). ,
Roots[1..14].
2. p
. {r1 , r2 } q(x) 0 (modp).
4.
132
ri x [L, L], x
r(mod p), :
while (x L) {
W [x] = W [x] log p;
x = x + p; }
p F B ,
. ,
x k > 1, W [x] = W [x]log p
- , .. x
k W [x] k 1 .
3. p
W [L, L] , 0 ( , ,
1 ). x W [x] 0
Smooth, .
Smooth 16 :
{224, 166, 155, 99, 77, 40, 23, 21, 13, 12, 11, 22, 32, 41, 46, 268}.
4.
p, q(x),
[L, L],
Smooth. .
V ec[1..16, 0..14],
. V ec[i, j]
Smooth,
, pj xi . V ec[i, 0]
q(xi ), 0, q(xi ) > 0, 1,
. :
4.
x
q(x)
133
-224 -12196095
3 5 232 29 53
-166
-9040779
32 11 29 47 67
-155
-5769579
3 17 29 47 83
-99
-5387470
2 5 11 17 43 67
-77
-4185918
2 38 11 29
-40
-2162943
37 23 43
-23
-1232550
2 33 52 11 83
-21
-1123054
2 172 29 67
-13
-684990
2 33 5 43 59
-12
-630223
11 23 47 53
11
629970
2 3 5 11 23 83
22
1233045
32 5 11 47 53
32
1781505
32 5 11 59 61
41
2275290
2 34 5 532
46
2549685
3 5 43 59 67
268
14783217
3 174 59
5. p FB ,
p :
p
2 3 5 11 17 23 29 43 47 53 59 61 67 83
#p 6 9 8
1 , p = 61
q(32). 61 , q(32)
Smooth. ,
(
1, - , 0, - ).
6. A 14 15,
(
1, pi q(xj ) ,
A(i + 1, j) =
0, .
q(xj ).
4.
134
III.
A
15 14 , ..
. A
2. ,
0, 1. ,
14. 15 , , ,
, ,
,
. , 0,
1, ( 2).

, (. [38]).
.
4.7.
n =
2041. m 45, n = m2 + 16 q(x)
(x + m)2 n = x2 + 90x 16. L = 5
q(x) [-5; 5]:
x
-5
-4
-3
-2
-1
q(x) -441 -360 -277 -192 -105 -16 75 168 263 360 459
F B = {2, 3, 5, 7 }
q(x) [-5; 5] .
:
x
-5
-4
-2
-1
q(x) 32 72 23 32 5 26 3 3 5 7 24 3 52 23 3 7 23 32 5
1. .
,
4.
135
q(x) 1, q(x) < 0, 0, .

2. :
x
2 3 5 7
441 1 7 0 0 2
360 1 3 2 1 0
192 1 6 1 0 0
105 1 0 1 1 1
16
1 4 0 0 0
75
0 0 1 2 0
168
0 3 0 0 1
360
0 3 2 1 0
1 1 0 0 0
1 1 0 1 0
1 0 1 0 0
1 0 1 1 1
1 0 0 0 0
0 0 1 0 0
0 1 0 0 1
0 1 0 1 0

8 8
(
, )
:
-5
-4
-2
-1
-5
-4
-2
-1
0

0

0

1
.
- , ,
6, , :
X = {2, 0, 1}.
Y
A=
(x+m) = (452)45(45+1) = 89010,
xX
B2 =
q(x) = 4802
xX
... (n, A
B)=... (2401, 88530) = 13, n.
q = 157 ... (n, A + B),
n 13. , 7, 8
4.
136
:
... (n, A + B) = n, ... (n, A B) = 1

Pascal
( mt, nt ).
A mtnt,
mt nt. OrdRow[1..mt] .
OrdRow[i] = i 1 i mt.
A[k, k]
, OrdRow :
Procedure Gauss(mt,nt:int64;var A,E:SysMatr);
var
i,j,k,c:integer;
Begin
k:=1; { k enumerates rows of matrix }
While k<=mt do
begin
j:=k;
{Search for a non-zero element in the column k:}
while (A[OrdRow[j], k] = 0) And (j <= mt) do inc(j);
if j > mt then { Case when all elements below A[k,k] are 0 }
begin
inc(k); continue;
end;
If j > k then { Case A[k,j]>0.Exchange k and j rows }
begin
c := OrdRow[j]; OrdRow[j]:=OrdRow[k];OrdRow[k]:=c;
end;
i:=k;
4.
137
{Making column k equal to 0 below A[k,k]}

while i < mt do
begin
inc(i);
If A[OrdRow[i], k] = 1 Then
begin
For j := 1 To nt do
A[OrdRow[i], j] := (A[OrdRow[i], j] + A[OrdRow[k], j])mod2;
For j := 1 To mt do
E[OrdRow[i], j] := (E[OrdRow[i], j] + E[OrdRow[k], j])mod2;
end;
end;
inc(k);
End; { of cycle by k}
End;
4.8.

Large Prime Variations (LPV).
.

q(x), x [L; L], q(x) = Px Cx ,
Cx , Px
, B , B 2 ,
Px . Px
, ..
, B . .
, , ,
x , .
x [L; L],
y = q(x)
B 2 , Px .
, y1 , y2 , ..., yk , k 2,
4.
138
yi = g(xi ), L xi L, Px . ,
k 1
g1 = y1 y2 , g2 = y1 y3 , ..., gk1 = y1 yk ,
, gj = Px2 C1 Cj+1 , ,
,
.
, ,
,
, ,

. , ,
,
B
.
B 2 , ,
, ,
Px , Px ,

, ,
[B; kB], k 10 100.
129- ,
RSA, . . 1994 .
LPV
.
,
.
( ) B 3 , ,
[B; B 2 ],
[B 2 ; B 3 ]. ,
[B 2 ; B 3 ] ,
2y1 6 y . y ,
4.
139
, , , (,
). ,

, B 2 -
.

.
4.9.
(). .
(multiple
polynomial quadratic sieve MPQS).
:
za,b (x) = (ax + b)2 n = a2 x2 + 2abx + b2 n,
a, b Z.
(4.117)
,
x [L, L]. za,b (x)
x [L, L] a2 K 2 n,
p
n. a 2n/M ,
. b
, b2 n a, b2 n = ac, c Z.
(4.117)
za,b (x) = a(ax2 + 2bx + c).
,
a. a = t2 , t Z.
4.
140
q(x) = ax2 + 2bx + c

Y
(ax2 + 2bx + c) = A2 ,
xM

Y
xM
za,b (x) =
t2 (ax2 + 2bx + c) = (tA)2
xM
2L + 1
q(x) = za,b (x)/a = ax2 + 2bx + c,
p
L n/2. b2 n a , b2 n(mod t2 ).
t , n
t, b .
,
L. L
,
, . L ,
,
, a,b.
, ..
, . ,
L ,
, .
, L.

(self initializing quadratic sieve) ,
L,
.
,
a b, 0 < b < a/2.
4.
141
a, b, c ,

ax2 + 2bx + c 0 ( modp)
(4.118)
p < B , B ,
t2 n( modp)
(4.119)
. (4.119) , tp
( ). (4.118)

r1 = (b + tp )a1 ( mod p), r2 = (b tp )a1 ( mod p).
(4.120)
,
a1 ( mod p) p F B .
za,b (x) = a(ax2 + 2bx + c), a
.
za,b (x) ,
ax2 + 2bx + c. a
b. a =
q1 q2 , ... qs , qi F B .
b, b2 n (mod a). 2s b (moda),
. ,
za,b (x) , za,b (x).
2s1 a.
Bi , 1 i s, :
Bi2 n (mod qi ),
Bi 0 (mod a/qi )
(4.121)
b = B1 B2 ... Bs ( mod a),
(4.122)
4.
142
b
Bi .

, 1988 ([48]). (William Hart)
SIMPQS (
http://www.friedspace.com/QS),
GMP).
4.10. (Zhang Special QS)

(Zhang Special Quadratic Sieve) 1998
. ([55]).
, ,
n. n , m ,
n1/3 . n m- :
n = m3 + a2 m2 + a1 + a0 .
(4.123)
ai
. m
. b2 , b1 , b0
Z,
x = b2 m2 + b1 m + b0 .
(4.124)
:
m3 a2 m2 a1 m a0 ( mod n)
m4 (a22 a1 )m2 + (a1 a2 a0 )m + a0 a2 ( mod n),
(4.125)
,
x2 c2 m2 + c1 m + c0 , ( mod n),
(4.126)
4.
143
c2 = (a22 a1 )b22 2a2 b1 b2 + b21 + 2b0 b2

c1 = (a1 a2 a0 )b22 2a1 b1 b2 + b21 + 2b0 b1
c0 = a0 a2 b22 2a0 b1 b2 + b20 .
b0 , b1 , b2 , c2 .

b2 = 2,
b1 = 2t,
b0 = a1 a22 + 2a2 t t2 ,
(4.127)
t . (4.127)
(4.125),
x(t)2 y(t) ( mod n)
x(t) = 2m2 + 2mt + a1 a22 + 2a2 t t2

y(t) = (4a1 a2 4a0 (4a1 + 4a22 ) t + 8a2 t2 4t3 ) m+
+4a0 a2 8a0 t + (a1 a22 + 2a2 t t2 )2 ).
, t
, (x, y) ,
.

(4.123), .
.
, , n = 2601 1.
, , ,
, n:
n = 3607 64 863 527 n0 ,
n0 170- .
4n = 2603 4 = (2201 )3 4 = m3 4,
m = 2201 . x(t), y(t) :
x(t) = 2m2 + 2mt t2 ,
y(t) = (16 4t3 )m + 32t + t4 ).
4.
144
y(t) t 4- , t
. ,
, ,
. , ,
,
, ai , .

, .

.
5.
145
5.

. , 1988
. (. [44]),
Z ,
, .

2n c,
(the Special Number Field Sieve SFNS).
. , . , . . (.[32])
1990 ., 9
9
22 . b c 1
(.[11]).
,
.
(the General Number Field Sieve GFNS).
, Ln (1/3, c)
Ln (, c) (4.114), ..
= 1/2 = 1/3
.
.
. . [33],
Springer 1993 .,
. ,
: [12], [13],
[21], [23], [32], [46], [47], [64].
GNFS.
, , [12].
5.
146
5.1.
n , .
,
q(x) = (m+x)2 n
x [L; L]. ,
L = O(1010 ) n = O(10100 ) q(x) O(1060 ). ,
.

2 q(x) = (x + m)2 n,
,
Pd (x) d 3, Pd (m) = n
m, Z
Z[], Z
, Pd (x).

,
.
,
.
, ,
, Pd (m) = n m,
Pd (x)
Pd (x),
q(x), .

.

, ,
5.
147
:
1. d 3 (
d = 2,
).
2. m, bn1/(d+1) c < m < bn1/d c, n
m:
n = md + ad1 md1 + ... + a0 .
(5.128)
,
f1 (x) 1, , . 169 ,
.
3. (5.128) Z[x] (
x )
f1 (x) = xd + ad1 xd1 + ... + a0 .
(5.129)
4. F1 (a, b)
a b:
F1 (a, b) = bd f1 (a/b) = ad +ad1 ad1 b+ad2 ad1 b2 + ... +a0 bd .
(5.130)
, , F1 (a, b)
a bx Q[],
Q
f1 (x) (.. 184).
N r(h1 (x)h2 (x)) = (N r(h1 (x))N r(h2 (x))
Z[] .
5. f2 (x) = x m
F2 (a, b) = a bm.
(f1 , f2 ) , :
f1 (m) f2 (m) ( mod n ),
(5.131)
5.
148
, , ..
. m n, .
6. L1 L2 ,
SR = {1 b L1 , L2 a L2 },
(sieve region).
7. f1 (x).
Z[] ( ,
).
F B1,
a b (5.130), .

K = Q[].
F B1
B1 .
8.
F B2 ,
,
B2 .
9. , a K
, x K ,
x2 = a.
,
,
1 c d ,
. F B3 .
F B1 F B3 =
(the Quadratic Character
Base).
10.
{a b | (a, b) SR} F B1
{a bm | (a, b) SR} F B2 c
5.
149
M ,
(a, b). (a, b)
, ...(a, b) = 1, a b
a bm
F B1 F B2 .
M ,
- , .
11. S

Y
N r(a b) = H 2 , H Z,
(a,b)S
M ,
(a bm) = B 2 , B Z.
(a,b)S
,
F2 = {0, 1},
S .
12.
Y
0
2
(a b),
g() = (f1 ())
(5.132)
(a,b)S
f10 (x) f1 (x).

13. , g()
Z[].
g() B 2 ,
() B .
14. () (m). : m

ZK Z, :
Y
A2 = g(m)2 ((g()2 ) (f10 ())2
(a b)
(a,b)S
(f10 (m))2
Y
(a,b)S
(abm) (f10 (m))2 C 2 ( mod n )
(5.133)
5.
B
150
= f 0 (m) C , (A, B),

A2 B 2 ( mod n).
n ,
, ...(n, A B).

,
n = 45113. . [12].
n = 45 113. n1/3 = 35, 4...,

m = 35. n m ,
n = m3 + m2 + 28m + 33.
,
m 1 = 34. m
, 1 m 1-
. :
n = m3 + m2 + 29m 2.
m ,
1 m . :
n = m3 + 2m2 6m 2.

F1 (a, b) ,
.
m m1/(d+1) m1/d ,
.
ai
1 ai+1 , f1 (x)
5.
151
xi (x m). , ,
f1 (x) g(x) f2 (x), g(x)
, (5.131).
, m ()
f1 (x) g(x) f2 (x)
(f1 (x), f2 (x)),
.
. ([41]).
5.7.
m = 31
n = m3 + 15m2 + 29m + 8.

.
5.2.

F B2 . a bm
Z, F B2
, B1 . B1
106 107 .
n = 45113 B1 = 30 F B2 =
{2, 3, 5, 7, 11, 13, 17, 19, 23, 29}, 10 .

c d ,
Z K . ,
, (. [12], .3.1.7)

(p, r):
5.
152
5.1. ZK

(p, r) , p , 0 r < p, f1 (r)
0 ( mod p).
,
Z K , B1 (p, r),
p B1 , r [0, p 1], f1 (r) mod p = 1.
B1 = 103. F B1
(.1).
1

(p, r)
(p, r)
(p, r)
(p, r)
(2, 0)
(41,19) (67,44)
(89,62)
(7, 6)
(43,13) (73,50)
(89,73)
(53,1)
(97,28)
(17,13)
(79,23)
(23,11) (61,46) (79,47) (101,87)

(29,26)
(67,2)
(79,73) (103,47)
(31,18)
(67,6)
(89,28)

p. ,
f1 (x) mod p.
:
5.2. GFq = GFpk xq x

q1
Y
x x=
(x i).
q
(5.134)
i=0
p
:
5.
153
1. g(x) =...(f1 (x), xp x).

f1 (x), p. ,
, g(x) = 1, f1 (x) p.
2. 5.2 g(x b) | xp x
xp x = x(x(p1)/2 + 1)(x(p1)/2 1) b, 0 b < p
(5.135)
3. 5.135 g(x) mod p.

f1 (x) = x3 + 15x2 +
29x + 8, p = 67:
1. g(x) =...(f1 (x), xp x) =...(, x6 7 x) = x3 +
15x2 + 29x + 8. g(x) = f1 (x), , f1 (x)
f1 (x) 67.
2. b = 0 (5.135)
g(x) = x3 +15x2 +29x+8 | x(x33 +1)(x33 1)
g(0) = 8 6= 0, x = 0 g(x).
3. ...(g(x), x33 +x) = x2 +21x+21, ...(g(x), x33
x) = x + 61, x = 61 6 ( mod 67 ).
g1 (x) = x2 + 21x + 21 x2 +
21x 46 ( mod 67 ). , ,

D = (21)2 + 4 46 = 2998 50 ( mod 67 ).
b.
(5.135) b = 1, ...(g(x 1), x33 + x) = g(x 1)
...(g(x 1), x33 x) = 1. , g1 (x1 )
b = 1 .
b = 2. ...(g(x 2), x33 + x) = x + 21
...(g(x2), x33 x) = x+63, x = 21 46 ( mod 67 ), x = 63
6 ( mod 67 ). x = 44 x = 2 f1 (x) ( mod 67 ).
.
5.
154
, , .
B3 > B2
B2 B3 . B3 ,
[B2 , B3 ] 104 105 .
B3 ,
(. Buchler et alt. [13]).
B3 = 109,
, (..2).
2

(p, r)
(p, r)
(p, r)
(107,4) (107,80) (109,99)

(107,8) (109,52)

s = 10 +
23 + 5 = 38. ,
40 ( a
bm ,
(.. 4.4).
,
, ,
.
5.3.
, ,
.
5.
155

SP = {(a, b) | 1 b L2 ; L1 a L1 }.
(5.136)
,
b,
1, 2, ..., L2 , b1
a, L1 L1 .
[45], 1993 .,
, p (p, r),
. p
.
b = i, |a| L1 ,
Lp,r = {(a, b) SR | a br 0 ( mod p)}.
,
F1 (a, b) 0 (mod p), .. p,

F1 (a, b)/p,
F1 (a, b).
,
, , .

.
([67])
a = x0 b, x0
f1 (x). ,
F1 (a, b) ,
.
5.
156
n = 45113
n = 45113
L1 = 1000 b, 1, 2, ...,
40 . .3.
3
,
(a, b)
(a, b)
(a, b)
(a, b)
(a, b)
(a, b)
(a, b)
(73,1)
(2,1)
(1,1)
(2,1)
(-3,1)
(-4,1)
(-8,1)
(-32,1)
(-56,1)
(-61,1)
(-104,1)
(-3,2)
(-25,2)
(-33,2)
(8,3)
(-2,3)
(-17,3)
(-19,4) (-48,5)
(-54,5)
(-313,5)
(43,6)
(8,7)
(-11,7)
(-38,7) (-44,9)
(-4,11)
(-119,11) (-856,11) (-536, 15)
(-5,17)
(-5,31) (-9,32) (202,43)
(-13,1)
(-116,1)
(-14,1) (-15,1)
(5,2)
(-24,55)
,
, (

).
,
.
F1 (a, b) F2 (a, b)
.
n = 45113
M .
.
F2 (8, 3) = 83m = 85 = 20 30 51 70 110 130 171 190 230 290 ,

v(8, 3) = (1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0)
5.
157
0
a bm, 1, .

N r(a, b) = F1 (8, 3) = 5696 = 26 891 .
24.

,
S (a, b),
F1 (a, b) F2 (a, b)
F B1 F B2 .

(a, b) S (p, r) .
, (a, b) S , (p, r) F B3 ,

a br
.
p
(5.137)
.
|S| . k =
s1 + s2 + s3 + 2 , F2 = {0, 1}.
si ,
F Bi .
,
(a, b),
. a bm
0, 1.
s1 , a bm F B2 .
2.
F1 (a, b) F B1 ,
2. , s3
5.
158
, (5.137). ,
F1 (a, b) ,
.

(..4.4).

, (.[38]).
,
, .
n = 45113, .
[12].
4
M ,
(a, b)
(a, b)
(a, b)
(a, b)
(1,1)
(-104,1)
(8,3)
(43,6) (-856,11)
(-3,1)
(-3,2)
(-48,5)
(-13,1)
(-25,2)
(-54,5) (-11,7)
(x)
(a, b)
(8,7)
a bx, (a, b)
S :
(x) =
(abx) = 2051543129764485x2 +15388377355799440x+
xS
+24765692886531904
(5.138)
.
, N r((x))
. , (x) = 2 (x)
5.
159
, N r(g(x))
Z. .
. Q[ 3],
f (x) = x2 3. v = 2 + 3
Q[ 3] (2, 1) B = (1; 3).

, (.169), N r(v) = v12 3v22 = 1.
, Z ,
v Q[ 3], .. v = w2 w = ( 6 + 2)/2,
w 6 Q[ 3]. , :
1. ,
(. .7)
Z K Q[],
Z[] ,
Z K .
. K = Q[ 5] g = (1 + 5)/2
, .. f (x) = x2 + x 1,
Z[ 5].
, ,
:
5.3. K = Q[] ,
Q Q f (x).
(x), Z K , h(x) =
(x) f 0 (x) Z[], f 0 (x)
f (x).
, Z[] GNFS,
Q
(x) = xS (a b) f1 (x):
g(x) = (f10 (x))2 (x).
(5.139)
g(x)
n = 45113:
g(x) =
(f10 (x))2 (x)
= (3x +30x+29)
xS
(abx)
5.
160
22455983949710645412x2 +54100105785512562427x+22939402657683071224
(mod (x3 + 15x2 + 29x + 8))
(5.140)
2. , (x)
,
Z(), , 1 -1.
v Z[] Q[] ,
N r(v) . , v = 2+ 3 Q[ 3]
1 .
(.[62], .2, 4).
([62], .133), ,

= r11 ... rkk ,
(5.141)
1, 1 , ..., 1rk
k = s + t 1 , s t
f (x).
, g(x)
Z , g(x) 2 (x)
h(x) , 1.
,
([13]) .
.
, ,
, ..
. (x) =
Q
2
,
xS (a bx) = (x)
:
5.4. cdx,
(q, s), a bx,
5.
161
M , f 0 (s) 6 0 ( mod q),

Y a bs
= 1.
q
(5.142)
xS
xS (a
bx) ,
(q, s), ,
(a bs/q) 0.
, (q, s), ,
.
(5.142) , ,
S , ,
,
.
,
, K[]
g(x) .
3. , g(x)
, ,
ZK ,
ZK , ..
a b , a, b Z.
5.4.
M (a, b), ,
, (x),
0
g(x) = (f (x))
(a bx)
(5.143)
xS
,
, ,
.
5.
162
,
,
, ,
(..1.14).
,
,

, .
7, ,
, .

.
, GNFS.

1993 . (Jean
M. Couveignes) [20] (. . [39]).
,
p. p
, .. g(x) mod p (.. ,
g(x) p)
Fp , p2 (x) = g(x) mod p,
g(x) p (x) p.
,
(x)
. p ,
p
(x).
n = 45113.
d
f1 (x). , ,
p, g(x) mod p
5.
163
. .
, [13]
.

(Hensels Lifting)

q(x) pk+1 ,
q(x) 0 ( mod pk ) .
p,
g(x) mod p . , ,
1 (x) q(x) (modp ). ,
k (x) q(x) ( modpk ) k+1 (x)
pk+1 . k+1 (x) k (x)
pk . , ai , k + 1 ai , k + 1+ti p,
ti [0; p 1].
2
ai , k + 1 k+1
(x) = g(x) mod pk+1 , ,
ti , ,
k+1 (x).
f1 (x), k k (x)
, k+1 (x)
.
5.5.

5.140, n = 45113,
. .
5.
164
1. p
p,
gp (x) = f1 (x) mod p = x3 + 15x2 + 29x + 8 mod p
Fp . p 9929.
gp (x)
(,
1):
5.5. q = pd .
wq (x) = xp x
(5.144)

Z/pZ , d.
5.6. p . f (x) d
Z/pZ ,
:
d
1. xp x f (x),
d/pi
2. ...(xp
x, f (x)) = 1 pi , d.
1. hp (x) = f1 (x) mod

p. , hp (x) f1 (x).
3
2. hp (x) | x9929 x.
3
x9929 x hp (x). .
3. 2 5.6
p1 = 3. , ... (x9929 , hp (x)) = 1.

(x9929 x) mod hp (x) = 7449x2 + 4697x + 5984
, ... (7449x2 + 4697x + 5984, x3 + 15x2 + 29x + 8) 1.
5.
165
, p = 9929 .
p = 9851 p = 9907.
, p 5.6,
p = 9923. ... (xp x, hp (x)) = x 847 6= 1.
2.

gp (x) = g(x) mod p p,
(g(x) 5.140).
p = 9929:
1. a(x) = g(x) mod 9929 = 2027x2 + 3891x + 6659.
2. q = p3 = 978 850 872 089. q 1
q 1 = 23 122 356 359 011, r = 3, s =
122 356 359 011. , (1.14).
3. gp (x)
Z/pZ . z(x) = x + 1.
z(x)(q1)/2 (mod hp (x)) = 9928 1 (mod p).
4. y(x) = (x + 1)s (mod hp (x)) = 1273.
5. 0 (x) = (a(x))s (mod hp (x)) =
= (2027x2 + 3891x + 6659)122 356 359 011 (mod x3 + 15x2 + 29x + 8) =
= 9928 1 (mod 9929).
6. w0 = (a(x))(s+1)/2 =
= (2027x2 + 3891x + 6659)61 178 179 506 (mod (x3 + 15x2 + 29x + 8)) =
= 2124x2 + 5715x + 4075.
7. 20 1 (mod 9929), 0 2, m = 1.
k = 2dm = 4.
5.
166
8. 1 w1 :
1 = 0 y k (mod hp (x)) = 1
w1 = w0 y k1 (mod hp (x)) = 6527x2 + 8769x + 6852.
w1 = 1, . gp (x) =
2027x2 + 3891x + 6659 6527x2 + 8769x + 6852.
xp = gp (x) mod
p = (2027 312 + 3891 31 + 6659) mod 9929 = 5694.
3.

a bx x M p = 9929
x = m.
p = 9851
p = 9907.
, . :
p
gp (x)
gp (m)
9851 7462x2 + 5679x + 4037 5694

9907 5126x2 + 5072x + 3125 4152
9929 3402x2 + 1160x + 3125 3077
g(m) mod n,
g(m) 9851, 9907 9929. ,
:
x 5694 ( mod 9851 ),

x 4152 ( mod 9907 ),
x 3077 ( mod 9929 ).

(. 1.15).
5.
167
, x = g(m) mod n =
694683807559 mod 45113 = 43992.

, ,
f1 (x)
, f1 (x) mod p ,
.
, ([13])
.

.
f (x) ,

:
T (n) = y 1+o(1) ,
(5.145)
y a, b ,
n d f1 (x).

q
1
log y =
+ o(1)
d log s + (d log d)2 + 4 log(n1/d ) log log(n1/d ).
2
(5.146)

,

(i (s), i (s)). S = {(ai , bi )}ki=1 ,
(i , i ) :
(0 (s), 0 (s) = (1, 1)).
(
i1 /(a b), (a b) | i1 ,
i =
i1 (a b), .
(
i =
i1 (a b), (a b) | i1 ,
i1 , .
(5.147)
(5.148)
5.
168
g(x) (5.143)
g() = (f 0 ())2
(ab) = (f 0 ())2 s s2
xS
(5.149)
g(x)
s f 0 (x), s s .
,
,
.
4.
n =
45113.

y 2 = f10 (m)2
(abm) = (3312 +3031+29)2 (1+31)(3+31)(13+31)(104+31)
xS
(3+231)(8+331)(48+531)(54+531)(43+631)(8+631)(8+731)(11+731)
(856+1131) = 38422 317465033886002 mod n,
y = 3824 31746503388600 mod 45113 = 15160. (x, y) =
(43992, 15160) x2 y 2 mod n, x2 y 2 =
(x + y)(x y) = (43992 + 15160)(43992 15160) = 59152 28832.

...(n, x y), n = 45113:
...(n, x + y) = ...(45113, 59152) = 229,
...(n, x y) =...(45113, 28832) = 197.
5.6.

,
,
5.
169

Z[x]/(f1 (x)).

GNFS.
, ([13])
Ln (; c), .130.
, d y ,
:

2
1/3
d = 3 + o(1) (log n/ log log n)1/3 , n > d2d > 1,

1/3
u = y = Ln 1/3, (8/9)

+ o(1) .
(5.150)
(5.150) (5.146)

1/3
T (n) = Ln 1/3, (64/9) + o(1).
(5.151)
, (64/9)1/3
1, 92. ,
log n Ln (; c) 1/2
1/3
,
,
.
5.7.
GNFS
.
f1 (x) f2 (x),
.
m
5.
170
f1 (x) g(x) f2 (x),

g(x) d 1.
m g(x) GNFS

(.Murphy [41]). f1 (x) f2 (x),
, 1 (
).
f1 (x) f2 (x).

1993 . , [13],
.
:
1. cd f1 (x)

, ,
, F1 (a, b)
p p cd b, p.
.
, .
cd 6= 1, C f1 (x). = cd
. ,
d
d1
H(x) = cd1
+ cd cd2 xd2 + ... cd1
c0 .
d f1 (x) = x + cd1 x
d
, S - (a, b) ,
(a,b)S
(a b)
Q() S ,
(H 0 (cd ))2
(acd bcd )
(a,b)S
Z[cd ], , 2 . H 0 (cd x)
5.
171
2 (x):
d1
H (cd x) =
0
cd1
d f1 (x)
0
cd1
d F1 (x, 1)
1 X
1 0
ici xi cd1i
,
= F1 (x, cd ) =
d
cd
cd i=1
2 () :
Y
1
2
0
(acd bcd ).
() = 2 (F1 (x, cd ))
cd
2
(5.152)
(a,b)S
(x) =
Pd1
i0
,
{1, cd , ... (cd )d1 }.
cd m g(x) n ,
f1 (x).
GNFS 3.
2. f1 (m) = n F1 (m1 , m2 ) = n
f1 (m1 ) = F1 (m1 , 1), m2 = 1
.
,
. [13]
m1 , m2 :
cd
= 1. m1
n1/(d+1) ,
n md1 m2 n1/(d+1) ,
n md1 .
(n md1 )/m2 m1 , m2 :
n md1
= cd1 md1
+ ... + c1 m1 md2
+ c0 md1
1
2
2 .
m2
(5.153)
3.
[13]
, cd m2 1,
,
5.
172
, ,
.

. f1 f2 ,
2006 . . [29]:
1. m2 , 1 m2 n1/d .

m2 p. p
pi ,
pi 1 ( mod d). m1 m.
2. ad m (n/ad )1/d ,

ad md n (mod p)
(5.154)
cd - p,
cd xd n ( mod p) , d .
3. rd = n. ri , ci
d > i 0 :
ri+1 ci+1 mi+1
,
ri =
p
ci =
ri
+ i ,
mi
(5.155)
0 i < p , ri ci mi (mod p).

, i
ri =
i
X
cj mj pij ,
(5.156)
j=0
i = d rd = n = pd f1 (m/p) = F1 (m, p).

f1 (x) ,

f2 (x)
px m.
.
.
5.
173

p
pi , 1
d. (cd , m)
cd .
512- RSA [15]
d = 5, p 7
p0 , cd
60.
cd (5.154).
, d x d
m , n ad md
. cd1 = (n ad md )/p,
, |cd1 |
.
cd1 , cd2
(5.155). i .
,
, ,
cd .
,
, ,
.
, . [29]
,
A:

Z
log F1 (x, y) + 1
log F2 (x, y) + 2
6
dxdy
2 A
log B1
log B2
(5.157)
- (..129),
6/ 2 (a, b) - ,
i F1 , F2
5.
174
:

X
p
log p
i {1, 2},
1 r(Fi , p)
i =
p+1 p1
(5.158)
small p
(5.157)
f1 , .

Z

1
1 + log
F12 (x, y)dxdy ,
2
A
.
(5.159)
,
f1 (x), n = pd f1 (m/p) ,
(5.159).
RSA-512, :
f1 (x) = 498520x5 + 15578368316860x4 513748876280490487x3
1021157413079535703297344x2 3989311146723167867825129900x+
+14658919460374074323550710377995600,
f2 (x) = 8794555574829559x 293947565389650342960556270613.
,
,
. , x0 = b/a,
x0
. .., .. .. [68]
.
GNFS
, GNFS,
.146, cd m2 = p:
1.
F1 (a, b) F2 (a, b),

:
F1 (a, b) = cd ad +cd1 ad1 b+ ... + c0 bd
F2 (a, b) = am2 bm1 .
(5.160)
5.
175
2. ,
S (a, b) .
3. (5.132) g 2 (x),
d 1:
g 2 () = (f10 ()/cd )2
(cd a b)
(5.161)
(a,b)S
4. g(x) f1 (x)
. g(x) v :
g(x) =
d1
Y
bi x ,
v=
i=0
d1
Y
bi mi1 md1i
mod n.
2
(5.162)
i=0
5. D2 C :
D2 =
(am1 bm2 ),
C = D mod n.
(5.163)
(a,b)S
#S/2
6. A = m2
d2+#S/2
v mod n B = cd
C mod n.
7. n, ...(n, A B).
5.8.

, . ,

.
,
,

.

, . ,
.
176
. .

, ,
,
.
[63],
[62] .. .. ,
.. [75], .
, , 3-

. . , 2002 .,

.

.1.
C ,
+, C
0, , C
, .. a(bc) = (ab)c.

a (b + c) = a b + a c, (b + c) a = b a + c a .
,
.
.
Z,
Z[x] x Z .
1,
: a
a 1 = 1 a = a. .
, , aZ, a k, k Z,
177
a 6= 1,
. .
.2.
K ,
+ , K
, .
a
a a1 , , 4
, , .
Q,
R, C.
( Q,
).
GFp
{0, 1, 2, ..., p 1} Z p,
GFpk , pk , p ,
k .
C
K C , a/b,
a, b C . C .
Q,
Z .
K[x] K
.
.
.3. f K[x]
K ,
h K[x] g K[x], .
178

.4. M R
R : R M M ,
:
1. m M, r1 , r2 R, (r1 r2 )m = r1 (r2 ),
2. 1 M, m M 1 m = m 1 = m,
3. m1 , m2 M, r R, r(m1 + m2 ) = rm1 + rm2 ,
4. m M, r1 , r2 R, (r1 + r2 )m = r1 m + r2 m.
.
Z[x]
Z .
M R ,
a1 , a2 , ..., ak M ,
x M
x = c1 a1 + c2 a2 , ..., ck ak ci R .
a1 , a2 , ..., ak (..
R , - ,
0), M .
.
. 1. Z[],
Q, , d
1, , 2 , ... d1 .
2. Z[i],
a + bi, i =
1 , a, b Z.
i, x2 + 1, 2.
,
=2. Z[i]
(3, 2i), a + bi, a 3,
b.
179
.1.
.5. K .
K , -
f (x) K .
1, ,
.
. ,
,
.

.
Q 7, 2, 3i f (x) = x 7,
x2 2 x2 + 9 .
.6. , K
{1 , 2 , ... r , },
K
K[1 , 2 , ... r ].
. ,
K[1 , 2 , ... r ] K , ,
K[1 , 2 , ... r ] = K[].
.7.
Q.
. Q i =
1. i
x2 + 1, K = Q(i)
. 1- ax + b
. (2x 1)(x + 3)
x2 +1, .. (2x1)(x+3) = 2x2 +5x3 mod (x2 +1) = 2x2 +5x3
180
2(x2 + 1) = 5x 5. g(x) ,
, u(x) f (x) + w(x) g(x) = 1,
g 1 (x) = w(x).
, K = Q()
,
B = {1, x, x2 , ..., xd1 } Q, d
.

. ,
Z()
. ,
.
g(x)
(content
of
polynomial
g(x))
,
content(g). content(g) = 1,
.
g(x) Z[x] ,
1. Z[x]
B = {1, x, x2 , ...}. , ,
Z[x],
f (x). Z[x]/(f (x)), (f (x))
Z[x], f (x).
Z[], f (x).
.2.
.8. M
C . < C, +, >,
M,
M
C :
1. (x, y I) x + y I
181
2. (x C)(y I) x y I.
, .
R
R .
.9. I C ,
: I = (a).
:
1. , .
2. , .
3. (a), a C
ra + ka, r C , k Z.
I , a b C ab I
a 6 I , b I . I , a
b C , ab I , a 6 I , n bn I .
, .
,
, .. .
,
Z.
I1 I2 C ( I1 + I2 )
, , I1 , I2 .
I1 I2 C ( I1 I2 )
, ab, a I1
b I2 .
, Z I1 , I2 I1 =
(6), I1 = (9), I1 + I2 = (3), I1 I2 = (18).
I C
I . a b C
182
I , a b
I ,
a b (mod I).
[a] , a.
,
, [a] + [b] = [a + b], [a] [b] = [a b]. ,
, ..
.
,
- C I C/I .
.10. X K
I
K . X , I ,
I . .
, Z[],
d. ,
Z[] . ,
, (noetherian)
-Amalie Emmy Noether (18821935).,
- .
.3.
, ,
.
K = Q(),
f (x) = xd + ad1 xd1 + ... a0 ,
ZK
K .
,
ZK .
ZK
183
ZK ,
ZK . :
.1. ZK ,
Z[] .
ZK Z[]. ,
K = Q[ 5] g = (1+ 5)/2 , ..
() f (x) = x2 +x1,
Z[ 5].

,
K
:
.2. C K
, C ,
..
C .
, ZK Z[]
,
Z[]
Z[]:
.3. g() ZK , g() f 0 () Z[].
f (x) .

K .
.11.
(integral domain), , ..
a, b, 0.
,

.
184

Z.
.
.12. C ,
, N r ,
:
(a, b C)(k, r C)a = k b + r,
, N r(r) < N r(b).

, .
.4.
Z(), , -,
f (x) d .
Z() d
Z . B =
(xd1 , xd2 , ... 1). B ,
h V
H , h
(.. ,
B h B ).
N r(h) = det(H)
(.164)
:
N r(g h) = N r(g) N r(h)
(.165)
185

f (x) = x3 + a2 x2 + a1 x + a0 .
h = x b. h B = (x2 , x, 1)
B h = (x3 bx2 , x2 bx, x b).

2- , B h
f (x), V :
B h = (a2 x2 a1 x a0 bx2 , x2 bx, x b).
:
a2 b 1
2
2
B h = (x , x, 1) H = (x , x, 1)
b
a1
a0
(.166)
, H :
a2 b 1 0
a1
b 1
a0
0 b
b3 + a2 b2 + a1 b + a0 = f (b). ,
N r(x b) x b f (x) .
x = b.
a bx
,
1- a bx K ,
f1 (x) = xd + ad1 xd1 + ... + a0 :
a

a
d
= b f1
(.167)
N r(a bx) = N r(b) N r x
b
b
,
Z[x]/(f2 (x))
0- , .. .
186
g(x) = a bx
f2 (x)
g(x) = a bx mod f2 (x) = a bx mod (x m) = a bm = g(m),
.. .m.
g(x) = a bx Z[x]/(f2 (x))
N r(a bx) = b f2 (a/b) = b (a/b m) = (a bm) = g(m) (.168)
.. .
,
.
F1 F2 :

b
= ad ad + ad1 ad1 b + ... + a0 bd ,
F1 (a, b) = ad f1
a
F2 (a, b) = a bm.
(.169)
(.170)
.5.

, ,
.
, .. ,
(.12). ,
,
(.2), . ,
ZK K = Q() ,

.
,
Z[],
.
.
Z[]
187
(.refClosedRing),
.
Z[]
ZK Z[],
.

. , p ,
:
1. : p = a b, a = 1, b = 1,
2. : a b p, a p,
b p.
.
, .
. , Z[ 6].
6 6 = 2 3, 6 = 6
6. , 2, 3, 6
Z[ 6], , : 23
6, 2, 3 6.
1844 . ,
.
, , ..

. , ,

Z[i].
188
ZK
ZK
ZK
. , ,
, ,
, , .
, 1 =
,
2 = 1 ,
, .. .

:
.4. ZK I0 I1
I2 ..., , .
, ZK , K = Q[ 5],
(2) (2, 5) (1, 5) ((1 + 5)/2, (1
5)/2). (integral basis) ZK , .
. Q[ 5] p + q 5.

(x p + q 5)(x p q 5) = x2 2pt + (p2 5q 2 ).
p + q 5 ZK , 2p p2 5q 2
. , 2p = a, p2 5q 2 = m, a, m Z . a,
p Z , 5q 2 Z , , q Z . a, 20q 2 Z , 2q Z .
, ZK (a + b 5)/2, a, b Z .

e ZK , , ..
e1 ZK . ZK ,
1.
189
, e ZK , a ZK
ae = a, ZK
ZK . a b
, a = be, e ZK .
.13. , C ,
, ,
. , a, b, c, d C ,
a = bc, a = bd, b 6= 0, c d c = ed.
Z[ 6] ,
, ,
. ,
, :
.5.

, .
. ,
R .
x R
x = e1 p1 p2 ...pk ,
e, pi (, , ) R .
, :
x = e1 p1 p2 ...pk = e2 q1 q2 ...qm ,
(.171)
k , k = m pi
- qj . k = 0
. k > 0 pk | q1 q2 ...qm . pk j
, pk | qj , pk = eqj . (.171) pk , ,
e1 p1 p2 ...pk1 = e2 q1 ...qj1 eqj+1 ...qm ,
(.172)
190
.
.
, ,
.
Zk
Z[ 6] ,

.
, ,
.

, .
.
, , , a
a = p1 p2 a = q1 q2 , L
K , , p1 = b1 b2 ,
p2 = b3 b4 , q1 = b1 b3 , q2 = b2 b2 , ,
a = p1 p2 = (p1 p2 ) (p3 p4 ) = (p1 p3 ) (p2 p4 ) = q1 q2 .
. Q( 15) 10 :
10 = 2 5 = (5 +
15)(5
15).
, 2 5 5 15.

L = Q( 3, 5).
L :

10 = ( 5)( 5)( 5 + 3)( 5 3).
(.173)
, (.173)
ZK K ,
(.. ), K
191
. , I1 I3 ,

ZK ( 5), ( 5+ 3) ( 5 3).
, ZK :
10 = (I1 )2 I2 I3 ,
(.174)
I1 I3 .

, , I2 = ZK ( 5+ 3). 5( 5+
3) = 15+5 3( 5+ 3) = 15+3 I2 . I2

( 15 + 5) ( 15 + 3) = 2.
I2 , (a + b 15),
(2) a + b 15, 2, 4, ab 15,

a2 15b2 . I2 , 1,
,
a2 15b2 = 2.
5, a2 2 ( mod
5), .
ZK
,
, .
:
.6. ZK .
, -
(.5.5
[52]):
.7. I
Zk ,
.
192

[1] Agrawal M. PRIMES is in P / M.Agrawal, N.Kayal, N.Saxena. Annals of
Mathematics. 2004, v.160, p. 781793.
[2] Atkin A.
Prime sieves using binary quadratic forms/ A. Atkin,
D. Bernstein. http://cr.yp.to/papers/primesieves19990826.pdf
[3] Bach E. Factoring with cyclotomic polynomials / E. Bach, J. Shallit. Math.
Comp. 1989. v.52(185), p. 201219.
[4] Blake A.(ed). Advances in Elliptic Curve Cryptography. / A. Blake(ed). London Mathematical Society Lecture Note Series. 317, Cambridge Univ.Press,
2005, 281 p.
[5] Boender H. The number of relations in the Quadratic Sieve Algorithm /
H. Boender NM-R9622, The Netherlands, 1996, p. 122.
[6] Brent R.P. An improved Monte Carlo factorization algorithm/ R.P. Brent.
BIT, 1980, v.20, p. 176184.
[7] Brent R.P.
Factorization of the eighth Fermat number / R.P. Brent,
J.M. Pollard. Math. Comp, 1981, v.36, p. 627- 630.

[8] Brent R.P.
Some integer factorization algorithms using elliptic curves/
R.P. Brent. Austral.Comput.Sci.Comm, 1986, v.8, p. 149163.

[9] Brent R.P. Factorization of the tenth Fermat number / R.P.Brent. Math.
Comp, 1999, v.68, p. 429451.
[10] Brent R.P. Some parallel algorithms for integer factorisation / R.P. Brent.
Lect.Notes in Comp.Sci, 1999, v.1685, p. 122.
[11] Brillihart J. Factorisations of bn 1, b = 2, 3, 5, 6, 7, 10, 11, 12 up to high
powers / J. Brillihart, D.H. Lehmer, S.Wafstaff. Contemporary Mathematics, 22, Th.Edit., AMS, Providence, 2005, 327 p.
193
[12] Briggs M. An Introduction to the General Number Field Sieve / M. Briggs.

Masters Thesis, Virginia Polytechnic Institute and State University, Blacksburg, Virginia, 1998, p. 184.
[13] Buhler J.P. Factoring integers with the number field sieve / J. P. Buhler,
H. W. Lenstra, C. Pomerance. in The Developement of the Number Field
Sieve, SpringerVerlag, Berlin, Germany, 1993, p. 5094.
[14] Buhler J. Algorithmic Number Theory: Proc. ANTS-III / J.P. Buhler(ed.).
Portland, OR, v.1423, Lect.Not.Comp.Sci. SpringerVerlag, 1998, 640 p.
[15] Cavallar S. Factorization of 512-bit RSA-modulus / S. Cavallar, W.M. Lioen,
H.J.te Riele, B. Dodson, A.K. Lenstra, P.L. Montgomery, B. Murphy et al.
CWI Report MAS-R0007, February 2000, 18 p.
[16] Coblitz N. The state of elliptic cryptography / N.Coblitz, A.Menezes,
S.Vanstone. Design, Codes and Cryptography, 19, Kluwer Publ. 2000, p.
103123.
[17] Cohen H. A course in computational algebraic number theory / H. Cohen.
SpringerVerlag, Berlin, 1993, 545 p.
[18] Coppersmith D. Fast evaluation of discrete logarithms in fields of characteristic two/ D. Coppersmith. IEEE Trans Inform. Theory, 1984, v.30(4),
p. 587594.
[19] Coppersmith D. Solving homogeneous linear equations over GF (2) via block
Wiedemann algorithm / D. Coppersmith. Math. Comp. 1994, v.62, p. 333
350
[20] Couveignes J.M. Computing a square root for the number field sieve / Jean
Marc Couveignes. in [33], p. 95102
[21] Crandall R. The prime numbers: a computational perspertive / R. Crandall,
C. Pomerance. sec.ed. SpringerVerlag, Berlin, 2005, 604 p.
194
[22] Dixon J.D. Asymptotically fast factorization of integers / J.D. Dixon.

Math. Comp. 36, 1981, p. 255260.
[23] Elkenbracht-Huising M. An implementation of the Number Field Sieve /
M. Elkenbracht-Huising. Experimental Mathematics, 1996, v.5, p. 231253.
[24] Gardner M. A new kind of cipher that would take millions years to break /
M. Gardner. Sci. Amer. 1977, p. 120124.
[25] Gower J. Square form factorization/ J. Gower, S.S. Wagstaff Jr. Mathematics of Computation, v.77 (2008), p. 551588.
[26] Hackmann P. Elementary Number Theory / P. Hackmann. HHH Publ,
2007, 411 p.
[27] Joux A. A one round protocol for tripartie Diffie-Hellman. / A. Joux. Algorithmic Number Theory: 4-th International Symposium, ANTIV, Lecture
Notes in Computer Science, v.1838(2000), SpringerVerlag, p. 385393.
[28] Keller W. Prime factors k 2n + 1 of Fermat numbers Fm and complete
factoring status / W. Keller. http://www.prothsearch.net/fermat.html
[29] Kleinjung T. On Polynomial Selection for the General Number Field Sieve/
T. Kleinjung. Math. Comp. 75 (2006), 20372047 p.
[30] Kleinjung T. Factorization of a 768-bit RSA modulus / T. Kleinjung et alt.
Scientific Report, 2010, 22 p.
[31] Lenstra H.W. Factoring integers with elliptic curves / H.W. Lenstra.
Ann.Math. v.126 (1987), p. 649674.
[32] Lenstra A.K. Factoring integers with the number field sieve / A. K. Lenstra,
H.W. Lenstra,Jr, M.S. Manasse, J.M. Pollard. in [33] p. 1142.
[33] Lenstra A. The Development of the Number Field Sieve / A. Lenstra and
H. Lenstra (eds.). Lect.Not.in Math.1554, SpringerVerlag, Berlin, 1993,
139 p.

[34] Menezes A.
195
Reducing Elliptic Curve Logarithms to a Finite Field /
A. Menezes, T. Okamoto, S. Vanstone. IEEE Trans. Info. Theory, v.39,

1993, p. 16391646.
[35] Menezes A. Elliptic Curve Public Key Cryptosystems / A. Menezes. 1993,
144 p.
[36] Montgomery P.L. Speeding the Pollard and Elliptic Curve Methods of Factorization./P.L. Montgomery. Mathematics of Computation, v.48, iss.177,
1987, p.234264.
[37] Montgomery P.L. An FFT-extension of the Elliptic Curve Method of Factirization / P.L. Montgomery. Doctoral Dissertation, 1992, Univ.Calif. USA,
118 p.
[38] Montgomery P.L. A block Lanczos algorithm for finding dependences over
GF(2)/ P.L. Montgomery. in Advances in Cryptology: Eurocrypt95,
Lect.Notes in Comp.Sci. 921, SpringerVerlag, Berlin, p. 106120.
[39] Montgomery
P.L.
Square
roots
of
products
of
algebraic
num-
bers./P.L. Montgomery. 1997, 24 p. http://ftp.cwi.nl/pub/pmontgom/

sqrt.ps.gz.
[40] Morrison M.A. A Method of Factoring and the Factorization of F7 /
M.A. Morrison, J. Brillhart. Mathematics of Computation, AMS, 29
(129),January 1975, p.183205.
[41] Murphy D.A. Polynomial selection for the number field sieve./ B.A. Murphy.
Doctoral Thesis, Australia, 1999, 142 p.
[42] Niven I. An introduction to the number theory/ I. Niven, H. Zuckrman,
H. Mongomery. Willey Publ., 5-th edition, 1991, 541 p.
[43] Pollard J.M. Theorems on factorization and primality testing / J.M. Pollard.
Proc.Cambridge Phil.Society. 1974, v.76, p. 521-578.
196
[44] Pollard J.M. Factoring with cubic numbers./ J.M. Pollard. in Lenstra et
alt[1993], p. 4-10.
[45] Pollard J.M. The lattice sieve./ J.M. Pollard. in Lenstra et alt[1993], p. 4349.
[46] Pomerance C. Tale of Two Sieves/ C. Pomerance. Notices of AMS, 1996,
P. 14731485.
[47] Pomerance C. Smooth Numbers and the Quadratic Sieve / C. Pomerance.
MSRI publications, v.44 2008, p. 6982.
[48] Pomerance C. A pipeline architecture for factoring large integers with the
quadratic sieve algorithm./ C. Pomerance, J. Smith, R. Tuler. SIAM J.
Comput., 17:387403, 1988. Special issue on cryptography.
[49] Ribenboim P. The New Book Of Prime Number Records,/ P. Ribenboim.
3rd ed. Springer, 1996, 541 p.
[50] Schoof R. Four primarity testing algorithms./ R. Schoof. in Surveys in Algorithmic Number Theory, ed.J.B.Buchler, P.Stevenhagen,
Math.Sci.Res.Inst.Publ. 44, Cambridge Univ.Press, New York, 2008, p.101126.
[51] Shoup V. A Computational Introduction to Number Theory and Algebra/ V. Shoup. Cambridge University Press, Sec.Edition, 2005, 600 p.
http://shoup.net/ntb/
[52] Stewart I. Algebraic Number Theory and Fermats Last Theorem / I. Stewart,
D. Tall. Third Ed., Massachusetts:AK Peters, 2002, 314 p.
[53] Venturi D. Lecture Notes on Algorithmic Number Theory./ D. Venturi.
Springer-Verlag, New-York, Berlin, 2009, 217 p.
[54] Washington L. Elliptic Curves Number Theory and Cryptography /L. Washington. Series Discrete Mathematics and Its Applications, Chapman &
Hall/CRC,second ed. 2008, 524 p.

[55] Zhang
M.
197
Factorization
of
the
Numbers
of
the
Form
m3 + c2 m2 + c1 m + c0 . / M. Zhang. in [14],P.131-136.
[56] .. :
/ .. , .. . .: -,
2009, 256 .
[57] . . /
. , . . .: , 1987, 428 .
[58] . . /
. . .: , 1994, 544 .
[59] ..
. / .. .
, , 2005, 35 . / http://math.nsc.ru/ bogopolski/Articles/SpezkNumber.pdf
[60] .. :
. / .. ,
.. , .. . .:, 2004, 280 .
[61] .. .
/ .. , .. , .. , ... .:,
2004, 499 .
[62] .. . / .. , .. . 3-
, .: , 1985, 504 .
[63] .. ./ .. . .2, .: ,
1979, 623 .
[64] .. - /
.. . , 2003, 326 c.
[65] . C C++ :
/ . . .: , 2008, 464 .
198
[66] .. : .. /
.. , .. . : . .., 2010,
132 .
[67] ..
/ .. , .. , .. .
. , 4, 2011, 15-22 c.
[68] ..
/ .. ,
.. , .. .
III
,
, 2010, 177-183 .
[69] . / . . .: ,
2001, 260 .
[70] .. ./.. . .-. ,
, , 2010, 35 .
[71] . : /. , . ,
. . .: , 1999.
[72]
..
/ .. , .. .
, -, , 2006, 65 .
[73] . /. ,. . T. 1, 2. .: , 1988,
428 .
[74] .. .
/ .., .. ,.. . -, 2004,
446 .
[75] .. / .. .
, , , 80 .
199
[76] .. / .. . , .
, 2008, 273 .
[77]
..
/ .. . ,
, 1999, 136 .
[78] . . /. ,
. . .: , 1987, 118 .
[79]
..
/ .. . .: , 2002.

L- , 117
, 43
(p + 1) , 59
, 13, 41, 51
(p 1) , 53
, 32
- , 60
., 8
, 74
, 63
, 25, 27, 37, 39, 42, 45
, 70
, 13
, 81
SQUFOF, 78
., 8
, 11
22
, 7
, 36
, 39
, 148
, 42
-, 33
, 159
, 81
87
, 42
, 11, 13
, 12
, 38, 42
, 165
, 114, 145
, 125
., 81, 87
, 9
, 24, 32, 38,
, 24
42
, 20
GNFS, 148
, 44
, 39
., 163
, 32
, 169
, 10
, 70
, 10
, 20
, 10
, 7, 53, 60, 63
, 25
, 7
, 168
200
201
, 168
, 171
, 177
, 170
, 42
, 62
, 35
, 150
, 10, 163
, 11, 164
, 11
ZK , 138
, 164
, 170
, 11
, 170
, 171
, 95
, 163
, 83
, 169
, 39
, 39
176
, 40
, 37
, 112
e, 37

, 92
, 23
, 142
, 49
, 142
, 14

, 141
, 98
, 42
, 74
-, 63, 93
RSA, 6
, 31
, 59
, 103
, 14
, 164
, 157
, 62, 65
GNFS, 141
, 114
,
121, 123
, 165
, 15
, 85
, 13
202
83
, 24
, 24, 147
, 25
116
-, 97
(n), 27
, 9
, 45
, 168
, 49
, 41
, 14, 49
, 13
, 47
, 11
, 90
, 47
, 116
, 49
, 48
, 103
, 18
, 9
AKS, 30
, 9
, 26
,
28
, 82
, 51
, 74
, 66
, 103
,
135
85
, 135
, 135
(x), 32
, 37

,
, 86
, 70

Ишмухаметов Ш.Т. - Методы Факторизации Натуральных Чисел - 2011

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Ишмухаметов Ш.Т. - Методы Факторизации Натуральных Чисел - 2011

Загружено:

Авторское право:

Доступные форматы

..

The problem of distinguishing prime numbers from composite numbers and of

1977 . (Ronald Linn Rivest),

a2i mod n, bi+1 = 0,

: 2199 mod 1003 = 247.

for(int i = 2; i < b nc; i + +)

b nc = 24 879 108 095 803.

p < n, , 0 < k < 8486. k ,

a = 3), F > b nc, ,

: ...(72, 25) = 1 B . (x, y) =

2. (k, 0 < k < s) x2 1 (mod n).

{x1 , x2 , ..., xs1 }, n 1. , 2

A = 0, 921, B = 1, 06, , (x) x/ ln x,

168 1 229 78 498 5 761 455 37 607 912 018

wi2 a i ( mod p), i = 0, 1, 2, ... ,

7. 1 = 0 y d ( mod p) = 32 9( mod 41) = 1, w1 = w0 y d1 ( mod

xi+1 = xi + yi+1 m1 m2 ... mi .

22 + 1 = 4 294 967 297 = 641 6 700 417

P6 = 17353230210429594579133099699123162989482444520899 215 +1.

(Allan Cunningham), (18481928),

: (140 + 10)2 n = 532 , n =

p 1 = pri 1 pr22 ... prt .

< p < min{B 1/(k1) , B2 }.

a. Pollard on the Play Station 3,

...(n, i 1), ci = bqi .

int -Pollard (int n)

(Discrete Logarithm Problem DLP)

0 < xi < p/3,

(ai + 1, bi ) mod (p 1),

0 < xi < p/3,

2p/3 < xi < p,

, p = 43, g = 3, t = 15. (0 , b0 , x0 ) = (0, 0, 1),

ai bi xi a2i b2i x2i

, 24x+42y 36 ( mod 42).

...(aj ai , p 1) =...(24, 42) = 6 6= 1.

= [q0 , q1 , q2 , ... qs1 ]

0 = q0 , 1 = [q0 , q1 ], . . . , s = [q0 , q1 , ..., qs ], . . .

{Pn }, {Qn } {qn }:

P0 = [ D], Q0 = D . rj+1 (2.42)

152 14 42 = 225 224 = 1. ,

t (x0 + y0 n), t = 0, 1 2, 3 ... . , t = 2

(15 + 4 14)2 = 449 + 120 14, .. (x2 , y2 ) = (449, 120).

(x1 + y1 n). (x1 + y1 n)

132 29 = 1. 70+13 29 (x2 , y2 ) = (9801, 1820),

rk1 Qk1 Pk1 ,

Qk2 + rk1 (Pk1 Pk ),

| D 2|a|| < b < D.

2. |c| < r |c|, D < |c|,

3. D 2|c| < r < D , |c| < D .

(c2 , b, a) = (c, b, ac).

. (k, kn, c) (ambiguous). , k :

P0 = 0, Q0 = 1, r0 = P1 = b nc, Q1 = nr02 , r1 = b2r0 /Q1 c.

10P = (12, 14) 11P = (1, 7)

14P = (4, 10)

18P = (12, 4) 19P = (4, 5)

22P = (7, 11) 23P = (5, 3) 24P = (10, 7)

25P = (3, 10)

13 3 mod 23 = 16. , x3 = 2 x1 x2 = (162 3 11) mod 23 = 12,

(aX, aY, aX).

X3 = 2Y1 Z1 ((3X1 + aZ1 ) 8X1 Y1 Z1 )(modp)

Y3 = 4Y12 Z1 (3X1 (3X12 + aZ12 ) 2Y12 Z1 ) (3X12 + aZ12 )3 (modp)

X3 = (X2 Z1 X1 Z2 )[Z1 Z2 (Y2 Z1 Y1 Z2 )2 (X2 Z1 + X1 Z2 )

Y3 = (X2 Z1 X1 Z2 )2 [Y2 Z1 (Y2 Z1 + 2Y1 Z2 ) Y1 Z2 (X1 Z2 + 2X2 Z1 )]

() e(A + B, C) = e(A, C) + e(B, C),