Accelerating the Wheel Factoring Techniques

1. Introduction

The complexity of the integer factorization issue affects the security of several public key cryptosystems such as [11,20,23,25,36], while the exponentiation problem determines the effectiveness of such cryptosystems [9,10,34].

Algorithms for factoring a big odd composite number fall into two broad kinds, called special-purpose and general-purpose algorithms [5,16,17,18,26,30,31,35]. The special-purpose factoring algorithms [16] find tiny prime factors rapidly regardless of the value of n. If n has no tiny factors, employing one of the special-purpose factoring algorithms will almost surely fail, which is the primary issue with them. Examples of such factoring algorithms include the Fermat technique [5] with time complexity of $O\left(\sqrt{n}\right)$, Pollard’s elliptic curve method, Pollard’s wheel factoring method, Pollard’s p-method with time complexity of $O(\sqrt{n}logn)$, and Pollard’s $p-1$ method [15]. The general-purpose factorization techniques factor n regardless of the size of the prime factors, albeit they require exponential or subexponential time. Examples of such algorithms include the quadratic sieve with time complexity of $e^{(1+o\left(1\right))\sqrt{lnnlnlnn}}$ , continuous fraction method with time complexity of $O\left(e^{\left(\sqrt{2lognloglogn}\right)}\right)$ , and number field sieve [18]. Recently, subexponential-time factoring methods utilizing binary decision and the Pisano period were proposed by Raddum, Varadharajan, and Wu [14] and Wu et al. [29], respectively. The number field sieve method with time complexity of $e^{(\frac{4}{\sqrt[3]{9}}+o\left(1\right))\sqrt{{(lnn)}^{\frac{1}{3}}{(lnlnn)}^{\frac{2}{3}}}}$[28] has been shown to be the most effective method so far for factoring big n with large prime factors.

There are more factoring techniques, but they require more knowledge of cryptosystems or specific requirements for the prime factors (see [1,3,4,19]). Utilizing high-performance-Computing systems such as multicore systems [6,7,13,15], cloud computing systems [28], and graphics processing units [2,8] is one method for accelerating factoring algorithms.

In this paper, we focus on the challenge of factoring odd composite integers n. We investigate a new way to enhance the recent wheel factoring technique [33]. We expand the wheel method by using a greater number of prime integers as a basis rather than a limited number of prime integers.

The rest of the paper is organised as follows. In the second section, we will go over an overview of the most important works on the subject under consideration. The proposed algorithm will be presented in the third section. In the fourth section, we will provide a numerical illustration of the suggested method in action. The implementation of the algorithms will be presented in the fifth section. The results of the practical implementation of the algorithms will be examined in the sixth section. Finally, in the final section, we will conclude what we have accomplished.

2. Related Work

In this section, we will go over the three most important algorithms related to our research: Wheel Factorization Method (WFM), Forward Wheel Factorization Method (FWFM), and Backward Wheel Factorization Method (BWFM) [33].

2.1. Traditional Wheel factorization method (WFM)

In this subsection, we present a quick explanation of the WFM’s central concept as well as its pseudocode for finding two factors for a composite integer. The WFM depends on picking the first k primes, known as the basis, say $B=\{b_1,b_2,...,b_k\}$, where k is a tiny number, say 3 or 4. Then, WFM creates a list T, referred to as the turn or wheel, of integers that are coprime with every number in B. The product of the basis integers equals the circumference of the wheel (also known as primorial) $s=b_1\times b_2...\times b_k$. Next, The integers in the wheel/turn are used by WFM to discover the lowest divisor of the integer to be factorised. To explain how WFM works to find a factor of n, B $=\{2,3,5\}$, and the circumference of a turn is $s=30=2\times 3\times 5$. n must be divided by 2, 3, 5, and all other numbers that are congruent to 1, 7, 11, 13, 17, 19, 23, and 29, modulo 30, until a factor is discovered or $\sqrt{n}$ is reached. We begin by dividing n by 2, 3 and 5, and if it is not divisible by any of them, we go to the first iteration. In the first iteration, we divide n by 7, 11, 13, 17, 19, 23, 29 and 31, and if it is not divisible by any of them, we go to the second iteration. In the second iteration, we divide n by 37, 41, 43, 47, 49, 53, 59 and 61, and if it is not divisible by any of them, we go to the third iteration and so on. The difference between the matching items in any two successive turns is 30. The loop ends when we find a factor of n or reach a $\sqrt{n}$. If we reach the $\sqrt{n}$ without encountering a factor, then n is a prime number.

WFM does not have to begin from 1. For instance, we can start at 11, making the first turn set as follows: $\{11,13,17,19,23,29,31,37\}$. In this situation, to begin, we must divide n by the elements of B and the number 7, i.e., 2, 3, 5, and 7. WFM checks whether n can be divided by the numbers in the following turn set, which are $\{41,43,47,49,53,59,61,67\}$.

The first 15 turn sets when WFM starts from 11 are shown in Table 1. The initial integer of the $k^{th}$ turn is clearly equivalent to $init=11+30(k-1)$ and the following components of the $k^{th}$ turn are $init+2,init+6,init+8,init+12,init+18,init+20$, and $init+26$. The disparities between two consecutive integers in any turn are 2, 4, 2, 4, 6, 2, and 6, respectively, however, the difference between the last number in any round and the first integer in the next turn is 4. To handle all turns, these differences can be kept in an array, say $inc$. Algorithm 1 displays WFM pseudocode. As seen in Algorithm 2, the algorithm employs a function called FactorBasis to determine whether or not n has a factor from the basis set B.

Algorithm 1: WFM [33]

2.2. Forward WFM (FWFM)

In WFM, every while−loop iteration, Lines 6−17 of Algorithm 1 checks if m may be divided by the integer f. The value of f fluctuates with each turn depending on the value of $inc\left[j\right],1\le j\le 7$, Lines 10−15. The value of $inc\left[8\right]$ is used to establish the following turn’s start. With the FWFM, complete the while–loop in a single iteration rather than

Algorithm 2: FactorBasis [33]

1 Input: A composite integer $m.$ 2 if $mmod2=0$ return 2 3 if $mmod3=0$ return 3 4 if $mmod5=0$ return 5 5 if $mmod7=0$ return 7 6 Otherwise return 1 7 Output: Either a prime number $f\in \{2,3,5,7\}$ or 1.

eight separate iterations for each turn. There’s no reason to utilize the array inc because the idea can be accomplished by doing eight tests during every while−loop iteration. Additionally, there is no need to run the while−loop repeatedly while updating the counter i and testing its value. As a result, we can get rid of Lines 11 − 15 from the while−loop. Forward WFM (FWFM) is shown in Algorithm 3. FWFM tests each turn j of length 30 starting from $11+30j,j\ge 1$ using the subroutine TurnTest, Algorithm 4. If a factor of m is present, the function TurnTest returns it; otherwise, it returns 1. The function begins with f, the initial element of each round, and updates f by the numbers 2, 4, 2, 4, 6, 2, accordingly. Algorithms 3 and 4 present the complete pseudocodes for the FWFM and TurnTest algorithms, respectively.  

Algorithm 3: Forward Wheel Factoring Method (FWFM) [33]

2.3. Backward WFM (BWFM)

In several public-key cryptosystems, lowest prime factor is near to $\left[\sqrt{m}\right]$, like RSA [25], where the public modulus m is the product of two equal-sized prime numbers. Therefore, it is preferable to look for the factor between $\left[\sqrt{m}\right]$ and 2. (backward direction).

$nTurns=(\left[\sqrt{m}\right]-10)/30$ is the total number of turns in the search space, counting from 11. The algorithm begins with the turn that was made at $i=30(nTurns-1)+11$. The algorithm comes to an end if it discovers the factor of m. Otherwise, the algorithm searches in reverse order for a factor of m in the following turn by subtracting the circumference of turn 30 from i, $i.e.,i=i-30$, This process is repeated for all turns. The algorithm looks for the factors 7, 5, 3, and 2 if the $nTurns$ iterations do not yield a factor. Algorithm 5 provides the whole pseudocode for the backward wheel factoring method (BWFM).  

Algorithm 4: TurnTest [33]

Algorithm 5: Backward Wheel Factoring Method (BWFM) [33]

3. The Modified Wheel Factorization Method (MWFM)

The idea is based on the generalization of the WFM algorithm, which is based on an array $Base$ of length 3 only. The main idea is to generalize the length of the Base array by reading $lb$ of prime numbers from a file containing the first million prime numbers and storing them in the $Base$ array, then calculating $ws$, which is the product of the $Base$ array elements. The next step is to read all the primes up to $ws$, excluding the elements of the $Base$ array, and store those elements in an array called $Turn$.

Using a function called NewFactorBasis, we begin the steps of the proposed algorithm by determining whether n is divisible by any of the elements of the $Base$ array. We perform several iterations with a maximum of $\frac{\sqrt{n}}{ws}$ iterations in the absence of any factor of n in the $Base$ array. We test whether n is divisible by any of the $Turn$ array elements in each iteration. If there is no any factor of n within the $Turn$ array, the $Turn$ array elements are incremented by $ws$. This is accomplished through the use of a function known as NewTurnTest.

The full descriptions of NewFactorBasis, NewTurnTest and MWFM are shown in Algorithms 6,7 and 8.  

NewFactorBasis algorithm runs in $O\left(1\right)$ because there are $lb$ comparisons and divisions

Algorithm 6: NewFactorBasis

and $lb$ does not depend on n. Also NewTurnTest algorithm runs in $O\left(1\right)$ because there are l comparisons and divisions and l does not depend on n. MWFM algorithm runs in $O\left(\sqrt{n}\right)$ because the while loop in line 10 performs $\sqrt{n}$ iterations in the worst case.  

Algorithm 7: NewTurnTest

Algorithm 8: Modified Wheel Factorization Method (MWFM)

4. An Example

In this section, we give an example to show how MWFM algorithm works. Assume the worst case at which n is a prime number. Let $n=505301$ and $bl=4$

In line 2, four prime numbers are read and stored in B. $B=\{2,3,5,7\}.$

In line 3, $ws$ is computed. $ws=210$.

In line 4, all prime number which are greater than 7 and up to 210 are read and stored in the array T. Also the actual length l of T is computed. $T=\{11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199\}$ and $l=42$.

In line 5, we determine whether n is divisible by any of the elements of B by calling the function NewFactorBasis. n is not divisible by any of the elements of B. So NewFactorBasis returns 1 in $p.$

Because $p=1$ we skip line 7 and execute from line 9.

In line 9, the square root of n is computed and stored in m. $m=710.$

In lines 10-15, we perform several iterations depending on the value of $t_0$. In each iteration, NewTurnTest function is called to determine whether n is divisible by any of the current elements of T. If any factor p was found, the algorithm will return p and $\frac{n}{p}$ as in line 12-14. If we do not find any factors, the elements of the array T will be modified by an increment of $ws$. The while loop will end when the value of $t_0$ exceeds $\sqrt{n}=710$.

After the first iteration, we do not find any factor of n in T and the values of the elements are modified as follows:

$T=\{221,223,227,229,233,239,241,247,251,253,257,263,269,271,277,281,283,289,293,299,307,311,313,317,319,323,337,341,347,349,359,361,367,373,377,383,389,391,401,403,407,409\}.$

After the second iteration, we do not find any factor of n in T and the values of the elements are modified as follows:

$T=\{431,433,437,439,443,449,451,457,461,463,467,473,479,481,487,491,493,499,503,509,517,521,523,527,529,533,547,551,557,559,569,571,577,583,587,593,599,601,611,613,617,619\}.$

After the third iteration, we do not find any factor of n in T and the values of the elements are modified as follows:

$T=\{641,643,647,649,653,659,661,667,671,673,677,683,689,691,697,701,703,709,713,719,727,731,733,737,739,743,757,761,767,769,779,781,787,793,797,803,809,811,821,823,827,829\}.$

Because the value of $t_0$ is still less than $\sqrt{n}=710$, another iteration will be performed and T will be modified as follows:

$T=\{851,853,857,859,863,869,871,877,881,883,887,893,899,901,907,911,913,919,923,929,937,941,943,947,949,953,967,971,977,979,989,991,997,1003,1007,1013,1019,1021,1031,1033,1037,1039\}.$

The condition of the while loop has been broken and we have reached line 17 and the value of p is still 1, so the algorithm will return 1 and $n=505301$.

5. Experiments

This section describes the implementation of the proposed improvement on the best Known algorithm (BWFM). It is split into two subsections. The first subsection outlines the setup of the experimental investigation, which comprises the hardware, software, and data collection.

The average execution times of BWFM and MWFM are included in the second subsection.

5.1. Experimental Specifications

The studies were conducted out on a computer having a processor (Intel(R) Core(TM) $i7-4702MQCPU@2.20GHz2.20GHz$). Memory capacity of 8 GB.

Under Ubuntu $20.04$ operating system, the algorithms are implemented using the C++ language and the OpenMP library [21], parallel loops are implemented using the OpenMP library. To operate huge numbers greater than 64 bits, the GMP (GNU Multiple Precision) library [12] is utilised.

The experimental study used composite numbers with sizes of 11-20 digits. The average time for 20 random numbers is the running time of each implemented algorithm for each fixed number of digits.

5.2. Execution Time

The running times of the algorithms BWFM and MWFM (which is considered the latest wheel factorization algorithms [33]) are displayed in this section. The average running times (in seconds) for BWFM and MWFM are shown in Table 2. The percentage of improvement for MWFM over BWFM is shown in Table 3 while Table 4 depicts the execution time of MWFM as the wheel size increases.

6. Discussion

This section discusses and analyses the results of implementing the BWFM and MWFM algorithms on the data set in terms of running time, as shown in Table 2, Table 3, and Table 4.

• MWFM takes less time to execute than BWFM, except when the size equals 11 digits. See Table 2.
• On average, the percentage of improvement for MWFM over BWFM is $75\%$. For all cases, the minimal and highest improvements are $0\%$ and $81\%$, respectively. See Table 3.
• The running time of MWFM decreases as the wheel size increases from 4 to 8. See Table 4.
• The main disadvantage of MWFM is that it requires an array T, which will be rather huge if we use more than 8 prime integers as a basis.
• Another flaw is that the method does not employ a theoretical foundation to identify the optimal number of prime integers to use as a basis.

7. Conclusion

In this paper, we addressed the integer factorization problem, which is one of the difficult problems associated with cryptanalysis of some public-key cryptosystems. The goal of integer factorization is to divide a composite number into prime factors. We have presented a new approach for improving the most recent wheel factoring method, BWFM. The approach is based on increasing the size of the Base array. The proposed algorithm performs significantly better when implemented on composite integers ranging in size from 11 to 20 digits. On average, MWFM outperforms BWFM by $75\%$. In the future, we will try to theoretically establish the ideal size of the Base array.