mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   Factoring (https://www.mersenneforum.org/forumdisplay.php?f=19)
-   -   Condition on composite numbers easily factored (https://www.mersenneforum.org/showthread.php?t=24797)

CRGreathouse 2019-09-29 06:22

This is the test code I used while composing the above posts to generate numbers of the OP's form; I wonder if it's similar to your code, axn?
[code]baih(N,P=N\3)=
{
my(p,lower,upper,k,q);
if(P>=N/2,error("Need p small"));
while(p%3<2,
p=randomprime([2^(P-1),2^P-1])
);
lower=ceil((2^(N-1)/p-3)/(p-1));
upper=(2^N\p-3)\(p-1);
while(q<1,
k=random(upper-lower)+lower;
q=k*(p-1)+3;
if(p*q%4==1||!ispseudoprime(q),q=0)
);
\\print(p);
p*q;
}
baih(3068)[/code]

R. Gerbicz 2019-09-29 10:17

[QUOTE=axn;526871]
Try this. q = O(p^2)[/QUOTE]

Good challenge. Solved:
[CODE]
n=3288315334013507348031117171885468096161021677564004034300356172248483753561621058705350647739894009\
5346045680550009445472595322983664958188142787148092914918061445039917611408596599725591252362294564\
1600699758076211854269675560352903000577560129603812320249402228524238334224780394198927618762027764\
4694175629521539892657010544312115079861771453079179141384844469970549673293813989678369426258452910\
3551493881299669360832439809441334130754552040177986894056672293223072559252965382679545203159671871\
1052801385883659044607163858197456954994787562252648007765822584016182739358104036624722033623683457\
3334375676353282746086370455038295247170962866302648507514375876708778979433419266589795636925613207\
4747459949682410108234198907723945838288102283178012219388623968160789028801889034265955398723460901\
5349542235839252138730727703428196783513008435899978778140980069771163397970731725281106467346639407\
481050648890548443151347;

p=484605015374629056777963894537847106303895551675266313154360900707104424961427719036266452196533774\
52921936399517882322789881804586540944802829882322554400675112952961990074662282674675063947229415372\
10158614848604710460460300049181316857625972449622618772532492044500653582851152895649758081518411705\
6344899;
q=678555778353106856699471351544625270538870277275101480850221325370922821493334863046535648959050812\
25688605158423860427793393677368543359664716921597907268575312832766558132199830099232360905729404728\
99121337787838935076965193459155301627652246520120302228518250201648597012572946836549688528687425909\
44431888146970279878990658770601477218446643121167732647451536410730645312792077195198632467755596788\
25155503616310435258635806796447200837691193982379038095497921562247764105338407437089023151285738935\
17162015165055647773150505612736034197993659591091727613875121131926185630357234439967667412188642741\
148076798353;

n==p*q
%42 = 1
[/CODE]

axn 2019-09-29 12:35

[QUOTE=CRGreathouse;526873]This is the test code I used while composing the above posts to generate numbers of the OP's form; I wonder if it's similar to your code, axn?
[/QUOTE]
Similar-ish, but less sophisticated. I hardcoded the sizes, and didn't bother with getting exact bit-lengths (so randomprime(2^1024) and random(2^2048)). Also for q, I started at random point and walked along an AP until an appropriate prime is found.

The only additional thing is the use of setrand.

axn 2019-09-29 12:37

[QUOTE=R. Gerbicz;526879]Good challenge. Solved:
[/QUOTE]
:tu:

If you don't mind, what is the procedure?

I wonder if there is a family of similar conditions with which you can generate backdoored keys.

baih 2019-09-29 15:05

[B]my solution are :qp =c
[/B]

[B]lets n is integer
[/B]
[B]e= (c+1)/4
[/B]
[B]s= n^e Mod c[/B]

[B]q= gcd(s-n,c)[/B]


for your example :


[code]gcd
48460501537462905677796389453784710630389555167526631315436090070710442496142771903626645219653377452921936399517882322789881804586540944802829882322554400675112952961990074662282674675063947229415372101586148486047104604603000491813168576259724496226187725324920445006535828511528956497580815184117056344899L[/code]

R. Gerbicz 2019-09-29 15:48

[QUOTE=baih;526898][B]my solution are :qp =c
[/B]

[B]lets n is integer
[/B]
[B]e= (c+1)/4
[/B]
[B]s= n^e Mod c[/B]

[B]q= gcd(s-n,c)[/B]


for your example :[/QUOTE]

Yes, more detail:
If n=p*q, and (n+1)/4==1 mod (p-1) then
(p-1) | e=(n-3)/4 with Fermat (for every b)
b^e-1 is divisible by p so p|gcd(b^e-1,n) and in general it is in fact p (and not n).

So (partial) factorization is easy when we know p|n and n mod (p-1).
Say we know that n==r/s mod (p-1) for tiny r,s (in solution just try all r,s pair).


All times are UTC. The time now is 15:47.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.