|
2013-09-06, 03:46
|
#23 | |
"Bob Silverman"
Nov 2003
North of Boston
5×17×89 Posts |
Quote:
There is a solution to x^2-2 = 0 (in the field) of the form a + 1/a for some element a. When you apply the recurrence x <- x^2 - 2 in the Pollard Rho algorithm, one gets (a+1/a)(a + 1/a) - 2 = a^2 + 2*a * 1/a + 1/a^2 - 2. The middle term "drops out". (a+1/a)^2 = a^2 + 1/a^2 This is what makes it bad as a pseudo RNG. As one repeats the recurrence, all of the middle terms drop out. This limits the range of the recurrence. |
|
|
|
|
2013-09-27, 08:52
|
#24 | |
"Gang aft agley"
Sep 2002
2·1,877 Posts |
Quote:
|
|
|
|
|
|
2013-09-29, 21:56
|
#25 |
|
"Gang aft agley"
Sep 2002
2×1,877 Posts |
Here are the other Lucas Lehmer Tests for Mersenne numbers that subtract other constant values per iteration.: http://www.mersennewiki.org/index.ph...Initial_Values
|
|
|
|
|
2013-09-29, 22:54
|
#26 | |
|
Just call me Henry
"David"
Sep 2007
Liverpool (GMT/BST)
3·23·89 Posts |
Quote:
|
|
|
|
|
|
2013-09-30, 04:24
|
#27 |
|
Romulan Interpreter
"name field"
Jun 2011
Thailand
240638 Posts |
Assuming some TF was done, there will never be more optimal to use rho for mersenne numbers. That is because rho is finding the order of some base b, and this order is always a multiple of q-1, where q is a factor of m=Mp=2^p-1, with few "lucky" exceptions (one exception is when we stepped on a square root of 1, for example, its order is 2).
Try this in pari/gp: Code:
gp > v=vector(2046);
gp > for(i=1,2046,if(gcd(2047,i)==1,v[i]=znorder(Mod(i,2047))))
gp > v=vecsort(v);
gp > cnt=1; for(i=2,#v,if(v[i]==v[i-1],cnt++,print("elements with order "v[i-1]": \t"cnt); cnt=1)); print("elememts with order "v[#v]": \t"cnt)
elements with order 0: 110
elements with order 1: 1
elements with order 2: 3
elements with order 4: 4
elements with order 8: 8
elements with order 11: 120
elements with order 22: 360
elements with order 44: 480
elememts with order 88: 960
The "twos" are square roots of 1, some of them are quadratic residues too, therefore we have "fours" and "eights". If we step on them, we are lucky, job is done. The "elevens" (this is our p) are powers of 2, and their negatives, because 2^p=1 (mod m) always. Those are not useful for our rho. The rest (22, 44, 88) are the orders of some random bases which are not factors or multiple of factors. Now you take 2^67-1, and tell me how lucky you have to be to "step on a factor" when you randomly pick the base.  Because, if you are not, you will always need to do at least a DOUBLE number of rho iterations to get the order of that base (and therefore the factor). Well, this example is not very good, because you can start with c=b^(2*p) as a base, for a random b, and you reduce the order by 2p, but still, that is why I said in the beginning "if some TF was done", i.e. for a k in q=2*k*p+1 and k>p, (which is trivial to TF!!!) and a factor was not found, then you will still have to do MORE than p iterations of rho, to find any factor. And this is valid for ALL exponents. Either you find a factor by doing a little bit of TF, or if not, then you must do MORE than p iterations of rho to find the factor. (edit: by doing a little bit of TF you eliminate the possibility that the order you are looking for is very small; afterthat what is left is either "a lot of rho", or "a lot of luck" to step on a convenient base). This discussion is futile, as a known person here would say... Last fiddled with by LaurV on 2013-09-30 at 05:07 |
|
|
|
 |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pollard rho with known factor of P-1 | henryzz | Math | 2 | 2017-08-15 12:13 |
| PFGW can't find a small factor. | Arkadiusz | Software | 7 | 2013-02-18 12:43 |
| How much ECM does it take to find a given factor? | geoff | Factoring | 5 | 2004-09-29 20:14 |
| Where I find the best program to it factor keys? I use AMD. | chrow | Factoring | 5 | 2004-02-19 10:15 |
| How large a factor can P-1 testing find ? | dsouza123 | Software | 3 | 2003-12-11 00:48 |
