Ed&HddlmZmZddlmZddlmZddlmZddl m Z m Z ddl Z e j ZGddZGd d Zd Zdd Zd ZdZdZdZdZdZdZddZdS))igcd mod_inverse)integer_nthroot)_sqrt_mod_prime_power)isprime)logsqrtNceZdZddZdZdS)SievePolynomialNc0||_||_||_dS)aThis class denotes the seive polynomial. If ``g(x) = (a*x + b)**2 - N``. `g(x)` can be expanded to ``a*x**2 + 2*a*b*x + b**2 - N``, so the coefficient is stored in the form `[a**2, 2*a*b, b**2 - N]`. This ensures faster `eval` method because we dont have to perform `a**2, 2*a*b, b**2` every time we call the `eval` method. As multiplication is more expensive than addition, by using modified_coefficient we get a faster seiving process. Parameters ========== modified_coeff : modified_coefficient of sieve polynomial a : parameter of the sieve polynomial b : parameter of the sieve polynomial N)modified_coeffab)selfrrrs 0lib/python3.11/site-packages/sympy/ntheory/qs.py__init__zSievePolynomial.__init__ s$-c2d}|jD] }||z}||z } |S)z Compute the value of the sieve polynomial at point x. Parameters ========== x : Integer parameter for sieve polynomial r)r)rxanscoeffs revalzSievePolynomial.eval!s4(  E 1HC 5LCC r)r NN)__name__ __module__ __qualname__rrr rrr r s7,     rr ceZdZdZdZdS)FactorBaseElemz7This class stores an element of the `factor_base`. ch||_||_||_d|_d|_d|_d|_dS)z Initialization of factor_base_elem. Parameters ========== prime : prime number of the factor_base tmem_p : Integer square root of x**2 = n mod prime log_p : Compute Natural Logarithm of the prime N)primetmem_plog_psoln1soln2a_invb_ainv)rr r!r"s rrzFactorBaseElem.__init__4s9       rN)rrr__doc__rr rrrr1s-rrcddlm}g}d\}}|d|D]}t||dz dz|dkr|dkr|t |dz }|dkr|t |dz }t ||dd}t t|d z}|t||||||fS) aGenerate `factor_base` for Quadratic Sieve. The `factor_base` consists of all the points whose ``legendre_symbol(n, p) == 1`` and ``p < num_primes``. Along with the prime `factor_base` also stores natural logarithm of prime and the residue n modulo p. It also returns the of primes numbers in the `factor_base` which are close to 1000 and 5000. Parameters ========== prime_bound : upper prime bound of the factor_base n : integer to be factored r)sieveNNiNi) sympy.ntheory.generater) primerangepowlenrroundrappendr) prime_boundnr) factor_baseidx_1000idx_5000r residuer"s r_generate_factor_baser:Hs-,,,,,K#Hh!!![11FF q519"E * *a / Ft| 0 0{++a/t| 0 0{++a/+Aua88;G#e**U*++E   ~eWeDD E E E X{ **rcZ|t|td|z|z }d\}}} |dn|} |t|dz n|} t dD]} d} g}| |kr^d}|dks||vr%t| | }|dk!||v%||j}| |z} ||| |k^| |z }| &t|dz t| dz kr|}| }|} |} |}g}t|D]_\}}||j}||j t| |z|z|z}||dz kr||z }|| |z|z`t|}t| | zd| z|z||z|z g| |}|D]}| jzdkrt| j_fd|D_jj |z zjz_jj |z zjz_~||fS)aiThis step is the initialization of the 1st sieve polynomial. Here `a` is selected as a product of several primes of the factor_base such that `a` is about to ``sqrt(2*N) / M``. Other initial values of factor_base elem are also intialized which includes a_inv, b_ainv, soln1, soln2 which are used when the sieve polynomial is changed. The b_ainv is required for fast polynomial change as we do not have to calculate `2*b*mod_inverse(a, prime)` every time. We also ensure that the `factor_base` primes which make `a` are between 1000 and 5000. Parameters ========== N : Number to be factored M : sieve interval factor_base : factor_base primes idx_1000 : index of prime numbe in the factor_base near 1000 idx_5000 : index of primenumber in the factor_base near to 5000 seed : Generate pseudoprime numbers Nr,)NNNrr+2c:g|]}d|zjzjzS)r,)r%r ).0b_elemfbs r z0_initialize_first_polynomial..s+BBBfQvXbh&1BBBr)rgenseedr r1rangerandintr r3abs enumerater!rsumr r%r&r#r$)NMr6r7r8rC approx_valbest_abest_q best_ratiostartend_rqrand_ppratioBidxvalq_lgammargr@s @r_initialize_first_polynomialr\es*  $acQJ "2FFJ /AAxE"* @#k  Q  C 2YY  *n FA+ 21 2eS11A+ 21 2F#)A FA HHV    *n J  UQY#j1n2E2E!E FFJAA AaLLS#$C '+a3h*D*DDsJ 37? %KE C AA1ac!eQqS1W-q!44A:: rx<1   q"(++BBBBBBB Hbi!m,8Hryj1n-9 a4Krcddlm}d}|}|dzdkr|dz }|dz}|dzdk||d|zz dzdkrd}nd}|jd|z||dz zz} |j} t | | zd| z| z| | z|z g| | }|D]a} | | jzdkr| j|| j|dz zz | jz| _| j|| j|dz zz | jz| _b|S)aInitialization stage of ith poly. After we finish sieving 1`st polynomial here we quickly change to the next polynomial from which we will again start sieving. Suppose we generated ith sieve polynomial and now we want to generate (i + 1)th polynomial, where ``1 <= i <= 2**(j - 1) - 1`` where `j` is the number of prime factors of the coefficient `a` then this function can be used to go to the next polynomial. If ``i = 2**(j - 1) - 1`` then go to _initialize_first_polynomial stage. Parameters ========== N : number to be factored factor_base : factor_base primes i : integer denoting ith polynomial g : (i - 1)th polynomial B : array that stores a//q_l*gamma r)ceilingr+r,) #sympy.functions.elementary.integersr^rrr r r#r&r$) rIr6ir[rVr^vjneg_powrrr@s r_initialize_ith_polyresN$<;;;;; A A a%1* Q a a%1*wqAqDzQ!# ai!a%  A A1ac!eQqS1W-q!44ADD rx<1   HwryQ'77728CHwryQ'77728C HrcTdgd|zdzz}|D]}|j t||jz|jzd|z|jD]}||xx|jz cc<|jdkrWt||jz|jzd|z|jD]}||xx|jz cc<|S)aSieve Stage of the Quadratic Sieve. For every prime in the factor_base that does not divide the coefficient `a` we add log_p over the sieve_array such that ``-M <= soln1 + i*p <= M`` and ``-M <= soln2 + i*p <= M`` where `i` is an integer. When p = 2 then log_p is only added using ``-M <= soln1 + i*p <= M``. Parameters ========== M : sieve interval factor_base : factor_base primes rr,r+)r#rDr r"r$)rJr6 sieve_arrayfactorrWs r_gen_sieve_arrayris#qsQw-K - - <  !fl*fl:AaCNN - -C     ,     <1   !fl*fl:AaCNN - -C     ,     - rcg}|dkr|d|dz}n|d|D]k}||jzdkr|d&d}||jzdkr|dz }||jz}||jzdk||dzl|dkr|dfSt|r|dfSdS)abHere we check that if `num` is a smooth number or not. If `a` is a smooth number then it returns a vector of prime exponents modulo 2. For example if a = 2 * 5**2 * 7**3 and the factor base contains {2, 3, 5, 7} then `a` is a smooth number and this function returns ([1, 0, 0, 1], True). If `a` is a partial relation which means that `a` a has one prime factor greater than the `factor_base` then it returns `(a, False)` which denotes `a` is a partial relation. Parameters ========== a : integer whose smootheness is to be checked factor_base : factor_base primes rr+r_r,TFr*)r3r r)numr6vecrh factor_exps r_check_smoothnessrns C Qw 1  r  1 ##   "  JJqMMM  FL A% ! !OJ FL CFL A% ! :>"""" axDys||Ez :rctt|}t||zdz|z }g} t} d|djz} t |D]\} } | |kr | |z }||}t||\}}|<|j|z|j z}|dur|}|| kr[||vr||f||<g||\}}| | t||}n%#t$r| |YwxYw||z|z}||z||zz}t||\}}| |||f| | fS)a)Trial division stage. Here we trial divide the values generetated by sieve_poly in the sieve interval and if it is a smooth number then it is stored in `smooth_relations`. Moreover, if we find two partial relations with same large prime then they are combined to form a smooth relation. First we iterate over sieve array and look for values which are greater than accumulated_val, as these values have a high chance of being smooth number. Then using these values we find smooth relations. In general, let ``t**2 = u*p modN`` and ``r**2 = v*p modN`` be two partial relations with the same large prime p. Then they can be combined ``(t*r/p)**2 = u*v modN`` to form a smooth relation. Parameters ========== N : Number to be factored M : sieve interval factor_base : factor_base primes sieve_array : stores log_p values sieve_poly : polynomial from which we find smooth relations partial_relations : stores partial relations with one large prime ERROR_TERM : error term for accumulated_val r-r_NF)r floatrsetr rGrrnrrpopr ValueErroraddr3)rIrJr6rg sieve_polypartial_relations ERROR_TERMsqrt_naccumulated_valsmooth_relations proper_factorpartial_relation_upper_boundrWrXrrbrl is_smoothu large_primeu_prevv_prevlarge_prime_invs r_trial_division_stagers.%((^^F!f*ooe+j8OEEM#&{2'<#< k**--S     !G OOA  *1k::Y    LNZ\ )   CK99 "33 C23Q!+.!2;!?!%%k222&1+q&A&AOO!!%%k222HfH_,fH[!89!21k!B!BYAs ,,,, ] **s,C==DDcJg}|D]}||d|S)z|Build a 2D matrix from smooth relations. Parameters ========== smooth_relations : Stores smooth relations r,)r3)r{matrix s_relations r _build_matrixrUs6F&%%  jm$$$$ MrcLddl}||}t|}t|d}dg|z}t|D]}t|D]}|||dkrnd||<t|D]V}||kr |||dkr;t|D]+} || ||| |zdz|| |<,Wg} t |D](\} } | dkr| || | g)| ||fS)aFast gaussian reduction for modulo 2 matrix. Parameters ========== A : Matrix Examples ======== >>> from sympy.ntheory.qs import _gauss_mod_2 >>> _gauss_mod_2([[0, 1, 1], [1, 0, 1], [0, 1, 0], [1, 1, 1]]) ([[[1, 0, 1], 3]], [True, True, True, False], [[0, 1, 0], [1, 0, 0], [0, 0, 1], [1, 0, 1]]) Reference ========== .. [1] A fast algorithm for gaussian elimination over GF(2) and its implementation on the GAPP. Cetin K.Koc, Sarath N.ArachchigerNFr+Tr,)copydeepcopyr1rDrGr3) Arrrowcolmarkcrc1r2 dependent_rowrWrXs r _gauss_mod_2rcsq,KKK ]]1  F f++C fQi..C 73;D 3ZZ J Js  Aay|q   Q** J JBQw ay}! J**JJB&,Rjnvbz!}&D%IF2JrNN  J MdOO55S %< 5  &+s!3 4 4 4 $ &&rc0||d}||dg}||dg}||d} t| D]\} } | dkrtt|D]d} || | dkrP|| dkrD||| d||| dned} d}|D]}| |z} |D]}||z}t |dd}t | |z |S)aFinds proper factor of N. Here, transform the dependent rows as a combination of independent rows of the gauss_matrix to form the desired relation of the form ``X**2 = Y**2 modN``. After obtaining the desired relation we obtain a proper factor of N by `gcd(X - Y, N)`. Parameters ========== dependent_rows : denoted dependent rows in the reduced matrix form mark : boolean array to denoted dependent and independent rows gauss_matrix : Reduced form of the smooth relations matrix index : denoted the index of the dependent_rows smooth_relations : Smooth relations vectors matrix N : Number to be factored r+rTr,)rGrDr1r3rr)dependent_rowsr gauss_matrixindexr{rI idx_in_smooth independent_u independent_vdept_rowrWrXrrrbras r _find_factorrs\ #5)!,M%m4Q78M%m4Q78Me$Q'Hh''S !8 S..//  $S)Q.493D!(()9#)>q)ABBB!(()9#)>q)ABBBE A A  Q  Q1a A Aq>>rc |dz}t|t||\}}}g}d} i} t} dt |zdz} | dkrt |||||\} }nt ||| | |} | dz } | dt |dz zkrd} t||}t||||| | |\}}||z }| |z} t |t || zkrnt|}t|\}}}|}tt |D]|}t||||||}|dkr`||krZ| |||zdkr||z}||zdkt|r| |n |dkrn}| S)aPerforms factorization using Self-Initializing Quadratic Sieve. In SIQS, let N be a number to be factored, and this N should not be a perfect power. If we find two integers such that ``X**2 = Y**2 modN`` and ``X != +-Y modN``, then `gcd(X + Y, N)` will reveal a proper factor of N. In order to find these integers X and Y we try to find relations of form t**2 = u modN where u is a product of small primes. If we have enough of these relations then we can form ``(t1*t2...ti)**2 = u1*u2...ui modN`` such that the right hand side is a square, thus we found a relation of ``X**2 = Y**2 modN``. Here, several optimizations are done like using muliple polynomials for sieving, fast changing between polynomials and using partial relations. The use of partial relations can speeds up the factoring by 2 times. Parameters ========== N : Number to be Factored prime_bound : upper bound for primes in the factor base M : Sieve Interval ERROR_TERM : Error term for checking smoothness threshold : Extra smooth relations for factorization seed : generate pseudo prime numbers Examples ======== >>> from sympy.ntheory import qs >>> qs(25645121643901801, 2000, 10000) {5394769, 4753701529} >>> qs(9804659461513846513, 2000, 10000) {4641991, 2112166839943} References ========== .. [1] https://pdfs.semanticscholar.org/5c52/8a975c1405bd35c65993abf5a4edb667c1db.pdf .. [2] https://www.rieselprime.de/ziki/Self-initializing_quadratic_sieve r-rdTr+r,)rBrCr:rrr1r\rerirrrrDrrur)rIr4rJrxrCr7r8r6r{ith_polyrwr| thresholdith_sieve_polyB_arrayrgs_relp_frrrrN_copyrrhs rqsrs=NJIIdOOO&;K&K&K#Hh HEEM#k"""c)I  q= e&B1aV^`h&i&i #NGG1![(N\cddNA  q3w<[lnxyy sE!  C $4$4y$@ @   + , ,F(4V(<(<%M4 Fs=))**  mT<HXZ[\\ A: &1*    f % % %6/Q& "6!6/Q& "v !!&))){  r)N)rr)sympy.core.numbersrrsympy.core.powerrsympy.ntheory.residue_ntheoryr sympy.ntheoryrmathrr randomRandomrBr rr:r\rerirnrrrrrr rrrs00000000,,,,,,??????!!!!!! v}$$$$$$$$N.+++:DDDDN% % % P6###L<+<+<+@   *'*'*'Z%%%PKKKKKKr