Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On Deterministically Finding an Element of High Order Modulo a Composite

Ziv Oznovich, Ben Lee Volk

TL;DR

This work advances deterministic factorization by giving an algorithm that, for composite $N$ and target order $D\ge N^{1/6}$, outputs either a nontrivial factor of $N$ or an element of $\oldsymbol{Z}_N^*$ with order at least $D$ in time $D^{1/2+o(1)}$. Building on Hittmeir’s framework, the authors tighten the analysis of consecutive-root occurrences to allow larger intermediate orders and replace the final factoring step with a residue-class factoring approach that leverages knowledge of prime divisors’ residues modulo a chosen $s$. They also extend the method to the case where $N$ has an $r$-power divisor, achieving the same running time under the weaker bound $D\ge N^{1/(6r)}$. The results integrate with deterministic factoring algorithms by supplying a robust subroutine that deterministically yields high-order elements or factors, potentially improving the overall dependence on $N$ in contemporary derandomized factorization frameworks. A concurrent line of work has produced related results with stronger assumptions, underscoring the growing viability of deterministic high-order element approaches in factoring.

Abstract

We give a deterministic algorithm that, given a composite number $N$ and a target order $D \ge N^{1/6}$, runs in time $D^{1/2+o(1)}$ and finds either an element $a \in \mathbb{Z}_N^*$ of multiplicative order at least $D$, or a nontrivial factor of $N$. Our algorithm improves upon an algorithm of Hittmeir (arXiv:1608.08766), who designed a similar algorithm under the stronger assumption $D \ge N^{2/5}$. Hittmeir's algorithm played a crucial role in the recent breakthrough deterministic integer factorization algorithms of Hittmeir and Harvey (arXiv:2006.16729, arXiv:2010.05450, arXiv:2105.11105). When $N$ is assumed to have an $r$-power divisor with $r\ge 2$, our algorithm provides the same guarantees assuming $D \ge N^{1/6r}$.

On Deterministically Finding an Element of High Order Modulo a Composite

TL;DR

This work advances deterministic factorization by giving an algorithm that, for composite and target order , outputs either a nontrivial factor of or an element of with order at least in time . Building on Hittmeir’s framework, the authors tighten the analysis of consecutive-root occurrences to allow larger intermediate orders and replace the final factoring step with a residue-class factoring approach that leverages knowledge of prime divisors’ residues modulo a chosen . They also extend the method to the case where has an -power divisor, achieving the same running time under the weaker bound . The results integrate with deterministic factoring algorithms by supplying a robust subroutine that deterministically yields high-order elements or factors, potentially improving the overall dependence on in contemporary derandomized factorization frameworks. A concurrent line of work has produced related results with stronger assumptions, underscoring the growing viability of deterministic high-order element approaches in factoring.

Abstract

We give a deterministic algorithm that, given a composite number and a target order , runs in time and finds either an element of multiplicative order at least , or a nontrivial factor of . Our algorithm improves upon an algorithm of Hittmeir (arXiv:1608.08766), who designed a similar algorithm under the stronger assumption . Hittmeir's algorithm played a crucial role in the recent breakthrough deterministic integer factorization algorithms of Hittmeir and Harvey (arXiv:2006.16729, arXiv:2010.05450, arXiv:2105.11105). When is assumed to have an -power divisor with , our algorithm provides the same guarantees assuming .

Paper Structure

This paper contains 17 sections, 11 theorems, 31 equations, 1 algorithm.

Table of Contents

  1. Introduction
  2. Our results
  3. Proof Technique
  4. Organization
  5. Preliminaries
  6. Order Calculation Algorithm
  7. Strassen's Method
  8. Order of All Prime Divisors
  9. Lattice Basis Reduction
  10. Number of Consecutive Roots
  11. Factoring $N$ Given the Residue of a Prime Divisor
  12. The Main Algorithm
  13. High-Level Overview of \ref{['alg:algorithm']}
  14. Main Changes from hittmeir2018
  15. Proof of \ref{['int:main-algorithm']}
  16. ...and 2 more sections

Key Result

Theorem 1.1

There exists a deterministic algorithm that, when given as input a composite integer $N\in\mathbb{N}$ and a target order $D \ge N^{1/6}$, runs in time $D^{1/2+o(1)}$ and outputs either a nontrivial factor of $N$ or an element $a \in \mathbb{Z}_N^*$ of multiplicative order at least $D$.

Theorems & Definitions (22)

  • Theorem 1.1
  • Theorem 2.1: sutherland2007order
  • Theorem 2.2: Pollard74Strassen77
  • Lemma 2.3: hittmeir2018
  • Lemma 2.4: LLL82
  • Lemma 2.5: forbes2011, Lemma 2.1
  • Claim 2.6
  • proof
  • Definition 3.1
  • Theorem 3.2
  • ...and 12 more