Factoring integers and computing discrete logarithms via diophantine approximation

  • Authors:

  • C. P. Schnorr

  • Affiliations:

  • Universität Frankfurt, Fachbereich Mathematik/Informatik, Frankfurt am Main, Germany

  • Venue:
  • EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
  • Year:
  • 1991

Quantified Score

Hi-index 0.00

Visualization

Abstract

Let N be an integer with at least two distinct prime factors. We reduce the problem of factoring N to the task of finding random integer solutions (e1,..., et) ∈ ZZt of the inequalities |Σi=1tei log pi - log N|≤ N-c and Σi=1t|ei log pi| ≤ (2c-1)log N+o(log pt), where c 1 is fixed and p1, ..., pt are the first t primes. We show, under the assumption that the smooth integers distribute "uniformly", that there are Ne+o(1) many solutions (e1,...,et) if c 1 and if Ɛ := c - 1 - (2c - 1) log log N / log pt 0. We associate with the primes p1,...,pt a lattice L ⊂ Rt+1 of dimension t and we associate with N a point N ∈ Rt+1. We reduce the problem of factoring N to the task of finding random lattice vectors z that are sufficiently close to N in both the ∞-norm and thr 1-norm. The dimension t of the lattice L is polynomial in log N. For N ≅ 2512 it is about 6300. We also reduce the problem of computing, for a prime N, discrete logarithms of the units in ZZ/NZZ to a similar diophantiue approximation problem.