## Monte Carlo Factorization

### June 19, 2009

We have previously examined two methods of integer factorization, trial division using wheels and Fermat’s method of the differences of squares. In this exercise we examine a probabilistic method of integer factorization that takes only a small, fixed amount of memory and tends to be very fast. This method was developed by John Pollard in 1975 and is commonly called the Pollard rho algorithm.

The algorithm is based on the observation that, for any two random integers *x* and *y* that are congruent modulo *p*, the greatest common divisor of their difference and *n*, the integer being factored, will be 1 if *p* and *n* are coprime (have no factors in common) but will be between 1 and *n* if *p* is a factor of *n*. By the birthday paradox, *p* will be found with reasonably large probability after trying about random pairs.

Pollard’s algorithm uses a function modulo *n* to generate a pseudo-random sequence. Two copies of the sequence are run, one twice as fast as the other, and their values are saved as *x* and *y*. At each step, we calculate *gcd*(*x*–*y*,*n*). If the greatest common divisor is one, we loop, since the two values are coprime. If the greatest common divisor is *n*, then the values of the two sequences have become equal and Pollard’s algorithm fails, since the sequences have fallen into a cycle, which is detected by Floyd’s tortoise-and-hare cycle-finding algorithm; that’s why we have two copies of the sequence, one (the “hare”) running twice as fast as the other (the “tortoise”). But if the greatest common divisor is between 1 and *n*, we have found a factor of *n*.

Failure doesn’t mean failure. It just means that the particular pseudo-random sequence that we chose doesn’t lead to success. Our response to failure is to try another sequence. We use the function *x*² + *c* (mod *n*), where *c* is initially 1. If Pollard’s algorithm fails, we increase *c* to 2, then 3, and so on. If we keep increasing *c*, we will eventually find a factor, though it may take a long time if *n* is large.

Your task is to implement Pollard’s factorization algorithm. You can test it by calculating the factors of the 98th Mersenne number, 2^{98} – 1. When you are finished, you are welcome to read or run a suggested solution, or to post your own solution or discuss the exercise in the comments below.