# Factoring integers with elliptic curves

@article{Lenstra1986FactoringIW, title={Factoring integers with elliptic curves}, author={Hendrik W. Lenstra}, journal={Annals of Mathematics}, year={1986}, volume={126}, pages={649-673} }

This paper is devoted to the description and analysis of a new algorithm to factor positive integers. It depends on the use of elliptic curves. The new method is obtained from Pollard's (p - 1)-method (Proc. Cambridge Philos. Soc. 76 (1974), 521-528) by replacing the multiplicative group by the group of points on a random elliptic curve. It is conjectured that the algorithm determines a non-trivial divisor of a composite number n in expected time at most K( p)(log n)2, where p is the least…

## 1,069 Citations

Integer Factorization of Semi-Primes Based on Analysis of a Sequence of Modular Elliptic Equations

- Mathematics, Computer ScienceInt. J. Commun. Netw. Syst. Sci.
- 2011

A non-deterministic algorithm that computes a factor of a semi-prime integer n=pq, where prime factors p and q are unknown is provided.

Finding elliptic curves with a subgroup of prescribed size

- Mathematics, Computer Science
- 2017

An unconditional version of the algorithm that works for almost all primes p, and a probabilistic algorithm with subexponential time complexity are given.

On the number of elliptic pseudoprimes

- Mathematics
- 1989

For an elliptic curve E with complex multiplication by an order in K = Q(V\/d), a point P of infinite order on E, and any prime p with (-d I p) = -1, we have that (p + 1) * P = O(mod p), where 0 is…

Factoring integers with the number field sieve

- Mathematics
- 1993

In 1990, the ninth Fermat number was factored into primes by means of a new algorithm, the “number field sieve”, which was proposed by John Pollard. The present paper is devoted to the description…

Estimates related to the arithmetic of elliptic curves

- Mathematics
- 2007

This dissertation presents results related to two problems in the arithmetic of elliptic curves. Let En : y 2 = x − nx denote the family of congruent number elliptic curves. In [13], Feng and Xiong…

Fe b 20 09 The distribution of the number of points modulo an integer on elliptic curves over finite fields

- Mathematics
- 2009

Let Fq be a finite field and let b and N be integers. We study the probability that the number of points on a randomly chosen elliptic curve E over Fq equals b modulo N . We prove explicit formulas…

Discrete logarithms and local units

- MathematicsPhilosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences
- 1993

Let K be a number field and (9K its ring of integers. Let l be a prime number and e a positive integer. We give a method to construct leth powers in (9K using smooth algebraic integers. This method…

A rigorous time bound for factoring integers

- Mathematics
- 1992

In this paper a probabilistic algorithm is exhibited that factors any positive integer n into prime factors in expected time at most Ln[2, 1 + o()] for n oo, where L,[a, b] = exp(b(logx)a(loglogx)l…

Constructing elliptic curves of prime order

- Mathematics, Computer Science
- 2007

A very efficient algorithm to construct an elliptic curve E and a finite field F such that the order of the point group E(F) is a given prime number N, so fast that it may be used to tackle the related problem of finding elliptic curves with point groups of prime order of prescribed size.

HOW TO FIND SMOOTH PARTS OF INTEGERS

- Mathematics
- 2004

Let P be a finite set of primes, and let S be a finite sequence of positive integers. This paper presents an algorithm to find the largest P smooth divisor of each integer in S. The algorithm takes…

## References

SHOWING 1-10 OF 32 REFERENCES

Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p

- Mathematics, Computer Science
- 1985

A deterministic algorithm to compute the number of F^-points of an elliptic curve that is defined over a finite field Fv and which is given by a Weierstrass equation is presented.

Speeding the Pollard and elliptic curve methods of factorization

- Mathematics
- 1987

Since 1974, several algorithms have been developed that attempt to factor a large number N by doing extensive computations module N and occasionally taking GCDs with N. These began with Pollard's p 1…

A Monte Carlo factoring algorithm with linear storage

- Computer Science, Mathematics
- 1984

An algorithm which will factor an integer n quite efficiently if the class number h(-n) is free of large prime divisors and the method requires an amount of storage space which is proportional to the length of the input n.

A probabilistic factorization algorithm with quadratic forms of negative discriminant

- Computer Science, Mathematics
- 1987

We propose a probabilistic algorithm for factorization of an integer N with run time (expVlog N log log N)V54 +?(1). Asymptotically, our algorithm will be as fast as the wellknown factorization…

Arithmetic moduli of elliptic curves

- Mathematics
- 1985

This work is a comprehensive treatment of recent developments in the study of elliptic curves and their moduli spaces. The arithmetic study of the moduli spaces began with Jacobi's "Fundamenta Nova"…

Theorems on factorization and primality testing

- Computer Science
- 1974

This paper is concerned with the problem of obtaining theoretical estimates for the number of arithmetical operations required to factorize a large integer n or test it for primality, and uses a multi-tape Turing machine for this purpose.

Prime numbers and computer methods for factorization

- Mathematics
- 1985

1. The Number of Primes Below a Given Limit.- What Is a Prime Number?.- The Fundamental Theorem of Arithmetic.- Which Numbers Are Primes? The Sieve of Eratosthenes.- General Remarks Concerning…

Sequences of numbers generated by addition in formal groups and new primality and factorization tests

- Mathematics
- 1986

Almost all primes can be quickly certified

- Computer Science, MathematicsSTOC '86
- 1986

A new probabilistie primality test is presented, different from the tests of Miller, Solovay-Strassen, and Rabin in that its assertions of primality are certain, rather than being correct with high probability or dependent on an unproven assumption.