Pollard's p-1 algorithm [4]
Pollard's p − 1 algorithm is a number theoretic integer factorization algorithm, invented by John Pollard in 1974. It is a special-purpose algorithm, meaning that it is only suitable for integers with specific types of factors.
The algorithm is based on the insight that numbers of the form ab − 1 tend to be highly composite when b is itself composite. Since it is computationally simple to evaluate numbers of this form in modular arithmetic, the algorithm allows one to quickly check many potential factors with great efficiency. In particular, the method will find a factor p if b is divisible by p − 1, hence the name. When p − 1 is smooth (the product of only small integers) then this algorithm is well-suited to discovering the factor p.
Base concepts
Let n be a composite integer with prime factor p. By Fermat's little theorem, we know that
for a coprime to p
Let us assume that p − 1 is B-powersmooth for some reasonably sized B (more on the selection of this value later). Recall that a positive integer m is called B-smooth if all prime factors pi of m are such that pi ≤ B. m is called B-powersmooth if all prime powers
i dividing m are such that pi i ≤ B.
Let p1, ..., pL be the primes less than B and let e1, ..., eL be the exponents such that
Let
As a shortcut, M = lcm{1, ..., B}. As a consequence of this, (p − 1) divides M, and also if pe divides M this implies that pe ≤ B. Since (p − 1) divides M we know that aM ≡ 1 (mod p), and because p divides n this means gcd(aM − 1, n) > 1.
Therefore if gcd(aM − 1, n) ≠ n, then the gcd is a non-trivial factor of n.
If p − 1 is not B-power-smooth, then aM ≢ 1 (mod p) for at least half of all a.