Large prime variant

A variant of the basic algorithm is sometimes used. Statistically, there is often a factor p of n such that p − 1 = fq such that f is B-powersmooth and B < q ≤ B', where q is a prime and B' is called a semi-smoothness bound.

As a starting point, this would work into the basic algorithm at step 6 if we encountered gcd = 1 but didn't want to increase B. For all primes B < q₁, ..., q_L ≤ B', we check if

to obtain a non-trivial factor of n. This is quickly accomplished, because if we let c = a^M, and d₁ = q₁  and d_i  = q_i  − q_i − 1, then we can compute

The running time of the algorithm with this variant then becomes O(B' × log B' × log²n).

Additional information

Because of this algorithm's effectiveness on certain types of numbers the RSA specifications require that the primes, p and q, be such that p-1 and q-1 are non-B- power-smooth for small values of B.

Williams' p plus 1 algorithm[5]

In computational number theory, Williams' p + 1 algorithm is an integer factorization algorithm invented by H. C. Williams.

It works well if the number N to be factored contains one or more prime factors p such that p + 1

is smooth, i.e. p + 1 contains only small factors. It uses Lucas sequences. It is analogous to Pollard's p-1 algorithm.
Algorithm

Choose some integer A greater than 2 which characterizes the sequence:

V₀  = 2,V₁ = A,V_j  = AV_j-1 −V_j-2

where all operations are performed modulo N.

Then any odd prime p divides gcd(N,V_M− 2) whenever M is a multiple of p − (D / p), where D = A² − 4 and (D / p) is the Jacobi symbol.