o 8VaG@sddlmZmZddlmZddlmZddlmZm Z ddl Z e Z GdddZ Gdd d Zd d Zd d d ZddZddZddZddZddZddZddZd!ddZdS)")igcd mod_inverse)_sqrt_mod_prime_power)isprime)logsqrtNc@s$eZdZgddfddZddZdS)SievePolynomialNcCs||_||_||_dS)aThis class denotes the seive polynomial. If ``g(x) = (a*x + b)**2 - N``. `g(x)` can be expanded to ``a*x**2 + 2*a*b*x + b**2 - N``, so the coefficient is stored in the form `[a**2, 2*a*b, b**2 - N]`. This ensures faster `eval` method because we dont have to perform `a**2, 2*a*b, b**2` every time we call the `eval` method. As multiplication is more expensive than addition, by using modified_coefficient we get a faster seiving process. Parameters ========== modified_coeff : modified_coefficient of sieve polynomial a : parameter of the sieve polynomial b : parameter of the sieve polynomial N)modified_coeffab)selfr r r r 2/usr/lib/python3/dist-packages/sympy/ntheory/qs.py__init__ s zSievePolynomial.__init__cCs$d}|jD] }||9}||7}q|S)z Compute the value of the sieve polynomial at point x. Parameters ========== x : Integer parameter for sieve polynomial r)r )r xZansZcoeffr r reval s   zSievePolynomial.eval)__name__ __module__ __qualname__rrr r r rr s rc@seZdZdZddZdS)FactorBaseElemz7This class stores an element of the `factor_base`. cCs.||_||_||_d|_d|_d|_d|_dS)z Initialization of factor_base_elem. Parameters ========== prime : prime number of the factor_base tmem_p : Integer square root of x**2 = n mod prime log_p : Compute Natural Logarithm of the prime N)primetmem_plog_psoln1soln2a_invb_ainv)r rrrr r rr3s  zFactorBaseElem.__init__N)rrr__doc__rr r r rr0s rc Csddlm}g}d\}}|d|D]C}t||dd|dkrU|dkr.|dur.t|d}|dkr<|durs z0_initialize_first_polynomial..)rgenseedrr%rangeZrandintrr'abs enumeraterrsumrrrrr)NMr*r+r,r4Z approx_valZbest_aZbest_qZ best_ratiostartend_r qZrand_ppZratioBidxvalZq_lZgammar gr r0r_initialize_first_polynomialdsV         &rDc Csddlm}d}|}|ddkr|d7}|d}|ddks||d|ddkr-d}nd}|jd|||d} |j} t| | d| | | | |g| | }|D]*} | | jdkr^qT| j|| j|d| j| _| j|| j|d| j| _qT|S)aInitialization stage of ith poly. After we finish sieving 1`st polynomial here we quickly change to the next polynomial from which we will again start sieving. Suppose we generated ith sieve polynomial and now we want to generate (i + 1)th polynomial, where ``1 <= i <= 2**(j - 1) - 1`` where `j` is the number of prime factors of the coefficient `a` then this function can be used to go to the next polynomial. If ``i = 2**(j - 1) - 1`` then go to _initialize_first_polynomial stage. Parameters ========== N : number to be factored factor_base : factor_base primes i : integer denoting ith polynomial g : (i - 1)th polynomial B : array that stores a//q_l*gamma r)ceilingr r!) r#rEr r rrrrr) r9r*irCr@rEvjZneg_powr r r1r r r_initialize_ith_polys&   & "rJcCsdgd|d}|D]D}|jdurq t||j|jd||jD] }|||j7<q"|jdkr4q t||j|jd||jD] }|||j7<qCq |S)aSieve Stage of the Quadratic Sieve. For every prime in the factor_base that doesn't divide the coefficient `a` we add log_p over the sieve_array such that ``-M <= soln1 + i*p <= M`` and ``-M <= soln2 + i*p <= M`` where `i` is an integer. When p = 2 then log_p is only added using ``-M <= soln1 + i*p <= M``. Parameters ========== M : sieve interval factor_base : factor_base primes rr!r N)rr5rrr)r:r* sieve_arrayfactorrAr r r_gen_sieve_arrays  " "rMcCsg}|dkr|d|d9}n|d|D]/}||jdkr&|dqd}||jdkr?|d7}||j}||jdks/||dq|dkrO|dfSt|rW|dfSdS)abHere we check that if `num` is a smooth number or not. If `a` is a smooth number then it returns a vector of prime exponents modulo 2. For example if a = 2 * 5**2 * 7**3 and the factor base contains {2, 3, 5, 7} then `a` is a smooth number and this function returns ([1, 0, 0, 1], True). If `a` is a partial relation which means that `a` a has one prime factor greater than the `factor_base` then it returns `(a, False)` which denotes `a` is a partial relation. Parameters ========== a : integer whose smootheness is to be checked factor_base : factor_base primes rr rFr!TFr)r'rr)Znumr*vecrLZ factor_expr r r_check_smoothnesss(     rOc Cs>tt|}t||d|}g} t} d|dj} t|D]z\} } | |kr)q | |}||}t||\}}|dur>q |j||j }|dur|}|| krQq ||vr\||f||<q ||\}}| |zt ||}Wnt y|| |Yq w|||}||||}t||\}}| |||fq | | fS)a)Trial division stage. Here we trial divide the values generetated by sieve_poly in the sieve interval and if it is a smooth number then it is stored in `smooth_relations`. Moreover, if we find two partial relations with same large prime then they are combined to form a smooth relation. First we iterate over sieve array and look for values which are greater than accumulated_val, as these values have a high chance of being smooth number. Then using these values we find smooth relations. In general, let ``t**2 = u*p modN`` and ``r**2 = v*p modN`` be two partial relations with the same large prime p. Then they can be combined ``(t*r/p)**2 = u*v modN`` to form a smooth relation. Parameters ========== N : Number to be factored M : sieve interval factor_base : factor_base primes sieve_array : stores log_p values sieve_poly : polynomial from which we find smooth relations partial_relations : stores partial relations with one large prime ERROR_TERM : error term for accumulated_val r"rFNF)rfloatrsetrr7rrOr r popr ValueErroraddr')r9r:r*rKZ sieve_polypartial_relations ERROR_TERMZsqrt_nZaccumulated_valsmooth_relations proper_factorZpartial_relation_upper_boundrArBrrHrNZ is_smoothuZ large_primeZu_prevZv_prevZlarge_prime_invr r r_trial_division_stagesD        r[cCs g}|D] }||dq|S)z|Build a 2D matrix from smooth relations. Parameters ========== smooth_relations : Stores smooth relations r!)r')rXmatrixZ s_relationr r r _build_matrixTsr]c Csddl}||}t|}t|d}dg|}t|D]D}t|D] }|||dkr.nq"d||<t|D](}||kr>q7|||dkr_t|D]} || ||| |d|| |<qJq7qg} t|D]\} } | dkrx| || | gqg| ||fS)aFast gaussian reduction for modulo 2 matrix. Parameters ========== A : Matrix Examples ======== >>> from sympy.ntheory.qs import _gauss_mod_2 >>> _gauss_mod_2([[0, 1, 1], [1, 0, 1], [0, 1, 0], [1, 1, 1]]) ([[[1, 0, 1], 3]], [True, True, True, False], [[0, 1, 0], [1, 0, 0], [0, 0, 1], [1, 0, 1]]) Reference ========== .. [1] A fast algorithm for gaussian elimination over GF(2) and its implementation on the GAPP. Cetin K.Koc, Sarath N.ArachchigerNFr Tr!)copyZdeepcopyr%r5r7r') Ar^r\rowcolmarkcrZc1Zr2 dependent_rowrArBr r r _gauss_mod_2bs2       & rfcCsddlm}||d}||dg}||dg} ||d} t| D]3\} } | dkrWtt|D]$} || | dkrV|| dkrV||| d| || dnq2q$d}d}|D]}||9}q^| D]}||9}qg||dd}t|||S)aFinds proper factor of N. Here, transform the dependent rows as a combination of independent rows of the gauss_matrix to form the desired relation of the form ``X**2 = Y**2 modN``. After obtaining the desired relation we obtain a proper factor of N by `gcd(X - Y, N)`. Parameters ========== dependent_rows : denoted dependent rows in the reduced matrix form mark : boolean array to denoted dependent and independent rows gauss_matrix : Reduced form of the smooth relations matrix index : denoted the index of the dependent_rows smooth_relations : Smooth relations vectors matrix N : Number to be factored r)integer_nthrootr Tr!)r#rgr7r5r%r'r)Zdependent_rowsrb gauss_matrixindexrXr9rgZ idx_in_smoothZ independent_uZ independent_vZdept_rowrArBr`rZrHrGr r r _find_factors*     rjcCs|d9}t|t||\}}}g}d} i} t} dt|d} | dkr2t|||||\} }nt||| | |} | d7} | dt|dkrJd} t||}t||||| | |\}}||7}| |O} t|t|| krnnq#t |}t |\}}}|}t t|D];}t ||||||}|dkr||kr| |||dkr||}||dkst|r| || S|dkr| Sq| S)aPerforms factorization using Self-Initializing Quadratic Sieve. In SIQS, let N be a number to be factored, and this N should not be a perfect power. If we find two integers such that ``X**2 = Y**2 modN`` and ``X != +-Y modN``, then `gcd(X + Y, N)` will reveal a proper factor of N. In order to find these integers X and Y we try to find relations of form t**2 = u modN where u is a product of small primes. If we have enough of these relations then we can form ``(t1*t2...ti)**2 = u1*u2...ui modN`` such that the right hand side is a square, thus we found a relation of ``X**2 = Y**2 modN``. Here, several optimizations are done like using muliple polynomials for sieving, fast changing between polynomials and using partial relations. The use of partial relations can speeds up the factoring by 2 times. Parameters ========== N : Number to be Factored prime_bound : upper bound for primes in the factor base M : Sieve Interval ERROR_TERM : Error term for checking smoothness threshold : Extra smooth relations for factorization seed : generate pseudo prime numbers Examples ======== >>> from sympy.ntheory import qs >>> qs(25645121643901801, 2000, 10000) {5394769, 4753701529} >>> qs(9804659461513846513, 2000, 10000) {4641991, 2112166839943} References ========== .. [1] https://pdfs.semanticscholar.org/5c52/8a975c1405bd35c65993abf5a4edb667c1db.pdf .. [2] https://www.rieselprime.de/ziki/Self-initializing_quadratic_sieve r"rdTr r!)r3r4r-rRr%rDrJrMr[r]rfr5rjrUr)r9r(r:rWr4r+r,r*rXZith_polyrVrYZ thresholdZith_sieve_polyZB_arrayrKZs_relZp_fr\rerbrhZN_copyrirLr r rqssR'      ro)N)rkrl)Zsympy.core.numbersrrZsympy.ntheory.residue_ntheoryrZ sympy.ntheoryrZmathrrZrandomZRandomr3rrr-rDrJrMrOr[r]rfrjror r r rs$  ' G(&@-)