Congruence of squares
|This article does not cite any references or sources. (December 2009)|
We can then factor n = x2 - y2 = (x + y)(x - y). This algorithm is slow in practice because we need to search many such numbers, and only a few satisfy the strict equation. However, n may also be factored if we can satisfy the weaker congruence of squares condition:
From here we easily deduce
This means that n divides the product (x + y) (x - y), but since we also require x ≠ ±y (mod n), n divides neither (x+y) nor (x−y) alone. Thus (x + y) and (x − y) each contain proper factors of n. Computing the greatest common divisors of (x + y,n) and of (x - y,n) will give us these factors; this can be done quickly using the Euclidean algorithm.
Congruences of squares are extremely useful in integer factorization algorithms and are extensively used in, for example, the quadratic sieve, general number field sieve, continued fraction factorization, and Dixon's factorization. Conversely, because finding square roots modulo a composite number turns out to be probabilistic polynomial-time equivalent to factoring that number, any integer factorization algorithm can be used efficiently to identify a congruence of squares.
It is also possible to use factor bases to help find congruences of squares more quickly. Instead of looking for from the outset, we find many where the y have small prime factors, and try to multiply a few of these together to get a square on the right-hand side.
We take n = 35 and find that
We thus factor as
Using n = 1649, as an example of finding a congruence of squares built up from the products of non-squares (see Dixon's factorization method), first we obtain several congruences
of these, two have only small primes as factors
and a combination of these has an even power of each small prime, and is therefore a square
yielding the congruence of squares
So using the values of 80 and 114 as our x and y gives factors