next up previous
Next: Power-Smoothness

Lecture 30: Using Elliptic Curves to Factor, Part I

William Stein


Date: Math 124 $ \quad$ HARVARD UNIVERSITY $ \quad$ Fall 2001

In 1987, Hendrik Lenstra published the landmark paper Factoring Integers with Elliptic Curves, Annals of Mathematics, 126, 649-673, which you can download from the Math 124 web page. Lenstra's method is also described in §IV.4 of Silverman and Tate's Rational Points on Elliptic Curves, §VIII.5 of [Davenport], and in §10.3 of Cohen's A Course in Computational Algebraic Number Theory.

In this lecture and the next, I will tell you about Lenstra's clever algorithm. It shines at finding ``medium sized'' factors of an integer $ N$, which these days means $ 10$ to $ 20$ decimal digits but probaby not $ 30$ decimal digits. The ECM method is thus not useful for earning money by factoring RSA challenge numbers, but is essential when factoring most integers. It also has small storage requirements. Lenstra writes:

``It turns out that ... the elliptic curve method is one of the fastest integer factorization methods that is currently used in practice. The quadratic sieve algorithm still seems to perform better on integers that are built up from two prime numbers of the same order of magnitude; such integers are of interest in cryptography.''
\includegraphics[width=1.5in]{lenstra.eps}

Lenstra's discover of the elliptic curve method was inspired by Pollard's $ (p-1)$-method. I will spend most of the rest of this lecture introducing you to it.




next up previous
Next: Power-Smoothness
William A Stein 2001-11-27