new variant of PollardRho31 by Dave McGuigan

TilmanNeumann · TilmanNeumann · commit 90f731d66f7f · 2025-01-04T22:29:15.000+01:00
diff --git a/src/main/java/de/tilman_neumann/jml/factor/pollardRho/PollardRhoTwoLoops31.java b/src/main/java/de/tilman_neumann/jml/factor/pollardRho/PollardRhoTwoLoops31.java
@@ -0,0 +1,108 @@
+/*
+ * java-math-library is a Java library focused on number theory, but not necessarily limited to it. It is based on the PSIQS 4.0 factoring project.
+ * Copyright (C) 2018-2024 Tilman Neumann - tilman.neumann@web.de
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program;
+ * if not, see <http://www.gnu.org/licenses/>.
+ */
+package de.tilman_neumann.jml.factor.pollardRho;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+
+import de.tilman_neumann.jml.factor.FactorAlgorithm;
+import de.tilman_neumann.jml.gcd.Gcd31;
+
+/**
+ * 31-bit implementation of Pollard's Rho method with improvements by Dave McGuigan.
+ * 
+ * Most noteworthy, Dave came up with the second loop in this variant.
+ * 
+ * Other improvements by Dave used here:
+ * 1. Use squareAddModN31() instead of nested addModN(squareModN())
+ * 2. Compute the number of steps before each gcd by m=log(n)
+ * 3. Use faster "mulMod"
+ * 
+ * @author Dave McGuigan
+ */
+public class PollardRhoTwoLoops31 extends FactorAlgorithm {
+	private static final Logger LOG = LogManager.getLogger(PollardRhoTwoLoops31.class);
+	private static final boolean DEBUG = false;
+	private static final SecureRandom RNG = new SecureRandom();
+
+	private Gcd31 gcdEngine = new Gcd31();
+	
+	/** absolute value of the number to factor */
+	private int n;
+	
+	@Override
+	public String getName() {
+		return "PollardRhoTwoLoops31";
+	}
+	
+	@Override
+	public BigInteger findSingleFactor(BigInteger N) {
+		if (N.bitLength() > 31) { // this check should be negligible in terms of performance
+			throw new IllegalArgumentException("N = " + N + " has " + N.bitLength() + " bit, but " + getName() + " only supports arguments <= 31 bit");
+		}
+		int factorInt = findSingleFactor(N.intValue());
+        return BigInteger.valueOf(factorInt);
+	}
+	
+	public int findSingleFactor(int nOriginal) {
+		this.n = nOriginal<0 ? -nOriginal : nOriginal; // RNG.nextInt(n) below would crash for negative arguments
+		
+        int gcd;
+        int x = RNG.nextInt(n); // uniform random int from [0, n)
+        int xs;
+        int xxs;
+
+        final int m = 32 - Integer.numberOfLeadingZeros(n); // ~ ld(n)
+        do {
+        	int c = RNG.nextInt(n); // uniform random int from [0, n)
+        	
+            int xx = x;
+	        do {
+	        	xs = x;
+	        	xxs = xx;
+	        	int prod = 1;
+	        	for (int i=0; i<m; i++) {
+		            x  = squareAddModN31(x, c);
+		            xx = squareAddModN31(xx, c);
+		            xx = squareAddModN31(xx, c);
+		            prod = (int) ((((long)x-xx) * prod) % n);
+	        	}
+	            gcd = gcdEngine.gcd(prod, n);
+		        if (gcd==n) {
+		        	do {
+			            xs  = squareAddModN31(xs, c);
+			            xxs = squareAddModN31(xxs, c);
+			            xxs = squareAddModN31(xxs, c);
+			            gcd = gcdEngine.gcd(xs-xxs, n);
+		        	} while (gcd == 1);
+		        }
+	        } while (gcd==1);            	
+        } while (gcd==n); // leave loop if factor found; otherwise continue with a new random c
+		if (DEBUG) LOG.debug("Found factor of " + nOriginal + " = " + gcd);
+        return gcd;
+	}
+
+	/**
+	 * x^2+c modulo N.
+	 * @param x
+	 * @return
+	 */
+	private int squareAddModN31(int x, int c) {
+		// internal computation must be long, not only for the multiplication, but also for the addition of 31 bit numbers
+		return (int) (((long)x*x+c) % n);
+	}
+}
diff --git a/src/test/java/de/tilman_neumann/jml/factor/FactorizerTest.java b/src/test/java/de/tilman_neumann/jml/factor/FactorizerTest.java
@@ -110,16 +110,20 @@ public FactorizerTest() {
 //			new LehmanCustomKOrder(false),
 
 			// PollardRho
+			//new PollardRho31(),
+			//new PollardRhoBrent31(),
+			//new PollardRhoTwoLoops31(),
+			//new PollardRhoBrentMontgomery32(),
+
+			//new PollardRhoBrentMontgomeryR64Mul63(),
+			//new PollardRhoBrentMontgomery64(),
+			//new PollardRhoBrentMontgomery64MH(),
+			//new PollardRhoBrentMontgomery64MHInlined(),
+				
 			//new PollardRho(),
 			//new PollardRhoProductGcd(),
 			//new PollardRhoBrent(),
-			//new PollardRho31(),
-			//new PollardRhoBrent31(),
-//			new PollardRhoBrentMontgomeryR64Mul63(),
-//			new PollardRhoBrentMontgomery64(),
-//			new PollardRhoBrentMontgomery64MH(),
-//			new PollardRhoBrentMontgomery64MHInlined(),
-			
+
 			// SquFoF variants
 			// * pretty good, but never the best algorithm
 			// * SquFoF31 works until 52 bit and is faster there than SquFoF63
@@ -212,17 +216,20 @@ private void testRange(int bits) {
 			for (FactorAlgorithm algorithm : algorithms) {
 				// exclude special size implementations
 				String algName = algorithm.getName();
-				if (bits<54 && algName.startsWith("SIQS")) continue; // unstable for smaller N
-				if (bits<57 && algName.startsWith("PSIQS")) continue; // unstable for smaller N
-				if (bits>98 && algName.startsWith("CFrac63")) continue; // unstable for N>98 bits
-				if (bits>52 && algName.startsWith("SquFoF31")) continue; // int implementation
-				if (bits>59 && algName.startsWith("Lehman")) continue; // TODO make it work again for 60 bit?
+				if (bits>28 && algName.startsWith("HartMultiplierChainSqrtN")) continue; // no multipliers for bigger N
 				if (bits>31 && algName.startsWith("TDiv31")) continue; // int implementation
 				if (bits>31 && algName.startsWith("PollardRho31")) continue; // int implementation
 				if (bits>31 && algName.startsWith("PollardRhoBrent31")) continue; // int implementation
+				if (bits>31 && algName.startsWith("PollardRhoTwoLoops31")) continue; // int implementation
+				if (bits>31 && algName.startsWith("PollardRhoBrentMontgomery32")) continue; // int implementation
 				if (bits>42 && algName.startsWith("TDiv63Inverse")) continue; // not enough primes stored
+				if (bits>52 && algName.startsWith("SquFoF31")) continue; // int implementation
 				if (bits>57 && algName.equals("PollardRhoBrentMontgomeryR64Mul63")) continue; // very slow above
-				if (bits>28 && algName.startsWith("HartMultiplierChainSqrtN")) continue; // no multipliers for bigger N
+				if (bits>59 && algName.startsWith("Lehman")) continue; // TODO make it work again for 60 bit?
+				if (bits>63 && algName.startsWith("PollardRhoBrentMontgomery64")) continue; // long implementation
+				if (bits>98 && algName.startsWith("CFrac63")) continue; // unstable for N>98 bits
+				if (bits<54 && algName.startsWith("SIQS")) continue; // unstable for smaller N
+				if (bits<57 && algName.startsWith("PSIQS")) continue; // unstable for smaller N
 
 				System.gc(); // create equal conditions for all algorithms
 
