Home / Mathematics / Number Theory / Integer Factorization

Integer Factorization

Number Theory Computational Complexity Cryptography Last updated: March 2025 ~14 min read

Integer factorization is the mathematical process of decomposing a composite integer into a product of smaller integers, known as its factors. When the factors are restricted to prime numbers, the process is specifically termed prime factorization. This problem occupies a central position in number theory, computational complexity, and modern cryptography.

Key Distinction

While integer factorization allows any integer factors (e.g., 12 = 4 × 3), prime factorization uniquely expresses the integer as a product of primes (e.g., 12 = 2² × 3). The latter is guaranteed by the Fundamental Theorem of Arithmetic.

The computational difficulty of factoring large integers underpins the security of widely deployed public-key cryptosystems. Despite decades of research, no classical algorithm is known to factor arbitrary large integers in polynomial time.

Mathematical Foundations

The study of integer factorization is grounded in elementary number theory. The Fundamental Theorem of Arithmetic states that every integer greater than 1 is either prime or can be uniquely expressed as a product of primes, up to the order of the factors.

Computationally, the problem belongs to the complexity class NP and co-NP, though it has not been proven to be NP-complete. It resides in the intersection NP ∩ co-NP, suggesting it is unlikely to be NP-complete. The decision version—"does n have a factor ≤ k?"—is widely believed to be solvable in quantum polynomial time but not classical polynomial time.

Key mathematical concepts related to factorization include:

  • Divisibility & Congruences: Modular arithmetic forms the backbone of most factorization algorithms.
  • Euler's Totient Function φ(n): Knowledge of φ(n) allows efficient factorization of n.
  • Algebraic Structures: Smooth numbers, cyclotomic polynomials, and ideal class groups play critical roles in advanced methods.

Classical Algorithms

Early factorization methods rely on systematic trial and algebraic manipulation. While inefficient for large numbers, they remain pedagogically valuable and useful for small inputs.

Trial Division

The most straightforward approach: test divisibility by all integers (or primes) up to \(\sqrt{n}\). Time complexity: \(O(\sqrt{n})\). Practical only for \(n < 10^{14}\).

Fermat's Factorization

Exploits the identity \(n = x^2 - y^2 = (x-y)(x+y)\). Effective when factors are close to \(\sqrt{n}\). Complexity: \(O(|p-q|)\), where p and q are the prime factors.

Pollard's Rho Algorithm

A probabilistic method using Floyd's cycle-finding algorithm applied to the pseudo-random sequence \(x_{i+1} = (x_i^2 + c) \mod n\). Expected time complexity: \(O(n^{1/4})\). Highly effective for finding small to medium factors (< 20 digits).

function pollard_rho(n):
    x = 2; y = 2; d = 1
    f(x) = (x*x + 1) mod n
    while d == 1:
        x = f(x)
        y = f(f(y))
        d = gcd(|x - y|, n)
    return d

Advanced & Sub-Exponential Methods

For cryptographically sized integers (hundreds of digits), classical algorithms rely on lattice sieving and algebraic number theory to achieve sub-exponential time complexity.

Algorithm Time Complexity (L-notation) Best For
Dixon's Method \(L_n[1/2, \sqrt{2}]\) Theoretical foundation for sieving
Quadratic Sieve (QS) \(L_n[1/2, 1]\) Up to ~100 digits
Number Field Sieve (NFS) \(L_n[1/3, (64/9)^{1/3}]\) ≈ 1.923 100+ digits (current record: 240 digits)
General Number Field Sieve (GNFS) Same as NFS General-purpose for large RSA moduli

The General Number Field Sieve remains the fastest known classical algorithm. It constructs two number fields, searches for relations among smooth numbers, builds a dependency matrix over \(\mathbb{F}_2\), and solves it via linear algebra to find a congruence of squares modulo \(n\).

Cryptographic Applications

The assumed hardness of integer factorization is the foundation of several widely deployed public-key cryptosystems:

  • RSA (Rivest–Shamir–Adleman): Security relies on the difficulty of factoring \(n = p \times q\), where p and q are large primes. Keys typically use 2048 or 3072-bit moduli.
  • Rabin Cryptosystem: Proven to be as hard as factoring. Less widely deployed due to probabilistic decryption requirements.
  • Elliptic Curve Factorization (ECM): Not a cryptosystem itself, but a specialized algorithm used in cryptanalysis to factor integers with small prime factors.

As of 2025, a 2048-bit RSA modulus is considered secure against classical computers, requiring approximately \(2^{100}\) operations to factor. Industry standards are transitioning toward 3072-bit keys to account for algorithmic improvements and increased computational power.

Quantum Factorization

In 1994, Peter Shor demonstrated that a quantum computer could factor integers in polynomial time using Shor's Algorithm. The algorithm reduces integer factorization to the problem of finding the period of a function, which can be solved efficiently using the Quantum Fourier Transform (QFT).

Time complexity: \(O((\log n)^3)\) with standard quantum gates. This represents an exponential speedup over the best known classical algorithms.

Current Status (2025)

No existing quantum computer possesses sufficient qubits and error correction to factor cryptographically relevant integers (e.g., RSA-2048). The largest publicly verified quantum factorization remains small (e.g., 21-bit numbers on noisy intermediate-scale devices). However, rapid progress in fault-tolerant quantum architectures makes post-quantum migration a critical priority.

Open Problems & Research

Despite extensive study, several fundamental questions remain unresolved:

  • Complexity Classification: Is integer factorization in P? Is it NP-intermediate?
  • Classical Speedups: Can GNFS be improved beyond \(L_n[1/3, c]\) asymptotically?
  • Quantum Thresholds: How many logical qubits and gate fidelities are required to break RSA-2048 practically?
  • Post-Quantum Alternatives: Lattice-based, hash-based, and code-based cryptography are being standardized by NIST to replace factorization-dependent systems.

References

  1. Crandall, R., & Pomerance, C. (2005). Prime Numbers: A Computational Perspective (2nd ed.). Springer.
  2. Buhler, J. P., et al. (1990). "Factoring integers with the number field sieve." Proceedings of STOC, 1990.
  3. Shor, P. W. (1997). "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer." SIAM Journal on Computing, 26(5), 1484–1509.
  4. Lenstra, A. K., & Lenstra, H. W. (Eds.). (1993). The Development of the Number Field Sieve. Springer Lecture Notes in Mathematics.
  5. NIST. (2024). "Post-Quantum Cryptography Standardization Process." csrc.nist.gov
  6. Frankie, G. (2022). "Factorization Milestones and Computational Records." Journal of Integer Sequences, 25(3), Article 22.3.4.