.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "Math::Prime::Util::GMP 3pm" .TH Math::Prime::Util::GMP 3pm "2014-10-03" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Math::Prime::Util::GMP \- Utilities related to prime numbers and factoring, using GMP .SH "VERSION" .IX Header "VERSION" Version 0.27 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& use Math::Prime::Util::GMP \*(Aq:all\*(Aq; \& my $n = "115792089237316195423570985008687907853269984665640564039457584007913129639937"; \& \& # This doesn\*(Aqt impact the operation of the module at all, but does let you \& # enter big number arguments directly as well as enter (e.g.): 2**2048 + 1. \& use bigint; \& \& # These return 0 for composite, 2 for prime, and 1 for probably prime \& # Numbers under 2^64 will return 0 or 2. \& # is_prob_prime does a BPSW primality test for numbers > 2^64 \& # is_prime adds some MR tests and a quick test to try to prove the result \& # is_provable_prime will spend a lot of effort on proving primality \& \& say "$n is probably prime" if is_prob_prime($n); \& say "$n is ", qw(composite prob_prime def_prime)[is_prime($n)]; \& say "$n is definitely prime" if is_provable_prime($n) == 2; \& \& # Miller\-Rabin and strong Lucas\-Selfridge pseudoprime tests \& say "$n is a prime or spsp\-2/7/61" if is_strong_pseudoprime($n, 2, 7, 61); \& say "$n is a prime or slpsp" if is_strong_lucas_pseudoprime($n); \& say "$n is a prime or eslpsp" if is_extra_strong_lucas_pseudoprime($n); \& \& # Return array reference to primes in a range. \& my $aref = primes( 10 ** 200, 10 ** 200 + 10000 ); \& \& $next = next_prime($n); # next prime > n \& $prev = prev_prime($n); # previous prime < n \& \& # Primorials and lcm \& say "23# is ", primorial(23); \& say "The product of the first 47 primes is ", pn_primorial(47); \& say "lcm(1..1000) is ", consecutive_integer_lcm(1000); \& \& \& # Find prime factors of big numbers \& @factors = factor(5465610891074107968111136514192945634873647594456118359804135903459867604844945580205745718497); \& \& # Finer control over factoring. \& # These stop after finding one factor or exceeding their limit. \& # # optional arguments o1, o2, ... \& @factors = trial_factor($n); # test up to o1 \& @factors = prho_factor($n); # no more than o1 rounds \& @factors = pbrent_factor($n); # no more than o1 rounds \& @factors = holf_factor($n); # no more than o1 rounds \& @factors = squfof_factor($n); # no more than o1 rounds \& @factors = pminus1_factor($n); # o1 = smoothness limit, o2 = stage 2 limit \& @factors = ecm_factor($n); # o1 = B1, o2 = # of curves \& @factors = qs_factor($n); # (no arguments) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A module for number theory in Perl using \s-1GMP. \s0 This includes primality tests, getting primes in a range, factoring, and more. .PP While it certainly can be used directly, the main purpose of this module is for Math::Prime::Util. That module will automatically load this one if it is installed, greatly speeding up many of its operations on big numbers. .PP Inputs and outputs for big numbers are via strings, so you do not need to use a bigint package in your program. However if you do use bigints, inputs will be converted internally so there is no need to convert before a call. Output results are returned as either Perl scalars (for native-size) or strings (for bigints). Math::Prime::Util tries to reconvert all strings back into the callers bigint type if possible, which makes it more convenient for calculations. .PP The various \f(CW\*(C`is_*_pseudoprime\*(C'\fR tests are more appropriately called \&\f(CW\*(C`is_*_probable_prime\*(C'\fR or \f(CW\*(C`is_*_prp\*(C'\fR. They return 1 if the input is a probable prime based on their test. The naming convention is historical and follows Pari, Math::Primality, and some other math packages. The modern definition of pseudoprime is a \fIcomposite\fR that passes the test, rather than any number. .SH "FUNCTIONS" .IX Header "FUNCTIONS" .SS "is_prob_prime" .IX Subsection "is_prob_prime" .Vb 2 \& my $prob_prime = is_prob_prime($n); \& # Returns 0 (composite), 2 (prime), or 1 (probably prime) .Ve .PP Takes a positive number as input and returns back either 0 (composite), 2 (definitely prime), or 1 (probably prime). .PP For inputs below \f(CW\*(C`2^64\*(C'\fR the test is deterministic, so the possible return values are 0 (composite) or 2 (definitely prime). .PP For inputs above \f(CW\*(C`2^64\*(C'\fR, a probabilistic test is performed. Only 0 (composite) and 1 (probably prime) are returned. The current implementation uses the Baillie-PSW (\s-1BPSW\s0) test. There is a possibility that composites may be returned marked prime, but since the test was published in 1980, not a single \s-1BPSW\s0 pseudoprime has been found, so it is extremely likely to be prime. While we believe (Pomerance 1984) that an infinite number of counterexamples exist, there is a weak conjecture (Martin) that none exist under 10000 digits. .PP In more detail, we are using the extra-strong Lucas test (Grantham 2000) using the Baillie parameter selection method (see \s-1OEIS A217719\s0). Previous versions of this module used the strong Lucas test with Selfridge parameters, but the extra-strong version produces fewer pseudoprimes while running 1.2 \- 1.5x faster. It is slightly stronger than the test used in Pari . .SS "is_prime" .IX Subsection "is_prime" .Vb 1 \& say "$n is prime!" if is_prime($n); .Ve .PP Takes a positive number as input and returns back either 0 (composite), 2 (definitely prime), or 1 (probably prime). Composites will act exactly like \f(CW\*(C`is_prob_prime\*(C'\fR, as will numbers less than \f(CW\*(C`2^64\*(C'\fR. For numbers larger than \f(CW\*(C`2^64\*(C'\fR, some additional tests are performed on probable primes to see if they can be proven by another means. .PP This call walks the line between the performance of \*(L"is_prob_prime\*(R" and the certainty of \*(L"is_provable_prime\*(R". Those calls may be more appropriate in some cases. What this function does is give most of the performance of the former, while adding more certainty. For finer tuning of this tradeoff, especially if performance is critical for 65\- to 200\-bit inputs, you may instead use \*(L"is_prob_prime\*(R" followed by additional probable prime tests such as \*(L"miller_rabin_random\*(R" and/or \*(L"is_frobenius_underwood_pseudoprime\*(R". .PP As with \*(L"is_prob_prime\*(R", a \s-1BPSW\s0 test is first performed. If this indicates \*(L"probably prime\*(R" then a small number of Miller-Rabin tests with random bases are performed. For numbers under 200 bits, a quick \&\s-1BLS75 \s0\f(CW\*(C`n\-1\*(C'\fR primality proof is attempted. This is tuned to give up if the result cannot be quickly determined, and results in success rates of ~80% at 80 bits, ~30% at 128 bits, and ~13% at 160 bits. .PP The result is that many numbers will return 2 (definitely prime), and the numbers that return 1 (probably prime) have gone through more tests than \*(L"is_prob_prime\*(R" while not taking too long. .PP For cryptographic key generation, you may want even more testing for probable primes (\s-1NIST\s0 recommends a few more additional M\-R tests than we perform). The function \*(L"miller_rabin_random\*(R" is made for this. Alternately, a different test such as \&\*(L"is_frobenius_underwood_pseudoprime\*(R" can be used. Even better, use \*(L"is_provable_prime\*(R" which should be reasonably fast for sizes under 2048 bits. Typically for key generation one wants random primes, and there are many functions for that. .SS "is_provable_prime" .IX Subsection "is_provable_prime" .Vb 1 \& say "$n is definitely prime!" if is_provable_prime($n) == 2; .Ve .PP Takes a positive number as input and returns back either 0 (composite), 2 (definitely prime), or 1 (probably prime). A great deal of effort is taken to return either 0 or 2 for all numbers. .PP The current method first uses \s-1BPSW\s0 and a small number of Miller-Rabin tests with random bases to weed out composites and provide a deterministic answer for tiny numbers (under \f(CW\*(C`2^64\*(C'\fR). A quick \s-1BLS75 \&\s0\f(CW\*(C`n\-1\*(C'\fR test is attempted, followed by \s-1ECPP.\s0 .PP The time required for primes of different input sizes on a circa\-2009 workstation averages about \f(CW\*(C`3ms\*(C'\fR for 30\-digits, \f(CW\*(C`5ms\*(C'\fR for 40\-digit, \&\f(CW\*(C`20ms\*(C'\fR for 60\-digit, \f(CW\*(C`50ms\*(C'\fR for 80\-digit, \f(CW\*(C`100ms\*(C'\fR for 100\-digit, \&\f(CW\*(C`2s\*(C'\fR for 200\-digit, and 400\-digit inputs about a minute. Expect a lot of time variation for larger inputs. You can see progress indication if verbose is turned on (some at level 1, and a lot at level 2). .PP A certificate can be obtained along with the result using the \&\*(L"is_provable_prime_with_cert\*(R" method. There is no appreciable extra performance cost for returning a certificate. .SS "is_provable_prime_with_cert" .IX Subsection "is_provable_prime_with_cert" Takes a positive number as input and returns back an array with two elements. The result will be one of: .PP .Vb 1 \& (0, \*(Aq\*(Aq) The input is composite. \& \& (1, \*(Aq\*(Aq) The input is probably prime but we could not prove it. \& This is a failure in our ability to factor some necessary \& element in a reasonable time, not a significant proof \& failure (in other words, it remains a probable prime). \& \& (2, \*(Aq...\*(Aq) The input is prime, and the certificate contains all the \& information necessary to verify this. .Ve .PP The certificate is a text representation containing all the necessary information to verify the primality of the input in a reasonable time. The result can be used with \*(L"verify_prime\*(R" in Math::Prime::Util for verification. Proof types used include: .PP .Vb 5 \& ECPP \& BLS3 \& BLS15 \& BLS5 \& Small .Ve .SS "is_pseudoprime" .IX Subsection "is_pseudoprime" Takes a positive number \f(CW\*(C`n\*(C'\fR and a base \f(CW\*(C`a\*(C'\fR as input, and returns 1 if \&\f(CW\*(C`n\*(C'\fR is a probable prime to base \f(CW\*(C`a\*(C'\fR. This is the simple Fermat primality test. Removing primes, given base 2 this produces the sequence \&\s-1OEIS A001567\s0 . .SS "is_strong_pseudoprime" .IX Subsection "is_strong_pseudoprime" .Vb 2 \& my $maybe_prime = is_strong_pseudoprime($n, 2); \& my $probably_prime = is_strong_pseudoprime($n, 2, 3, 5, 7, 11, 13, 17); .Ve .PP Takes a positive number as input and one or more bases. Returns 1 if the input is a prime or a strong pseudoprime to all of the bases, and 0 if not. The base must be a positive integer. This is often called the Miller-Rabin test. .PP If 0 is returned, then the number really is a composite. If 1 is returned, then it is either a prime or a strong pseudoprime to all the given bases. Given enough distinct bases, the chances become very strong that the number is actually prime. .PP Both the input number and the bases may be big integers. If base modulo n <= 1 or base modulo n = n\-1, then the result will be 1. This allows the bases to be larger than n if desired, while still returning meaningful results. For example, .PP .Vb 1 \& is_strong_pseudoprime(367, 1101) .Ve .PP would incorrectly return 0 if this was not done properly. A 0 result should be returned only if n is composite, regardless of the base. .PP This is usually used in combination with other tests to make either stronger tests (e.g. the strong \s-1BPSW\s0 test) or deterministic results for numbers less than some verified limit (e.g. Jaeschke showed in 1993 that no more than three selected bases are required to give correct primality test results for any 32\-bit number). Given the small chances of passing multiple bases, there are some math packages that just use multiple \s-1MR\s0 tests for primality testing, though in the early 1990s almost all serious software switched to the \&\s-1BPSW\s0 test. .PP Even numbers other than 2 will always return 0 (composite). While the algorithm works with even input, most sources define it only on odd input. Returning composite for all non\-2 even input makes the function match most other implementations including Math::Primality's \f(CW\*(C`is_strong_pseudoprime\*(C'\fR function. .SS "miller_rabin_random" .IX Subsection "miller_rabin_random" .Vb 1 \& my $maybe_prime = miller_rabin_random($n, 10); # 10 random bases .Ve .PP Takes a positive number (\f(CW\*(C`n\*(C'\fR) as input and a positive number (\f(CW\*(C`k\*(C'\fR) of bases to use. Performs \f(CW\*(C`k\*(C'\fR Miller-Rabin tests using uniform random bases between 2 and \f(CW\*(C`n\-2\*(C'\fR. This is the correct way to perform \f(CW\*(C`k\*(C'\fR Miller-Rabin tests, rather than the common but broken method of using the first \f(CW\*(C`k\*(C'\fR primes. .PP An optional third argument may be given, which is a seed to use. The seed should be a number either in decimal, binary with a leading \f(CW\*(C`0b\*(C'\fR, hex with a leading \f(CW\*(C`0x\*(C'\fR, or octal with a leading \f(CW0\fR. It will be converted to a \&\s-1GMP\s0 integer, so may be large. Typically this is not necessary, but cryptographic applications may prefer the ability to use this, and it allows repeatable test results. .PP There is no check for duplicate bases. Input sizes below 65\-bits make little sense for this function since is_prob_prime is deterministic at that size. For numbers of 65+ bits, the chance of duplicate bases is quite small. The exponentiation approximation for the birthday problem gives a probability of less than 2e\-16 for 100 random bases to have a duplicate with a 65\-bit input, and less than 2e\-35 with a 128\-bit input. .SS "is_lucas_pseudoprime" .IX Subsection "is_lucas_pseudoprime" .SS "is_strong_lucas_pseudoprime" .IX Subsection "is_strong_lucas_pseudoprime" Takes a positive number as input, and returns 1 if the input is a standard or strong Lucas probable prime. The Selfridge method of choosing D, P, and Q are used (some sources call this a Lucas-Selfridge test). This is one half of the \s-1BPSW\s0 primality test (the Miller-Rabin strong probable prime test with base 2 being the other half). The canonical \s-1BPSW\s0 test (page 1401 of Baillie and Wagstaff (1980)) uses the strong Lucas test with Selfridge parameters, but in practice a variety of Lucas tests with different parameters are used by tests calling themselves \s-1BPSW.\s0 .PP The standard Lucas test implemented here corresponds to the Lucas test described in \s-1FIPS 186\-4\s0 section C.3.3, though uses a slightly more efficient calculation. Since the standard Lucas-Selfridge test is a subset of the strong Lucas-Selfridge test, I recommend using the strong test rather than the standard test for cryptographic purposes. It is often slightly faster, has over 4x fewer pseudoprimes, and is the method recommended by Baillie and Wagstaff in their 1980 paper. .SS "is_extra_strong_lucas_pseudoprime" .IX Subsection "is_extra_strong_lucas_pseudoprime" Takes a positive number as input, and returns 1 if the input is an extra-strong Lucas probable prime. This is defined in Grantham (2000), and is a slightly more stringent test than the strong Lucas test, though because different parameters are used the pseudoprimes are not a subset. As expected by the extra conditions, the number of pseudoprimes is less than 2/3 that of the strong Lucas-Selfridge test. Runtime performance is 1.2 to 1.5x faster than the strong Lucas test. .PP The parameters are selected using the Baillie-OEIS method: .PP .Vb 4 \& P = 3; \& Q = 1; \& while ( jacobi( P*P\-4, n ) != \-1 ) \& P += 1; .Ve .SS "is_almost_extra_strong_lucas_pseudoprime" .IX Subsection "is_almost_extra_strong_lucas_pseudoprime" Takes a positive number as input and returns 1 if the input is an \*(L"almost\*(R" extra-strong Lucas probable prime. This is the classic extra-strong Lucas test but without calculating the U sequence. This makes it very fast, although as the input increases in size the time converges to the conventional extra-strong implementation: at 30 digits this routine is about 15% faster, at 300 digits it is only 2% faster. .PP With the current implementations, there is little reason to prefer this unless trying to reproduce specific results. The extra-strong implementation has been optimized to use similar features, removing most of the performance advantage. .PP An optional second argument (must be between 1 and 256) indicates the increment amount for P parameter selection. The default value of one yields the method described in \*(L"is_extra_strong_lucas_pseudoprime\*(R". A value of 2 yields the method used in Pari . .PP Because the \f(CW\*(C`U = 0\*(C'\fR condition is ignored, this produces about 5% more pseudoprimes than the extra-strong Lucas test. However this is still only 66% of the number produced by the strong Lucas-Selfridge test. No \s-1BPSW\s0 counterexamples have been found with any of the Lucas tests described. .SS "is_perrin_pseudoprime" .IX Subsection "is_perrin_pseudoprime" Takes a positive number \f(CW\*(C`n\*(C'\fR as input and returns 1 if \f(CW\*(C`n\*(C'\fR divides \f(CWP(n)\fR where \f(CWP(n)\fR is the Perrin number of \f(CW\*(C`n\*(C'\fR. The Perrin sequence is defined by .PP .Vb 1 \& C .Ve .PP This is not a commonly used test, as it runs 5 to 10 times slower than most of the other probable prime tests and offers little benefit, especially over combined tests like \*(L"is_bpsw_prime\*(R" and \&\*(L"is_frobenius_underwood_pseudoprime\*(R". .SS "is_frobenius_pseudoprime" .IX Subsection "is_frobenius_pseudoprime" Takes a positive number \f(CW\*(C`n\*(C'\fR as input, and two optional parameters \f(CW\*(C`a\*(C'\fR and \&\f(CW\*(C`b\*(C'\fR, and returns 1 if the \f(CW\*(C`n\*(C'\fR is a Frobenius probable prime with respect to the polynomial \f(CW\*(C`x^2 \- ax + b\*(C'\fR. Without the parameters, \f(CW\*(C`b = 2\*(C'\fR and \&\f(CW\*(C`a\*(C'\fR is the least positive odd number such that \f(CW\*(C`(a^2\-4b|n) = \-1\*(C'\fR. This selection has no pseudoprimes below \f(CW\*(C`2^64\*(C'\fR and none known. In any case, the discriminant \f(CW\*(C`a^2\-4b\*(C'\fR must not be a perfect square. .SS "is_frobenius_underwood_pseudoprime" .IX Subsection "is_frobenius_underwood_pseudoprime" Takes a positive number as input, and returns 1 if the input passes the efficient Frobenius test of Paul Underwood. This selects a parameter \f(CW\*(C`a\*(C'\fR as the least positive integer such that \f(CW\*(C`(a^2\-4|n)=\-1\*(C'\fR, then verifies that \&\f(CW\*(C`(2+2)^(n+1) = 2a + 5 mod (x^2\-ax+1,n)\*(C'\fR. This combines a Fermat and Lucas test at a computational cost of about 2.5x a strong pseudoprime test. This makes it similar to, but faster than, a Frobenius test. .PP There are no known pseudoprimes to this test. This test also has no overlap with the \s-1BPSW\s0 test, making it a very effective method for adding additional certainty. .SS "is_bpsw_prime" .IX Subsection "is_bpsw_prime" Given a positive number input, returns 0 (composite), 2 (definitely prime), or 1 (probably prime), using the \s-1BPSW\s0 primality test (extra-strong variant). .PP This function does the extra-strong \s-1BPSW\s0 test and nothing more. That is, it will skip all pretests and any extra work that the \*(L"is_prob_prime\*(R" test may add. .SS "is_aks_prime" .IX Subsection "is_aks_prime" .Vb 1 \& say "$n is definitely prime" if is_aks_prime($n); .Ve .PP Takes a positive number as input, and returns 1 if the input passes the Agrawal-Kayal-Saxena (\s-1AKS\s0) primality test. This is a deterministic unconditional primality test which runs in polynomial time for general input. .PP In theory, \s-1AKS\s0 is extremely important. In practice, it is essentially useless. Estimated run time for a 150 digit input is about 9 years, making the case that while the algorithmic complexity \fIgrowth\fR is polynomial, the constants are ludicrously high. There are some ideas of Bernstein that can reduce this a little, but it would still take years for numbers that \s-1ECPP\s0 or APR-CL can prove in seconds. .PP Typically you should use \*(L"is_provable_prime\*(R" and let it decide the method. .SS "is_nminus1_prime" .IX Subsection "is_nminus1_prime" .Vb 1 \& say "$n is definitely prime" if is_nminus1_prime($n); .Ve .PP Takes a positive number as input, and returns 1 if the input passes either theorem 5 or theorem 7 of the Brillhart-Lehmer-Selfridge primality test. This is a deterministic unconditional primality test which requires factoring \&\f(CW\*(C`n\-1\*(C'\fR to a linear factor less than the cube root of the input. For small inputs (under 40 digits) this is typically very easy, and some numbers will naturally lead to this being very fast. As the input grows, this method slows down rapidly. .PP Typically you should use \*(L"is_provable_prime\*(R" and let it decide the method. .SS "is_ecpp_prime" .IX Subsection "is_ecpp_prime" .Vb 1 \& say "$n is definitely prime" if is_ecpp_prime($n); .Ve .PP Takes a positive number as input, and returns 1 if the input passes the \&\s-1ECPP\s0 primality test. This is the Atkin-Morain Elliptic Curve Primality Proving algorithm. It is the fastest primality proving method in Math::Prime::Util. .PP This implementation uses a \*(L"factor all strategy\*(R" (\s-1FAS\s0) with backtracking. A limited set of about 500 precalculated discriminants are used, which works well for inputs up to 300 digits, and for many inputs up to one thousand digits. Having a larger set will help with large numbers (a set of 2650 is available on github in the \f(CW\*(C`xt/\*(C'\fR directory). A future implementation may include code to generate class polynomials as needed. .PP Typically you should use \*(L"is_provable_prime\*(R" and let it decide the method. .SS "primes" .IX Subsection "primes" .Vb 3 \& my $aref1 = primes( 1_000_000 ); \& my $aref2 = primes( 2 ** 448, 2 ** 448 + 10000 ); \& say join ",", @{primes( 2**2048, 2**2048 + 10000 )}; .Ve .PP Returns all the primes between the lower and upper limits (inclusive), with a lower limit of \f(CW2\fR if none is given. .PP An array reference is returned (with large lists this is much faster and uses less memory than returning an array directly). .SS "next_prime" .IX Subsection "next_prime" .Vb 1 \& $n = next_prime($n); .Ve .PP Returns the prime following the input number (the smallest prime number that is greater than the input number). The function \*(L"is_prob_prime\*(R" is used to determine when a prime is found, hence the result is a probable prime (using \s-1BPSW\s0). .PP For large inputs this function is quite a bit faster than \s-1GMP\s0's \&\f(CW\*(C`mpz_nextprime\*(C'\fR or Pari's \f(CW\*(C`nextprime\*(C'\fR. .SS "prev_prime" .IX Subsection "prev_prime" .Vb 1 \& $n = prev_prime($n); .Ve .PP Returns the prime preceding the input number (the largest prime number that is less than the input number). 0 is returned if the input is \f(CW2\fR or lower. The function \*(L"is_prob_prime\*(R" is used to determine when a prime is found, hence the result is a probable prime (using \s-1BPSW\s0). .SS "lucas_sequence" .IX Subsection "lucas_sequence" .Vb 1 \& my($U, $V, $Qk) = lucas_sequence($n, $P, $Q, $k) .Ve .PP Computes \f(CW\*(C`U_k\*(C'\fR, \f(CW\*(C`V_k\*(C'\fR, and \f(CW\*(C`Q_k\*(C'\fR for the Lucas sequence defined by \&\f(CW\*(C`P\*(C'\fR,\f(CW\*(C`Q\*(C'\fR, modulo \f(CW\*(C`n\*(C'\fR. The modular Lucas sequence is used in a number of primality tests and proofs. .PP The following conditions must hold: \- \f(CW\*(C`D = P*P \- 4*Q != 0\*(C'\fR \- \f(CW\*(C`P > 0\*(C'\fR \- \f(CW\*(C`P < n\*(C'\fR \- \f(CW\*(C`Q < n\*(C'\fR \- \f(CW\*(C`k >= 0\*(C'\fR \- \f(CW\*(C`n >= 2\*(C'\fR .SS "primorial" .IX Subsection "primorial" .Vb 1 \& $p = primorial($n); .Ve .PP Given an unsigned integer argument, returns the product of the prime numbers which are less than or equal to \f(CW\*(C`n\*(C'\fR. This definition of \f(CW\*(C`n#\*(C'\fR follows \&\s-1OEIS\s0 series A034386 and Wikipedia: Primorial definition for natural numbers . .SS "pn_primorial" .IX Subsection "pn_primorial" .Vb 1 \& $p = pn_primorial($n) .Ve .PP Given an unsigned integer argument, returns the product of the first \f(CW\*(C`n\*(C'\fR prime numbers. This definition of \f(CW\*(C`p_n#\*(C'\fR follows \&\s-1OEIS\s0 series A002110 and Wikipedia: Primorial definition for prime numbers . .PP The two are related with the relationships: .PP .Vb 2 \& pn_primorial($n) == primorial( nth_prime($n) ) \& primorial($n) == pn_primorial( prime_count($n) ) .Ve .SS "factorial" .IX Subsection "factorial" Given positive integer argument \f(CW\*(C`n\*(C'\fR, returns the factorial of \f(CW\*(C`n\*(C'\fR, defined as the product of the integers 1 to \f(CW\*(C`n\*(C'\fR with the special case of \f(CW\*(C`factorial(0) = 1\*(C'\fR. This corresponds to Pari's \f(CWfactorial(n)\fR and Mathematica's \f(CW\*(C`Factorial[n]\*(C'\fR functions. .SS "gcd" .IX Subsection "gcd" Given a list of integers, returns the greatest common divisor. This is often used to test for coprimality . .SS "lcm" .IX Subsection "lcm" Given a list of integers, returns the least common multiple. .SS "gcdext" .IX Subsection "gcdext" Given two integers \f(CW\*(C`x\*(C'\fR and \f(CW\*(C`y\*(C'\fR, returns \f(CW\*(C`u,v,d\*(C'\fR such that \f(CW\*(C`d = gcd(x,y)\*(C'\fR and \f(CW\*(C`u*x + v*y = d\*(C'\fR. This uses the extended Euclidian algorithm to compute the values satisfying Be\*'zout's Identity. .PP This corresponds to Pari's \f(CW\*(C`gcdext\*(C'\fR function, which was renamed from \&\f(CW\*(C`bezout\*(C'\fR out Pari 2.6. The results will hence match \*(L"bezout\*(R" in Math::Pari. .SS "vecsum" .IX Subsection "vecsum" Returns the sum of all arguments, each of which must be an integer. .SS "vecprod" .IX Subsection "vecprod" Returns the product of all arguments, each of which must be an integer. .SS "kronecker" .IX Subsection "kronecker" Returns the Kronecker symbol \f(CW\*(C`(a|n)\*(C'\fR for two integers. The possible return values with their meanings for odd positive \f(CW\*(C`n\*(C'\fR are: .PP .Vb 3 \& 0 a = 0 mod n \& 1 a is a quadratic residue modulo n (a = x^2 mod n for some x) \& \-1 a is a quadratic non\-residue modulo n .Ve .PP The Kronecker symbol is an extension of the Jacobi symbol to all integer values of \f(CW\*(C`n\*(C'\fR from the latter's domain of positive odd values of \f(CW\*(C`n\*(C'\fR. The Jacobi symbol is itself an extension of the Legendre symbol, which is only defined for odd prime values of \f(CW\*(C`n\*(C'\fR. This corresponds to Pari's \&\f(CW\*(C`kronecker(a,n)\*(C'\fR function and Mathematica's \f(CW\*(C`KroneckerSymbol[n,m]\*(C'\fR function. .SS "binomial" .IX Subsection "binomial" Given integer arguments \f(CW\*(C`n\*(C'\fR and \f(CW\*(C`k\*(C'\fR, returns the binomial coefficient \&\f(CW\*(C`n*(n\-1)*...*(n\-k+1)/k!\*(C'\fR, also known as the choose function. Negative arguments use the Kronenburg extensions . This corresponds to Mathematica's \f(CW\*(C`Binomial[n,k]\*(C'\fR function, Pari's \&\f(CW\*(C`binomial(n,k)\*(C'\fR function, and \s-1GMP\s0's \f(CW\*(C`mpz_bin_ui\*(C'\fR function. .PP For negative arguments, this matches Mathematica. Pari does not implement the \f(CW\*(C`n < 0, k <= n\*(C'\fR extension and instead returns \f(CW0\fR for this case. \s-1GMP\s0's \s-1API\s0 does not allow negative \f(CW\*(C`k\*(C'\fR but otherwise matches. Math::BigInt does not implement any extensions and the results for \&\f(CW\*(C`n < 0, k \*(C'\fR 0> are undefined. .SS "bernfrac" .IX Subsection "bernfrac" Returns the Bernoulli number \f(CW\*(C`B_n\*(C'\fR for an integer argument \f(CW\*(C`n\*(C'\fR, as a rational number represented by two Math::BigInt objects. B_1 = 1/2. This corresponds to Pari's \f(CWbernfrac(n)\fR and Mathematica's \f(CW\*(C`BernoulliB\*(C'\fR functions. .SS "stirling" .IX Subsection "stirling" .Vb 2 \& say "s(14,2) = ", stirling(14, 2); \& say "S(14,2) = ", stirling(14, 2, 2); .Ve .PP Returns the Stirling numbers of either the first kind (default), the second kind, or the third kind (the unsigned Lah numbers), with the kind selected as an optional third argument. It takes two non-negative integer arguments \f(CW\*(C`n\*(C'\fR and \f(CW\*(C`k\*(C'\fR plus the optional \f(CW\*(C`type\*(C'\fR. This corresponds to Pari's \&\f(CW\*(C`stirling(n,k,{type})\*(C'\fR function and Mathematica's \&\f(CW\*(C`StirlingS1\*(C'\fR / \f(CW\*(C`StirlingS2\*(C'\fR functions. .PP Stirling numbers of the first kind are \f(CW\*(C`\-1^(n\-k)\*(C'\fR times the number of permutations of \f(CW\*(C`n\*(C'\fR symbols with exactly \f(CW\*(C`k\*(C'\fR cycles. Stirling numbers of the second kind are the number of ways to partition a set of \f(CW\*(C`n\*(C'\fR elements into \f(CW\*(C`k\*(C'\fR non-empty subsets. The Lah numbers are the number of ways to split a set of \f(CW\*(C`n\*(C'\fR elements into \f(CW\*(C`k\*(C'\fR non-empty lists. .SS "znorder" .IX Subsection "znorder" .Vb 1 \& $order = znorder(17, "100000000000000000000000065"); .Ve .PP Given two positive integers \f(CW\*(C`a\*(C'\fR and \f(CW\*(C`n\*(C'\fR, returns the multiplicative order of \f(CW\*(C`a\*(C'\fR modulo \f(CW\*(C`n\*(C'\fR. This is the smallest positive integer \f(CW\*(C`k\*(C'\fR such that \&\f(CW\*(C`a^k X 1 mod n\*(C'\fR. Returns 1 if \f(CW\*(C`a = 1\*(C'\fR. Returns undef if \f(CW\*(C`a = 0\*(C'\fR or if \&\f(CW\*(C`a\*(C'\fR and \f(CW\*(C`n\*(C'\fR are not coprime, since no value will result in 1 mod n. This corresponds to Pari's \f(CW\*(C`znorder(Mod(a,n))\*(C'\fR function and Mathematica's \&\f(CW\*(C`MultiplicativeOrder[a,n]\*(C'\fR function. .SS "znprimroot" .IX Subsection "znprimroot" Given a positive integer \f(CW\*(C`n\*(C'\fR, returns the smallest primitive root of \f(CW\*(C`(Z/nZ)^*\*(C'\fR, or \f(CW\*(C`undef\*(C'\fR if no root exists. A root exists when \&\f(CW\*(C`euler_phi($n) == carmichael_lambda($n)\*(C'\fR, which will be true for all prime \f(CW\*(C`n\*(C'\fR and some composites. .PP \&\s-1OEIS A033948\s0 is a sequence of integers where the primitive root exists, while \s-1OEIS A046145\s0 is a list of the smallest primitive roots, which is what this function produces. .SS "valuation" .IX Subsection "valuation" .Vb 1 \& say "$n is divisible by 2 ", valuation($n,2), " times."; .Ve .PP Given integers \f(CW\*(C`n\*(C'\fR and \f(CW\*(C`k\*(C'\fR, returns the numbers of times \f(CW\*(C`n\*(C'\fR is divisible by \f(CW\*(C`k\*(C'\fR. This is a very limited version of the algebraic valuation meaning, just applied to integers. This corresponds to Pari's \f(CW\*(C`valuation\*(C'\fR function. \&\f(CW0\fR is returned if \f(CW\*(C`n\*(C'\fR or \f(CW\*(C`k\*(C'\fR is one of the values \f(CW\*(C`\-1\*(C'\fR, \f(CW0\fR, or \f(CW1\fR. .SS "moebius" .IX Subsection "moebius" .Vb 3 \& say "$n is square free" if moebius($n) != 0; \& $sum += moebius($_) for (1..200); say "Mertens(200) = $sum"; \& say "Mertens(2000) = ", vecsum(moebius(0,2000)); .Ve .PP Returns X(n), the Mo\*:bius function (also known as the Moebius, Mobius, or MoebiusMu function) for an integer input. This function is 1 if \&\f(CW\*(C`n = 1\*(C'\fR, 0 if \f(CW\*(C`n\*(C'\fR is not square free (i.e. \f(CW\*(C`n\*(C'\fR has a repeated factor), and \f(CW\*(C`\-1^t\*(C'\fR if \f(CW\*(C`n\*(C'\fR is a product of \f(CW\*(C`t\*(C'\fR distinct primes. This is an important function in prime number theory. Like \s-1SAGE,\s0 we define \&\f(CW\*(C`moebius(0) = 0\*(C'\fR for convenience. .PP If called with two arguments, they define a range \f(CW\*(C`low\*(C'\fR to \f(CW\*(C`high\*(C'\fR, and the function returns an array with the value of the Mo\*:bius function for every n from low to high inclusive. .SS "invmod" .IX Subsection "invmod" .Vb 1 \& say "The inverse of 42 mod 2017 = ", invmod(42,2017); .Ve .PP Given two integers \f(CW\*(C`a\*(C'\fR and \f(CW\*(C`n\*(C'\fR, return the inverse of \f(CW\*(C`a\*(C'\fR modulo \f(CW\*(C`n\*(C'\fR. If not defined, undef is returned. If defined, then the return value multiplied by \f(CW\*(C`a\*(C'\fR equals \f(CW1\fR modulo \f(CW\*(C`n\*(C'\fR. .SS "consecutive_integer_lcm" .IX Subsection "consecutive_integer_lcm" .Vb 1 \& $lcm = consecutive_integer_lcm($n); .Ve .PP Given an unsigned integer argument, returns the least common multiple of all integers from 1 to \f(CW\*(C`n\*(C'\fR. This can be done by manipulation of the primes up to \f(CW\*(C`n\*(C'\fR, resulting in much faster and memory-friendly results than using factorials. .SS "partitions" .IX Subsection "partitions" Calculates the partition function p(n) for a non-negative integer input. This is the number of ways of writing the integer n as a sum of positive integers, without restrictions. This corresponds to Pari's \f(CW\*(C`numbpart\*(C'\fR function and Mathematica's \f(CW\*(C`PartitionsP\*(C'\fR function. The values produced in order are \s-1OEIS\s0 series A000041 . .PP This uses a combinatorial calculation, which means it will not be very fast compared to Pari, Mathematica, or \s-1FLINT\s0 which use the Rademacher formula using multi-precision floating point. In 10 seconds, the pure Perl version can produce \f(CW\*(C`partitions(10_000)\*(C'\fR while with Math::Prime::Util::GMP it can do \f(CW\*(C`partitions(220_000)\*(C'\fR. In contrast, in about 10 seconds Pari can solve \f(CW\*(C`numbpart(22_000_000)\*(C'\fR. .PP If you want the enumerated partitions, see Integer::Partition. It is very fast and uses an extremely memory efficient iterator. It is not, however, practical for producing the partition \fInumber\fR for values over 100 or so. .SS "Pi" .IX Subsection "Pi" Takes a positive integer argument \f(CW\*(C`n\*(C'\fR and returns the constant Pi with that many digits (including the leading 3). Rounding is performed. .PP The implementation uses \s-1AGM\s0 and is only slightly slower than \s-1MPFR \s0(which has tighter bounds on the intermediate bits and exit conditions). .SS "exp_mangoldt" .IX Subsection "exp_mangoldt" .Vb 1 \& say "exp(lambda($_)) = ", exp_mangoldt($_) for 1 .. 100; .Ve .PP Returns \s-1EXP\s0(X(n)), the exponential of the Mangoldt function (also known as von Mangoldt's function) for an integer value. The Mangoldt function is equal to log p if n is prime or a power of a prime, and 0 otherwise. We return the exponential so all results are integers. Hence the return value for \f(CW\*(C`exp_mangoldt\*(C'\fR is: .PP .Vb 2 \& p if n = p^m for some prime p and integer m >= 1 \& 1 otherwise. .Ve .SS "totient" .IX Subsection "totient" .Vb 1 \& say "The Euler totient of $n is ", totient($n); .Ve .PP Returns X(n), the Euler totient function (also called Euler's phi or phi function) for an integer value. This is an arithmetic function which counts the number of positive integers less than or equal to \f(CW\*(C`n\*(C'\fR that are relatively prime to \f(CW\*(C`n\*(C'\fR. Given the definition used, \f(CW\*(C`totient\*(C'\fR will return 0 for all \&\f(CW\*(C`n < 1\*(C'\fR. This follows the logic used by \s-1SAGE. \s0 Mathematica and Pari return \f(CW\*(C`totient(\-n)\*(C'\fR for \f(CW\*(C`n < 0\*(C'\fR. Mathematica returns 0 for \f(CW\*(C`n = 0\*(C'\fR, Pari pre\-2.6.2 raises and exception, and Pari 2.6.2 and newer returns 2. .SS "jordan_totient" .IX Subsection "jordan_totient" .Vb 1 \& say "Jordan\*(Aqs totient J_$k($n) is ", jordan_totient($k, $n); .Ve .PP Returns Jordan's totient function for a given integer value. Jordan's totient is a generalization of Euler's totient, where \f(CW\*(C`jordan_totient(1,$n) == euler_totient($n)\*(C'\fR This counts the number of k\-tuples less than or equal to n that form a coprime tuple with n. As with \f(CW\*(C`totient\*(C'\fR, 0 is returned for all \f(CW\*(C`n < 1\*(C'\fR. This function can be used to generate some other useful functions, such as the Dedekind psi function, where \f(CW\*(C`psi(n) = J(2,n) / J(1,n)\*(C'\fR. .SS "carmichael_lambda" .IX Subsection "carmichael_lambda" Returns the Carmichael function (also called the reduced totient function, or Carmichael X(n)) of a positive integer argument. It is the smallest positive integer \f(CW\*(C`m\*(C'\fR such that \f(CW\*(C`a^m = 1 mod n\*(C'\fR for every integer \f(CW\*(C`a\*(C'\fR coprime to \f(CW\*(C`n\*(C'\fR. This is \s-1OEIS\s0 series A002322 . .SS "liouville" .IX Subsection "liouville" Returns X(n), the Liouville function for a non-negative integer input. This is \-1 raised to X(n) (the total number of prime factors). .SS "is_power" .IX Subsection "is_power" .Vb 3 \& say "$n is a perfect square" if is_power($n, 2); \& say "$n is a perfect cube" if is_power($n, 3); \& say "$n is a ", is_power($n), "\-th power"; .Ve .PP Given a single positive integer input \f(CW\*(C`n\*(C'\fR, returns k if \f(CW\*(C`n = p^k\*(C'\fR for some integer \f(CW\*(C`p > 1, k > 1\*(C'\fR, and 0 otherwise. The k returned is the largest possible. This can be used in a boolean statement to determine if \f(CW\*(C`n\*(C'\fR is a perfect power. .PP If given two arguments \f(CW\*(C`n\*(C'\fR and \f(CW\*(C`k\*(C'\fR, returns 1 if \f(CW\*(C`n\*(C'\fR is a \f(CW\*(C`k\-th\*(C'\fR power, and 0 otherwise. For example, if \f(CW\*(C`k=2\*(C'\fR then this detects perfect squares. .PP This corresponds to Pari/GP's \f(CW\*(C`ispower\*(C'\fR function, with the limitations of only integer arguments and no third argument may be given to return the root. .SS "factor" .IX Subsection "factor" .Vb 2 \& @factors = factor(640552686568398413516426919223357728279912327120302109778516984973296910867431808451611740398561987580967216226094312377767778241368426651540749005659); \& # Returns an array of 11 factors .Ve .PP Returns a list of prime factors of a positive number, in numerical order. The special cases of \f(CW\*(C`n = 0\*(C'\fR and \f(CW\*(C`n = 1\*(C'\fR will return \f(CW\*(C`n\*(C'\fR. .PP Like most advanced factoring programs, a mix of methods is used. This includes trial division for small factors, perfect power detection, Pollard's Rho, Pollard's P\-1 with various smoothness and stage settings, Hart's \s-1OLF \s0(a Fermat variant), \s-1ECM \s0(elliptic curve method), and \&\s-1QS \s0(quadratic sieve). Certainly improvements could be designed for this algorithm (suggestions are welcome). .PP In practice, this factors 26\-digit semiprimes in under \f(CW\*(C`100ms\*(C'\fR, 36\-digit semiprimes in under one second. Arbitrary integers are factored faster. It is many orders of magnitude faster than any other factoring module on \&\s-1CPAN\s0 circa 2013. It is comparable in speed to Math::Pari's \f(CW\*(C`factorint\*(C'\fR for most inputs. .PP If you want better factoring in general, I recommend looking at the standalone programs yafu , msieve , gmp-ecm , and \&\s-1GGNFS\s0 . .SS "trial_factor" .IX Subsection "trial_factor" .Vb 2 \& my @factors = trial_factor($n); \& my @factors = trial_factor($n, 1000); .Ve .PP Given a positive number input, tries to discover a factor using trial division. The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \f(CW@factors\fR yields the original input. An optional divisor limit may be given as the second parameter. Factoring will stop when the input is a prime, one factor is found, or the input has been tested for divisibility with all primes less than or equal to the limit. If no limit is given, then \f(CW\*(C`2**31\-1\*(C'\fR will be used. .PP This is a good and fast initial test, and will be very fast for small numbers (e.g. under 1 million). For larger numbers, faster methods for complete factoring have been known since the 17th century. .PP For inputs larger than about 1000 digits, a dynamic product/remainder tree is used, which is faster than \s-1GMP\s0's native methods. This helps when pruning composites or looking for very small factors. .SS "prho_factor" .IX Subsection "prho_factor" .Vb 2 \& my @factors = prho_factor($n); \& my @factors = prho_factor($n, 100_000_000); .Ve .PP Given a positive number input, tries to discover a factor using Pollard's Rho method. The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \&\f(CW@factors\fR yields the original input. An optional number of rounds may be given as the second parameter. Factoring will stop when the input is a prime, one factor has been found, or the number of rounds has been exceeded. .PP This is the Pollard Rho method with \f(CW\*(C`f = x^2 + 3\*(C'\fR and default rounds 64M. It is very good at finding small factors. Typically \*(L"pbrent_factor\*(R" will be preferred as it behaves similarly but runs quite a bit faster. They use different parameters however, so are not completely identical. .SS "pbrent_factor" .IX Subsection "pbrent_factor" .Vb 2 \& my @factors = pbrent_factor($n); \& my @factors = pbrent_factor($n, 100_000_000); .Ve .PP Given a positive number input, tries to discover a factor using Pollard's Rho method with Brent's algorithm. The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \f(CW@factors\fR yields the original input. An optional number of rounds may be given as the second parameter. Factoring will stop when the input is a prime, one factor has been found, or the number of rounds has been exceeded. .PP This is the Pollard Rho method using Brent's modified cycle detection, delayed \f(CW\*(C`gcd\*(C'\fR computations, and backtracking. It is essentially Algorithm P''2 from Brent (1980). Parameters used are \f(CW\*(C`f = x^2 + 3\*(C'\fR and default rounds 64M. It is very good at finding small factors. .SS "pminus1_factor" .IX Subsection "pminus1_factor" .Vb 1 \& my @factors = pminus1_factor($n); \& \& # Set B1 smoothness to 10M, second stage automatically set. \& my @factors = pminus1_factor($n, 10_000_000); \& \& # Run p\-1 with B1 = 10M, B2 = 100M. \& my @factors = pminus1_factor($n, 10_000_000, 100_000_000); .Ve .PP Given a positive number input, tries to discover a factor using Pollard's \&\f(CW\*(C`p\-1\*(C'\fR method. The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \f(CW@factors\fR yields the original input. An optional first stage smoothness factor (B1) may be given as the second parameter. This will be the smoothness limit B1 for the first stage, and will use \f(CW\*(C`10*B1\*(C'\fR for the second stage limit B2. If a third parameter is given, it will be used as the second stage limit B2. Factoring will stop when the input is a prime, one factor has been found, or the algorithm fails to find a factor with the given smoothness. .PP This is Pollard's \f(CW\*(C`p\-1\*(C'\fR method using a default smoothness of 5M and a second stage of \f(CW\*(C`B2 = 10 * B1\*(C'\fR. It can quickly find a factor \f(CW\*(C`p\*(C'\fR of the input \&\f(CW\*(C`n\*(C'\fR if the number \f(CW\*(C`p\-1\*(C'\fR factors into small primes. For example \&\f(CW\*(C`n = 22095311209999409685885162322219\*(C'\fR has the factor \f(CW\*(C`p = 3916587618943361\*(C'\fR, where \f(CW\*(C`p\-1 = 2^7 * 5 * 47 * 59 * 3137 * 703499\*(C'\fR, so this method will find a factor in the first stage if \f(CW\*(C`B1 >= 703499\*(C'\fR or in the second stage if \&\f(CW\*(C`B1 >= 3137\*(C'\fR and \f(CW\*(C`B2 >= 703499\*(C'\fR. .PP The implementation is written from scratch using the basic algorithm including a second stage as described in Montgomery 1987. It is faster than most simple implementations I have seen (many of which are written assuming native precision inputs), but slower than Ben Buhrow's code used in earlier versions of yafu , and nowhere close to the speed of the version included with modern GMP-ECM with large B values (it is actually quite a bit faster than GMP-ECM with small smoothness values). .SS "pplus1_factor" .IX Subsection "pplus1_factor" .Vb 1 \& my @factors = pplus1_factor($n); .Ve .PP Given a positive number input, tries to discover a factor using Williams' \&\f(CW\*(C`p+1\*(C'\fR method. The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \f(CW@factors\fR yields the original input. An optional first stage smoothness factor (B1) may be given as the second parameter. This will be the smoothness limit B1 for the first stage. Factoring will stop when the input is a prime, one factor has been found, or the algorithm fails to find a factor with the given smoothness. .SS "holf_factor" .IX Subsection "holf_factor" .Vb 2 \& my @factors = holf_factor($n); \& my @factors = holf_factor($n, 100_000_000); .Ve .PP Given a positive number input, tries to discover a factor using Hart's \s-1OLF\s0 method. The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \&\f(CW@factors\fR yields the original input. An optional number of rounds may be given as the second parameter. Factoring will stop when the input is a prime, one factor has been found, or the number of rounds has been exceeded. .PP This is Hart's One Line Factorization method, which is a variant of Fermat's algorithm. A premultiplier of 480 is used. It is very good at factoring numbers that are close to perfect squares, or small numbers. Very naive methods of picking \s-1RSA\s0 parameters sometimes yield numbers in this form, so it can be useful to run this a few rounds to check. For example, the number: .PP .Vb 4 \& 18548676741817250104151622545580576823736636896432849057 \e \& 10984160646722888555430591384041316374473729421512365598 \e \& 29709849969346650897776687202384767704706338162219624578 \e \& 777915220190863619885201763980069247978050169295918863 .Ve .PP was proposed by someone as an \s-1RSA\s0 key. It is indeed composed of two distinct prime numbers of similar bit length. Most factoring methods will take a \&\fBvery\fR long time to break this. However one factor is almost exactly 5x larger than the other, allowing \s-1HOLF\s0 to factor this 222\-digit semiprime in only a few milliseconds. .SS "squfof_factor" .IX Subsection "squfof_factor" .Vb 2 \& my @factors = squfof_factor($n); \& my @factors = squfof_factor($n, 100_000_000); .Ve .PP Given a positive number input, tries to discover a factor using Shanks' square forms factorization method (usually known as \s-1SQUFOF\s0). The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \f(CW@factors\fR yields the original input. An optional number of rounds may be given as the second parameter. Factoring will stop when the input is a prime, one factor has been found, or the number of rounds has been exceeded. .PP This is Daniel Shanks' \s-1SQUFOF \s0(square forms factorization) algorithm. The particular implementation is a non-racing multiple-multiplier version, based on code ideas of Ben Buhrow and Jason Papadopoulos as well as many others. \&\s-1SQUFOF\s0 is often the preferred method for small numbers, and Math::Prime::Util as well as many other packages use it was the default method for native size (e.g. 32\-bit or 64\-bit) numbers after trial division. The \s-1GMP\s0 version used in this module will work for larger values, but my testing indicates it is generally slower than the \f(CW\*(C`prho\*(C'\fR and \f(CW\*(C`pbrent\*(C'\fR implementations. .SS "ecm_factor" .IX Subsection "ecm_factor" .Vb 3 \& my @factors = ecm_factor($n); \& my @factors = ecm_factor($n, 12500); # B1 = 12500 \& my @factors = ecm_factor($n, 12500, 10); # B1 = 12500, curves = 10 .Ve .PP Given a positive number input, tries to discover a factor using \s-1ECM. \s0 The resulting array will contain either two factors (it succeeded) or the original number (no factor was found). In either case, multiplying \f(CW@factors\fR yields the original input. An optional maximum smoothness may be given as the second parameter, which relates to the size of factor to search for. An optional third parameter indicates the number of random curves to use at each smoothness value being searched. .PP This is an implementation of Hendrik Lenstra's elliptic curve factoring method, usually referred to as \s-1ECM. \s0 The implementation is reasonable, using projective coordinates, Montgomery's \s-1PRAC\s0 heuristic for \s-1EC\s0 multiplication, and two stages. It is much slower than the latest GMP-ECM, but still quite useful for factoring reasonably sized inputs. .SS "qs_factor" .IX Subsection "qs_factor" .Vb 1 \& my @factors = qs_factor($n); .Ve .PP Given a positive number input, tries to discover factors using \s-1QS \s0(the quadratic sieve). The resulting array will contain one or more numbers such that multiplying \f(CW@factors\fR yields the original input. Typically multiple factors will be produced, unlike the other \f(CW\*(C`..._factor\*(C'\fR routines. .PP The current implementation is a modified version of \s-1SIMPQS,\s0 a predecessor to the \s-1QS\s0 in \s-1FLINT,\s0 and was written by William Hart in 2006. It will not operate on input less than 30 digits. The memory use for large inputs is more than desired, so other methods such as \*(L"pbrent_factor\*(R", \*(L"pminus1_factor\*(R", and \&\*(L"ecm_factor\*(R" are recommended to begin with to filter out small factors. However, it is substantially faster than the other methods on large inputs having large factors, and is the method of choice for 35+ digit semiprimes. .SH "SEE ALSO" .IX Header "SEE ALSO" .IP "Math::Prime::Util Has many more functions, lots of fast code for dealing with native-precision arguments (including much faster primes using sieves), and will use this module when needed for big numbers. Using Math::Prime::Util rather than this module directly is recommended." 4 .IX Item "Math::Prime::Util Has many more functions, lots of fast code for dealing with native-precision arguments (including much faster primes using sieves), and will use this module when needed for big numbers. Using Math::Prime::Util rather than this module directly is recommended." .PD 0 .IP "Math::Primality (version 0.08) A Perl module with support for the strong Miller-Rabin test, strong Lucas-Selfridge test, the \s-1BPSW\s0 probable prime test, next_prime / prev_prime, the \s-1AKS\s0 primality test, and prime_count. It uses Math::GMPz to do all the calculations, so is faster than pure Perl bignums, but a little slower than \s-1XS+GMP. \s0 The prime_count function is only usable for very small inputs, but the other functions are quite good for big numbers. Make sure to use version 0.05 or newer." 4 .IX Item "Math::Primality (version 0.08) A Perl module with support for the strong Miller-Rabin test, strong Lucas-Selfridge test, the BPSW probable prime test, next_prime / prev_prime, the AKS primality test, and prime_count. It uses Math::GMPz to do all the calculations, so is faster than pure Perl bignums, but a little slower than XS+GMP. The prime_count function is only usable for very small inputs, but the other functions are quite good for big numbers. Make sure to use version 0.05 or newer." .ie n .IP "Math::Pari Supports quite a bit of the same functionality (and much more). See ""\s-1SEE ALSO""\s0 in Math::Prime::Util for more detailed information on how the modules compare." 4 .el .IP "Math::Pari Supports quite a bit of the same functionality (and much more). See ``\s-1SEE ALSO''\s0 in Math::Prime::Util for more detailed information on how the modules compare." 4 .IX Item "Math::Pari Supports quite a bit of the same functionality (and much more). See SEE ALSO in Math::Prime::Util for more detailed information on how the modules compare." .IP "yafu , msieve , gmp-ecm , \s-1GGNFS\s0 Good general purpose factoring utilities. These will be faster than this module, and \fBmuch\fR better as the factor increases in size." 4 .IX Item "yafu , msieve , gmp-ecm , GGNFS Good general purpose factoring utilities. These will be faster than this module, and much better as the factor increases in size." .IP "Primo is the state of the art in freely available (though not open source!) primality proving programs. If you have 1000+ digit numbers to prove, you want to use this." 4 .IX Item "Primo is the state of the art in freely available (though not open source!) primality proving programs. If you have 1000+ digit numbers to prove, you want to use this." .IP "mpz_aprcl Open source APR-CL primality proof implementation. Fast primality proving, though without certificates." 4 .IX Item "mpz_aprcl Open source APR-CL primality proof implementation. Fast primality proving, though without certificates." .IP "GMP-ECPP . An open source \s-1ECPP\s0 primality proving program. Slower than this module's \s-1ECPP\s0 for all inputs when the large polynomial set from github is used. Extremely slow once past 300 or so digits. There are now better alternatives." 4 .IX Item "GMP-ECPP . An open source ECPP primality proving program. Slower than this module's ECPP for all inputs when the large polynomial set from github is used. Extremely slow once past 300 or so digits. There are now better alternatives." .PD .SH "REFERENCES" .IX Header "REFERENCES" .ie n .IP "Robert Baillie and Samuel S. Wagstaff, Jr., ""Lucas Pseudoprimes"", Mathematics of Computation, v35 n152, October 1980, pp 1391\-1417. " 4 .el .IP "Robert Baillie and Samuel S. Wagstaff, Jr., ``Lucas Pseudoprimes'', Mathematics of Computation, v35 n152, October 1980, pp 1391\-1417. " 4 .IX Item "Robert Baillie and Samuel S. Wagstaff, Jr., Lucas Pseudoprimes, Mathematics of Computation, v35 n152, October 1980, pp 1391-1417. " .PD 0 .ie n .IP "Jon Grantham, ""Frobenius Pseudoprimes"", Mathematics of Computation, v70 n234, March 2000, pp 873\-891. " 4 .el .IP "Jon Grantham, ``Frobenius Pseudoprimes'', Mathematics of Computation, v70 n234, March 2000, pp 873\-891. " 4 .IX Item "Jon Grantham, Frobenius Pseudoprimes, Mathematics of Computation, v70 n234, March 2000, pp 873-891. " .ie n .IP "John Brillhart, D. H. Lehmer, and J. L. Selfridge, ""New Primality Criteria and Factorizations of 2^m +/\- 1"", Mathematics of Computation, v29, n130, Apr 1975, pp 620\-647. " 4 .el .IP "John Brillhart, D. H. Lehmer, and J. L. Selfridge, ``New Primality Criteria and Factorizations of 2^m +/\- 1'', Mathematics of Computation, v29, n130, Apr 1975, pp 620\-647. " 4 .IX Item "John Brillhart, D. H. Lehmer, and J. L. Selfridge, New Primality Criteria and Factorizations of 2^m +/- 1, Mathematics of Computation, v29, n130, Apr 1975, pp 620-647. " .ie n .IP "Richard P. Brent, ""An improved Monte Carlo factorization algorithm"", \s-1BIT 20, 1980,\s0 pp. 176\-184. " 4 .el .IP "Richard P. Brent, ``An improved Monte Carlo factorization algorithm'', \s-1BIT 20, 1980,\s0 pp. 176\-184. " 4 .IX Item "Richard P. Brent, An improved Monte Carlo factorization algorithm, BIT 20, 1980, pp. 176-184. " .ie n .IP "Peter L. Montgomery, ""Speeding the Pollard and Elliptic Curve Methods of Factorization"", Mathematics of Computation, v48, n177, Jan 1987, pp 243\-264. " 4 .el .IP "Peter L. Montgomery, ``Speeding the Pollard and Elliptic Curve Methods of Factorization'', Mathematics of Computation, v48, n177, Jan 1987, pp 243\-264. " 4 .IX Item "Peter L. Montgomery, Speeding the Pollard and Elliptic Curve Methods of Factorization, Mathematics of Computation, v48, n177, Jan 1987, pp 243-264. " .ie n .IP "Richard P. Brent, ""Parallel Algorithms for Integer Factorisation"", in Number Theory and Cryptography, Cambridge University Press, 1990, pp 26\-37. " 4 .el .IP "Richard P. Brent, ``Parallel Algorithms for Integer Factorisation'', in Number Theory and Cryptography, Cambridge University Press, 1990, pp 26\-37. " 4 .IX Item "Richard P. Brent, Parallel Algorithms for Integer Factorisation, in Number Theory and Cryptography, Cambridge University Press, 1990, pp 26-37. " .ie n .IP "Richard P. Brent, ""Some Parallel Algorithms for Integer Factorisation"", in Proc. Third Australian Supercomputer Conference, 1999. (Note: there are multiple versions of this paper) " 4 .el .IP "Richard P. Brent, ``Some Parallel Algorithms for Integer Factorisation'', in Proc. Third Australian Supercomputer Conference, 1999. (Note: there are multiple versions of this paper) " 4 .IX Item "Richard P. Brent, Some Parallel Algorithms for Integer Factorisation, in Proc. Third Australian Supercomputer Conference, 1999. (Note: there are multiple versions of this paper) " .ie n .IP "William B. Hart, ""A One Line Factoring Algorithm"", preprint. " 4 .el .IP "William B. Hart, ``A One Line Factoring Algorithm'', preprint. " 4 .IX Item "William B. Hart, A One Line Factoring Algorithm, preprint. " .ie n .IP "Daniel Shanks, ""\s-1SQUFOF\s0 notes"", unpublished notes, transcribed by Stephen McMath. " 4 .el .IP "Daniel Shanks, ``\s-1SQUFOF\s0 notes'', unpublished notes, transcribed by Stephen McMath. " 4 .IX Item "Daniel Shanks, SQUFOF notes, unpublished notes, transcribed by Stephen McMath. " .ie n .IP "Jason E. Gower and Samuel S. Wagstaff, Jr, ""Square Form Factorization"", Mathematics of Computation, v77, 2008, pages 551\-588. " 4 .el .IP "Jason E. Gower and Samuel S. Wagstaff, Jr, ``Square Form Factorization'', Mathematics of Computation, v77, 2008, pages 551\-588. " 4 .IX Item "Jason E. Gower and Samuel S. Wagstaff, Jr, Square Form Factorization, Mathematics of Computation, v77, 2008, pages 551-588. " .ie n .IP "A.O.L. Atkin and F. Morain, ""Elliptic Curves and primality proving"", Mathematics of Computation, v61, 1993, pages 29\-68. " 4 .el .IP "A.O.L. Atkin and F. Morain, ``Elliptic Curves and primality proving'', Mathematics of Computation, v61, 1993, pages 29\-68. " 4 .IX Item "A.O.L. Atkin and F. Morain, Elliptic Curves and primality proving, Mathematics of Computation, v61, 1993, pages 29-68. " .ie n .IP "R.G.E. Pinch, ""Some Primality Testing Algorithms"", June 1993. Describes the primality testing methods used by many \s-1CAS\s0 systems and how most were compromised. Gives recommendations for primality testing APIs. " 4 .el .IP "R.G.E. Pinch, ``Some Primality Testing Algorithms'', June 1993. Describes the primality testing methods used by many \s-1CAS\s0 systems and how most were compromised. Gives recommendations for primality testing APIs. " 4 .IX Item "R.G.E. Pinch, Some Primality Testing Algorithms, June 1993. Describes the primality testing methods used by many CAS systems and how most were compromised. Gives recommendations for primality testing APIs. " .PD .SH "AUTHORS" .IX Header "AUTHORS" Dana Jacobsen .PP William Hart wrote the \s-1SIMPQS\s0 code which is the basis for the \s-1QS\s0 code. .SH "ACKNOWLEDGEMENTS" .IX Header "ACKNOWLEDGEMENTS" Obviously none of this would be possible without the mathematicians who created and published their work. Eratosthenes, Gauss, Euler, Riemann, Fermat, Lucas, Baillie, Pollard, Brent, Montgomery, Shanks, Hart, Wagstaff, Dixon, Pomerance, A.K. Lenstra, H. W. Lenstra Jr., Atkin, Knuth, etc. .PP The \s-1GNU GMP\s0 team, whose product allows me to concentrate on coding high-level algorithms and not worry about any of the details of how modular exponentiation and the like happen, and still get decent performance for my purposes. .PP Ben Buhrow and Jason Papadopoulos deserve special mention for their open source factoring tools, which are both readable and fast. In particular I am leveraging their \s-1SQUFOF\s0 work in the current implementation. They are a huge resource to the community. .PP Jonathan Leto and Bob Kuo, who wrote and distributed the Math::Primality module on \s-1CPAN. \s0 Their implementation of \s-1BPSW\s0 provided the motivation I needed to do it in this module and Math::Prime::Util. I also used their module quite a bit for testing against. .PP Paul Zimmermann's papers and GMP-ECM code were of great value for my projective \&\s-1ECM\s0 implementation, as well as the papers by Brent and Montgomery. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2011\-2014 by Dana Jacobsen .PP This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. .PP \&\s-1SIMPQS\s0 Copyright 2006, William Hart. \s-1SIMPQS\s0 is distributed under \s-1GPL\s0 v2+.