Integer factorization calculator
This application factors numbers or numeric expressions using two fast algorithms: the Elliptic Curve Method (ECM) and the Self-Initializing Quadratic Sieve (SIQS).
The program uses local storage to remember the progress of the factorization, so you can complete the factorization of a large number in several sessions. Your computer will remember the state of the factorization. You only have to reload this page.
Since all calculations are performed in your computer, you can disconnect it from the Internet while the factorization is in progress. You can even start this application without Internet connection after the first run.
The source code is written in C programming language and compiled to asm.js and WebAssembly, which are the languages used by Web navigators. The latter is faster, but it is not supported in all Web browsers. You can see the version while a number is being factored.
See factorization records for this application.
You can enter expressions that use the following operators, functions and parentheses:
- + for addition
- - for subtraction
- * for multiplication
- / for integer division
- % for modulus (remainder of the integer division)
- ^ or ** for exponentiation (the exponent must be greater than or equal to zero).
- <, ==, >; <=, >=, != for comparisons. The operators return zero for false and -1 for true.
- AND, OR, XOR, NOT for binary logic.
- SHL: Shift left the number of bits (multiply by the power of 2) specified on the right operand. Example: 5 SHL 3 = 40.
- SHR: Shift right the number of bits (divide by the power of 2) specified on the right operand. Example: -19 SHL 2 = -5.
- n!: factorial (n must be greater than or equal to zero). Example: 6! = 6 × 5 × 4 × 3 × 2 = 720.
- p#: primorial (product of all primes less or equal than p). Example: 12# = 11 × 7 × 5 × 3 × 2 = 2310.
- B(n): Previous probable prime before n. Example: B(24) = 23.
- F(n): Fibonacci number F_{n} from the sequence 0, 1, 1, 2, 3, 5, 8, 13, 21, etc. where each element equals the sum of the previous two members of the sequence. Example: F(7) = 13.
- L(n): Lucas number L_{n} = F_{n-1} + F_{n+1}
- N(n): Next probable prime after n. Example: N(24) = 29.
- P(n): Unrestricted Partition Number (number of decompositions of n into sums of integers without regard to order). Example: P(4) = 5 because the number 4 can be partitioned in 5 different ways: 4 = 3+1 = 2+2 = 2+1+1 = 1+1+1+1.
- Gcd(m,n): Greatest common divisor of these two integers. Example: GCD(12, 16) = 4.
- Modinv(m,n): inverse of m modulo n, only valid when m and n are coprime, menaning that they do not have common factors. Example: Modinv(3,7) = 5 because 3 × 5 ≡ 1 (mod 7)
- Modpow(m,n,r): finds m^{n} modulo r. Example: Modpow(3, 4, 7) = 4, because 3^{4} ≡ 4 (mod 7).
- Totient(n): finds the number of positive integers less than n which are relatively prime to n. Example: Totient(6) = 2 because 1 and 5 do not have common factors with 6.
- IsPrime(n): returns zero if n is not probable prime, -1 if it is. Example: IsPrime(5) = -1.
- NumDivs(n): Number of positive divisors of n. Example: NumDivs(28) = 6 because the divisors of 28 are 1, 2, 4, 7, 14 and 28.
- SumDivs(n): Sum of all positive divisors of n. Example: SumDivs(28) = 56 because 1 + 2 + 4 + 7 + 14 + 28 = 56.
- NumDigits(n,r): Number of digits of n in base r. Example: NumDigits(13, 2) = 4 because 13 in binary (base 2) is expressed as 1101.
- SumDigits(n,r): Sum of digits of n in base r. Example: SumDigits(213, 10) = 6 because the sum of the digits expressed in decimal is 2+1+3 = 6.
- RevDigits(n,r): finds the value obtained by writing backwards the digits of n in base r. Example: RevDigits(213, 10) = 312.
- ConcatFact(m,n): Concatenates the prime factors of n according to the mode expressed in m which follows this table:
Mode | Order of factors | Repeated factors | Example |
---|---|---|---|
0 | Ascending | No | concatfact(0,36) = 23 |
1 | Descending | No | concatfact(1,36) = 32 |
2 | Ascending | Yes | concatfact(2,36) = 2233 |
3 | Descending | Yes | concatfact(3,36) = 3322 |
You can use the prefix 0x for hexadecimal numbers, for example 0x38 is equal to 56.
The notation k ≡ m (mod n) means that the remainder of the division of k by n equals the remainder of the division of m by n. The number n is called modulus.
This method computes points in elliptic curves, which are represented by formulas such as y² ≡ x³ + ax + b (mod n) where n is the number to factor.
In the next graphic you can see the points (x, y) for which y² ≡ x³ + 4x + 7 (mod 29) holds. Since the computation use modular arithmetic (in this case using the remainder of the division by 29), the points that belong to the elliptic curve cannot be represented as a continuous line. That would be the case if the operations were performed in real numbers.
Apart from the points shown above, we use another point, named O, or point at infinity.
Using complex formulas, we can define a sum of points. In this way a point (x_{3}, y_{3}) that belongs to the mentioned curve can be the sum of other points (x_{1}, y_{1}) and (x_{2}, y_{2}) that also belong to the curve.
A point (x, y) can be added to itself several times, obtaining a new point (x_{4}, y_{4}) that is a multiple of (x, y).
When the modulus is a prime number, and 4a³ + 27b² ≡ 0 (mod p) is not true, the points that belong to the elliptic curve (including the point O) form a mathematical structure called group. The group order is the number of points. In the graphic we can see 31 points, so the group order is 32. Since O + O = O, if we multiply any point by a multiple of the group order we obtain the point O.
Even though the value of the group order is difficult to find, it can be shown that it is near the prime number used as the modulus. By changing the curve, we obtain a different group, and its order also changes.
In order to factor a number n, we have to find a multiple of the group order corresponding to any of the prime factors of n.
For each elliptic curve to process we try to find the point at infinity. There are two steps.
In the first step, the algorithm multiplies points by powers of different prime numbers less than a bound named B1. When computing the greatest common divisor between the coordinate x of the computed point and the number to factor we can obtain the prime number we are searching if all prime factors of the group order are less than B1.
Using the result of the first step, the second step obtains multiples of that point up to the upper bound B2, and we multiply the coordinates x of all points found in this step. Finally we compute the gratest common divisor between the product and the number to factor. In this case we can obtain the prime number we are searching if all prime factors (except one) of the group order are less than B1 and the greatest prime factor of the group order is less than B2.
If the greatest common divisor equals 1, we have to try with a different curve by changing the parameters a and b and computing an initial point (x, y) that belongs to the new curve.
The program uses many optimizations that are outside the scope of this help to explain them here.
The execution time depends on the magnitude of the second largest prime factor and on your computer speed.
Digits | Values of B1 | Expected curves |
---|---|---|
15 | 2000 | 25 |
20 | 11000 | 90 |
25 | 50000 | 300 |
30 | 250000 | 700 |
35 | 1 000000 | 1800 |
40 | 3 000000 | 5100 |
45 | 11 000000 | 10600 |
50 | 43 000000 | 19300 |
55 | 110 000000 | 49000 |
60 | 260 000000 | 124000 |
65 | 850 000000 | 210000 |
70 | 2900 000000 | 340000 |
The program runs 25 curves with limit B1 = 2000, 300 curves with limit B1 = 50000, 1675 curves with limit B1 = 1000000 and finally it uses curves with limit B1 = 11000000 until all factors are found.
The ECM factoring algorithm can be easily parallelized in several machines. In order to do it, run the factorization in the first computer from curve 1, run it in the second computer from curve 10000, in the third computer from curve 20000, and so on. In order to change the curve number when a factorization is in progress, press the button named More, type this number on the input box located on the new window and press the New Curve button.
When one of the machines discovers a new factor, you should enter this factor in the other computers by typing it in the bottom-right input box and pressing Enter (or clicking the Factor button).
The notation k ≡ m (mod n) means that the remainder of the division of k by n equals the remainder of the division of m by n. The number n is called modulus.
Let N be the number to be factored. This number must not be a perfect power. If somehow we find two integers X and Y such that X² ≡ Y (mod N) and X≠Y (mod N), then gcd(X+Y, N) will reveal a proper factor of N.
In order to find these values X and Y, the method finds relations which have the form t² ≡ u (mod N) where u is the product of small prime numbers. The set of these primes is the factor base. These relations will be found using sieving, which is outside the scope of this introduction.
The relations found are combined using multiplications. The left hand side will always be a square because is a product of squares, so the goal is to have a square at the right hand side. A number is a square when all its prime factors appear an even number of times.
For example: let the number to factor be N = 1817 and we have found the following relations with factor base = {2, 7, 13}:
45² ≡ 2^{4} × 7^{0} × 13^{1}
123² ≡ 2^{10} × 7^{0} × 13^{1}
Both relations have non-square RHS, since the exponent of 13 is not even. But multiplying them we get:
84² ≡ 2^{14} × 13²
84² ≡ (2^{7}×13)²
Since 2^{7}×13 ≡ 1664 we get the factor gcd(84+1664, 1817) = 23.
Which relations have to multiplied to find a square in the RHS is a linear algebra problem and it is solved using matrices.
When the number to be factorized is in the range 31 to 95 digits, after computing some curves in order to find small factors, the program switches to SIQS (if the checkbox located below the applet enables it), which is an algorithm that is much faster than ECM when the number has two large prime factors. Since this method needs a large amount of your computer's memory to store relations, if you restart the applet the factorization begins from scratch. In order to start factoring immediately using SIQS, you can enter 0 in the New Curve box.
Digits | 31-55 | 56-60 | 61-65 | 66-70 | 71-75 | 76-80 | 81-85 | 86-90 | 91-95 |
---|---|---|---|---|---|---|---|---|---|
Curve | 10 | 15 | 22 | 26 | 35 | 50 | 100 | 150 | 200 |
You can change settings for this application by pressing the Config button when a factorization is not in progress. A new window will pop up where you can select different settings:
- Digits per group: In order to improve readability, big numbers are separated by spaces forming groups of a fixed number of digits. With this input box, you can determine the number of digits in a group.
- Verbose mode: Not ready yet.
- Pretty print: If this checkbox is set, the exponents are shown in superscripts and the multiplication sign is " × ". The application also shows the number of digits for numbers with more than 30 digits. If the checkbox is not set, the exponents are preceded by the exponentiation sign " ^ " and the multiplication is indicated by asterisks. Also the number of digits is never displayed. This mode eases copying the results to other mathematical programs.
- Hexadecimal output: If this checkbox is set, the numbers are shown in hexadecimal format instead of decimal, which is the common notation. To enter numbers in hexadecimal format, you will need to precede them by the string 0x. For instance 0x38 = 56. The program shows hexadecimal numbers with monospaced font.
- Use Cunningham tables on server: When selected, if the number to be factored has the form a^{b} ± 1, the application will attempt to retrieve the known factors from the Web server. In order to reduce the database, only factors with at least 14 digits are included, so the application will find the small factors. These factors comes from Jonathan Crombie list and it includes 2674850 factors of Cunningham numbers.
The configuration is saved in your device, so when you start again the Web browser, all settings remain the same.
Write an expression per line, then press the appropriate button. The output will be placed in the lower pane.
Blank lines or comment lines (which start with a numeral '#' character) will be replicated on the lower pane.
Expression loop: with the following syntax you can factor or determine primality of several numbers typing only one line. You have to type four or five expressions separated by semicolons:
- First expression: It must start with the string 'x=' and it sets the first value of x.
- Second expression: It must start with the string 'x=' and it sets the next value of x.
- Third expression: It holds the end expression condition. If it is equal to zero (meaning false) the loop finishes, otherwise the loop continues.
- Fourth expression: It holds the expression to be factored.
- Optional fifth expression: If this expression is different from zero (meaning true), the fourth expression is displayed or factored, and if is zero (meaning false), the fourth expression is ignored.
Except for the first expression, all other expressions must include the variable x and/or the counter c.
If the end expression is false after processing 1000 numbers, the Continue button will appear. Pressing this button will make the program to process the next 1000 numbers and so on.
Example 1: Find the factors of the first 100 numbers of the form prime minus one.
The line to type is: x=3;x=n(x);c<=100;x-1
.
Example 2: Find the Smith numbers less than 10000. A Smith number, according to Wikipedia, is a composite number for which, in a given base (in base 10 by default), the sum of its digits is equal to the sum of the digits in its prime factorization.
The line to type is: x=1;x=x+1;x<10000;x;sumdigits(x, 10)==sumdigits(concatfact(2,x),10) and not isprime(x)
You can download the source of the current program and the old factorization applet from GitHub. Notice that the source code is in C language and you need the Emscripten environment in order to generate Javascript.
Written by Dario Alpern. Last updated 1 November 2018.