a RG5d&H@sddlmZmZddlmZddlmZddlmZddl m Z m Z ddl Z e ZGdddZGd d d Zd d Zd!d dZddZddZddZddZddZddZddZd"dd ZdS)#)igcd mod_inverse)integer_nthroot)_sqrt_mod_prime_power)isprime)logsqrtNc@seZdZdddZddZdS)SievePolynomialNcCs||_||_||_dS)aThis class denotes the seive polynomial. If ``g(x) = (a*x + b)**2 - N``. `g(x)` can be expanded to ``a*x**2 + 2*a*b*x + b**2 - N``, so the coefficient is stored in the form `[a**2, 2*a*b, b**2 - N]`. This ensures faster `eval` method because we dont have to perform `a**2, 2*a*b, b**2` every time we call the `eval` method. As multiplication is more expensive than addition, by using modified_coefficient we get a faster seiving process. Parameters ========== modified_coeff : modified_coefficient of sieve polynomial a : parameter of the sieve polynomial b : parameter of the sieve polynomial N)modified_coeffab)selfr r r r r L/var/www/html/django/DPS/env/lib/python3.9/site-packages/sympy/ntheory/qs.py__init__ szSievePolynomial.__init__cCs$d}|jD]}||9}||7}q |S)z Compute the value of the sieve polynomial at point x. Parameters ========== x : Integer parameter for sieve polynomial r)r )rxanscoeffr r reval!s   zSievePolynomial.eval)r NN)__name__ __module__ __qualname__rrr r r rr s r c@seZdZdZddZdS)FactorBaseElemz7This class stores an element of the `factor_base`. cCs.||_||_||_d|_d|_d|_d|_dS)z Initialization of factor_base_elem. Parameters ========== prime : prime number of the factor_base tmem_p : Integer square root of x**2 = n mod prime log_p : Compute Natural Logarithm of the prime N)primetmem_plog_psoln1soln2a_invb_ainv)rrrrr r rr4s zFactorBaseElem.__init__N)rrr__doc__rr r r rr1src Csddlm}g}d\}}|d|D]}t||dd|dkr$|dkr\|dur\t|d}|dkrx|durxt|d}t||dd}tt|d }|t |||q$|||fS) aGenerate `factor_base` for Quadratic Sieve. The `factor_base` consists of all the points whose ``legendre_symbol(n, p) == 1`` and ``p < num_primes``. Along with the prime `factor_base` also stores natural logarithm of prime and the residue n modulo p. It also returns the of primes numbers in the `factor_base` which are close to 1000 and 5000. Parameters ========== prime_bound : upper prime bound of the factor_base n : integer to be factored r)sieveNNiNi) sympy.ntheory.generater! primerangepowlenrroundrappendr) prime_boundnr! factor_baseidx_1000idx_5000rresiduerr r r_generate_factor_baseHs   r2cs|durt|td||}d\}}} |dur8dn|} |durPt|dn|} tdD]} d} g}| |krd}|dks||vrt| | }qt||j}| |9} ||qh| |}| dust|dt| dkr\|}| }|} q\|} |}g}t |D]V\}}||j}||j t | |||}||dkr>||}|| ||qt |}t | | d| ||||g| |}|D]n| jdkrqt | j_fdd|D_jj |j_jj |j_q||fS) aiThis step is the initialization of the 1st sieve polynomial. Here `a` is selected as a product of several primes of the factor_base such that `a` is about to ``sqrt(2*N) / M``. Other initial values of factor_base elem are also intialized which includes a_inv, b_ainv, soln1, soln2 which are used when the sieve polynomial is changed. The b_ainv is required for fast polynomial change as we do not have to calculate `2*b*mod_inverse(a, prime)` every time. We also ensure that the `factor_base` primes which make `a` are between 1000 and 5000. Parameters ========== N : Number to be factored M : sieve interval factor_base : factor_base primes idx_1000 : index of prime numbe in the factor_base near 1000 idx_5000 : index of primenumber in the factor_base near to 5000 seed : Generate pseudoprime numbers Nr$)NNNrr#2cs g|]}d|jjqS)r$)rr).0Zb_elemfbr r z0_initialize_first_polynomial..)rgenseedrr)rangerandintrr+abs enumeraterrsumr rrrr)NMr.r/r0r:Z approx_valZbest_aZbest_q best_ratiostartend_r qZrand_ppratioBidxvalZq_lgammar gr r5r_initialize_first_polynomialesP       &rNc Csddlm}d}|}|ddkr2|d7}|d}q||d|ddkrPd}nd}|jd|||d} |j} t| | d| | | | |g| | }|D]T} | | jdkrq| j|| j|d| j| _| j|| j|d| j| _q|S)aInitialization stage of ith poly. After we finish sieving 1`st polynomial here we quickly change to the next polynomial from which we will again start sieving. Suppose we generated ith sieve polynomial and now we want to generate (i + 1)th polynomial, where ``1 <= i <= 2**(j - 1) - 1`` where `j` is the number of prime factors of the coefficient `a` then this function can be used to go to the next polynomial. If ``i = 2**(j - 1) - 1`` then go to _initialize_first_polynomial stage. Parameters ========== N : number to be factored factor_base : factor_base primes i : integer denoting ith polynomial g : (i - 1)th polynomial B : array that stores a//q_l*gamma r)ceilingr#r$) #sympy.functions.elementary.integersrOr r r rrrr) r@r.irMrIrOvjneg_powr r r6r r r_initialize_ith_polys$   & "rVcCsdgd|d}|D]}|jdur&qt||j|jd||jD]}|||j7<qD|jdkrhqt||j|jd||jD]}|||j7<qq|S)aSieve Stage of the Quadratic Sieve. For every prime in the factor_base that does not divide the coefficient `a` we add log_p over the sieve_array such that ``-M <= soln1 + i*p <= M`` and ``-M <= soln2 + i*p <= M`` where `i` is an integer. When p = 2 then log_p is only added using ``-M <= soln1 + i*p <= M``. Parameters ========== M : sieve interval factor_base : factor_base primes rr$r#N)rr;rrr)rAr. sieve_arrayfactorrJr r r_gen_sieve_arrays  " "rYcCsg}|dkr |d|d9}n |d|D]R}||jdkrL|dq.d}||jdkrr|d7}||j}qP||dq.|dkr|dfSt|r|dfSdS)abHere we check that if `num` is a smooth number or not. If `a` is a smooth number then it returns a vector of prime exponents modulo 2. For example if a = 2 * 5**2 * 7**3 and the factor base contains {2, 3, 5, 7} then `a` is a smooth number and this function returns ([1, 0, 0, 1], True). If `a` is a partial relation which means that `a` a has one prime factor greater than the `factor_base` then it returns `(a, False)` which denotes `a` is a partial relation. Parameters ========== a : integer whose smootheness is to be checked factor_base : factor_base primes rr#rPr$TFr")r+rr)numr.vecrXZ factor_expr r r_check_smoothnesss&     r\c CsHtt|}t||d|}g} t} d|dj} t|D]\} } | |krRq@| |}||}t||\}}|dur|q@|j||j }|dur.|}|| krq@||vr||f||<q@nr||\}}| |zt ||}Wn"t y| |Yq@Yn0|||}||||}t||\}}| |||fq@| | fS)a)Trial division stage. Here we trial divide the values generetated by sieve_poly in the sieve interval and if it is a smooth number then it is stored in `smooth_relations`. Moreover, if we find two partial relations with same large prime then they are combined to form a smooth relation. First we iterate over sieve array and look for values which are greater than accumulated_val, as these values have a high chance of being smooth number. Then using these values we find smooth relations. In general, let ``t**2 = u*p modN`` and ``r**2 = v*p modN`` be two partial relations with the same large prime p. Then they can be combined ``(t*r/p)**2 = u*v modN`` to form a smooth relation. Parameters ========== N : Number to be factored M : sieve interval factor_base : factor_base primes sieve_array : stores log_p values sieve_poly : polynomial from which we find smooth relations partial_relations : stores partial relations with one large prime ERROR_TERM : error term for accumulated_val r%rPNF)rfloatrsetrr>rr\r r popr ValueErroraddr+)r@rAr.rWZ sieve_polypartial_relations ERROR_TERMsqrt_nZaccumulated_valsmooth_relations proper_factorZpartial_relation_upper_boundrJrKrrSr[Z is_smoothuZ large_primeZu_prevZv_prevZlarge_prime_invr r r_trial_division_stagesB         ricCs g}|D]}||dq|S)z|Build a 2D matrix from smooth relations. Parameters ========== smooth_relations : Stores smooth relations r$)r+)rfmatrixZ s_relationr r r _build_matrixUsrkc Csddl}||}t|}t|d}dg|}t|D]}t|D]}|||dkrDq^qDd||<t|D]P}||kr|qn|||dkrnt|D](} || ||| |d|| |<qqnq8g} t|D]"\} } | dkr| || | gq| ||fS)aFast gaussian reduction for modulo 2 matrix. Parameters ========== A : Matrix Examples ======== >>> from sympy.ntheory.qs import _gauss_mod_2 >>> _gauss_mod_2([[0, 1, 1], [1, 0, 1], [0, 1, 0], [1, 1, 1]]) ([[[1, 0, 1], 3]], [True, True, True, False], [[0, 1, 0], [1, 0, 0], [0, 0, 1], [1, 0, 1]]) Reference ========== .. [1] A fast algorithm for gaussian elimination over GF(2) and its implementation on the GAPP. Cetin K.Koc, Sarath N.ArachchigerNFr#Tr$)copydeepcopyr)r;r>r+) Arlrjrowcolmarkcrc1r2 dependent_rowrJrKr r r _gauss_mod_2cs*       *rwcCs||d}||dg}||dg}||d} t| D]f\} } | dkrr;r)r+rr)Zdependent_rowsrq gauss_matrixindexrfr@Z idx_in_smoothZ independent_uZ independent_vZdept_rowrJrKrorhrSrRr r r _find_factors&    rzcCs|d9}t|t||\}}}g}d} i} t} dt|d} | dkrbt|||||\} }nt||| | |} | d7} | dt|dkrd} t||}t||||| | |\}}||7}| |O} t|t|| krDqqDt |}t |\}}}|}t t|D]z}t ||||||}|dkr||kr| |||dkrP||}q6t|rj| |q~|dkrq~q| S)aPerforms factorization using Self-Initializing Quadratic Sieve. In SIQS, let N be a number to be factored, and this N should not be a perfect power. If we find two integers such that ``X**2 = Y**2 modN`` and ``X != +-Y modN``, then `gcd(X + Y, N)` will reveal a proper factor of N. In order to find these integers X and Y we try to find relations of form t**2 = u modN where u is a product of small primes. If we have enough of these relations then we can form ``(t1*t2...ti)**2 = u1*u2...ui modN`` such that the right hand side is a square, thus we found a relation of ``X**2 = Y**2 modN``. Here, several optimizations are done like using muliple polynomials for sieving, fast changing between polynomials and using partial relations. The use of partial relations can speeds up the factoring by 2 times. Parameters ========== N : Number to be Factored prime_bound : upper bound for primes in the factor base M : Sieve Interval ERROR_TERM : Error term for checking smoothness threshold : Extra smooth relations for factorization seed : generate pseudo prime numbers Examples ======== >>> from sympy.ntheory import qs >>> qs(25645121643901801, 2000, 10000) {5394769, 4753701529} >>> qs(9804659461513846513, 2000, 10000) {4641991, 2112166839943} References ========== .. [1] https://pdfs.semanticscholar.org/5c52/8a975c1405bd35c65993abf5a4edb667c1db.pdf .. [2] https://www.rieselprime.de/ziki/Self-initializing_quadratic_sieve r%rdr#r$)r9r:r2r_r)rNrVrYrirkrwr;rzrbr)r@r,rArdr:r/r0r.rfZith_polyrcrg thresholdZith_sieve_polyZB_arrayrWZs_relZp_frjrvrqrxZN_copyryrXr r rqssF'        r)N)r{r|)sympy.core.numbersrrsympy.core.powerrsympy.ntheory.residue_ntheoryr sympy.ntheoryrmathrrrandomRandomr9r rr2rNrVrYr\rirkrwrzrr r r rs$   ' G(&@-(