\documentclass[11pt]{article}
\usepackage{amsmath}
%\usepackage{fullpage}
%\usepackage{epic}
%\usepackage{eepic}
%\usepackage{psfig}

%\newcommand{\proof}[1]{
%{\noindent {\it Proof.} {#1} \rule{2mm}{2mm} \vskip \belowdisplayskip}
%}


%\newtheorem{lemma}{Lemma}[section]
%\newtheorem{theorem}[lemma]{Theorem}
%\newtheorem{claim}[lemma]{Claim}
%\newtheorem{definition}[lemma]{Definition}
%\newtheorem{corollary}[lemma]{Corollary}

%Theorems and likes
\newtheorem{assumption}{Assumption}[section]
\newtheorem{theorem}{Theorem}[section]
\newtheorem{fact}{Fact}[section]
\newtheorem{claim}{Claim}[section]
\newtheorem{lemma}{Lemma}[section]
\newtheorem{example}{Example}[section]
\newtheorem{definition}{Definition}[section]
\newtheorem{corollary}{Corollary}[section]
\newtheorem{exercise}{Exercise}[section]
\newtheorem{observation}{Observation}[section]


\newcommand{\bproof}{\noindent{\it Proof}}
%\newcommand{\eproof}{\hspace*{\fill}$\Box$~~~~~\bigskip}
\newcommand{\eproof}{\hspace*{\fill}\rule{2mm}{2mm}~~~~~\bigskip}
\newenvironment{proof}{\bproof: }{\eproof}

% symbols and notation
\newcommand{\defeq}{\stackrel{\rm def}{=}}


\setlength{\oddsidemargin}{0in} \setlength{\topmargin}{0in}
\setlength{\textwidth}{6in} \setlength{\textheight}{8in}

\begin{document}

\setlength{\fboxrule}{.5mm}\setlength{\fboxsep}{1.2mm}
\newlength{\boxlength}\setlength{\boxlength}{\textwidth}
\addtolength{\boxlength}{-4mm}
\begin{center}\framebox{\parbox{\boxlength}{\bf
CS 681: Computational Number Theory and Algebra \hfill Lecture 21
\\\\
Dixon's Algorithm for Factoring Integers
\\\\
Lecturer: Manindra Agrawal \hfill Scribe: Sudeepa Roy
%\\
\begin{flushright}
%date
September 27, 2005
\end{flushright}
}}\end{center} \vspace{5mm}

\section{Introduction }
Dixon's algorithm is an improvement over \textit{Fermat's factorization method} which finds integers $x$ and $y$ such that $n = x^2 - y^2 = (x+y)(x-y)$ and $n$ gets factored. Dixon's algorithm tries to find $x$ and $y$ efficiently by computing $x, y \in Z_n$ such that $x^2 = y^2 (\mod n~)$. Then with probability $\geq \frac{1}{2}$, $x \neq \pm y(\mod n~)$, and hence $\gcd(x-y, n)$ produces a factor of $n$ with probability $\geq \frac{1}{2}$.

\section{Algorithm}
Here are the steps of the algorithm.
\begin{enumerate}
  \item Randomly select $a \in Z_n$.
  \item Let $b = a^2(\mod n~)$.
  \item Check if $b$ is $k$-smooth $[~k$ to be defined later $]$.
  \item If YES, let $b = \prod\limits_{i=1}^{t}p_i^{\alpha_i}$ where $\{ p_1, \cdots, p_t \}$ is the set of primes $\leq k$.
  \item Collect $t+1$ such pairs $(a_1,b_1), (a_2,b_2), \cdots, (a_{t+1},b_{t+1})$.
  \item Let $b_j = \prod\limits_{i=1}^{t}p_i^{\alpha_{ij}}$.
  \item Find $\beta_j$'s such that $\sum\limits_{j=1}^{t+1}\beta_j\alpha_{ij}$ is even for each $i$.
  \item $x = \prod\limits_{j=1}^{t+1}a_j^{\beta_j}$ and $y = (\prod\limits_{j=1}^{t+1}b_j^{\beta_j})^{\frac{1}{2}}$.
\end{enumerate}

\section{Analysis}
  First we discuss why the step $7$ is necessary.\\
  Consider 
  
	$\prod\limits_{j=1}^{t+1}b_j^{\beta_j}$ for $\beta_j \in \{0,1\}$
	
	$= \prod\limits_{j=1}^{t+1}\prod\limits_{i=1}^{t}p_i^{\beta_j\alpha_{ij}}$
	
	$= \prod\limits_{i=1}^{t}p_i^{\sum\limits_{j=1}^{t+1}\beta_j\alpha_{ij}}$

If the term exponent $\sum\limits_{j=1}^{t+1}\beta_j\alpha_{ij}$ is even for all $i=1$ to $t$, then the number is a perfect square over integers.\\\\
Now,\\
to find $\beta_j$'s such that $\sum\limits_{j=1}^{t+1}\beta_j\alpha_{ij}$ is even for each $i$\\
$\equiv$ to find vector $\vec{\beta}$ such that $\vec{\beta}.\vec{\alpha_i} = 0(\mod 2~)$ for each $i$\\
$\equiv$ to find $\vec{\beta}$ such that $\vec{\beta}.[\vec{\alpha_1}~\vec{\alpha_2}~ \cdots \vec{\alpha_t}]_{(t+1)\times t} = 0$\\\\
which is easy given $\vec{\alpha_1},\vec{\alpha_2}, \cdots, \vec{\alpha_t}$.\\\\
Also it is easy to check that the $x$ and $y$ satisfy $x^2 = y^2(\mod n~)$.

$x^2 = \prod\limits_{j=1}^{t+1}a_j^{2\beta_j}$\\

$=\prod\limits_{j=1}^{t+1}b_j^{\beta_j} (\mod n~)$

$= y^2 (\mod n~)$\\\\
Now the problem is to find\\
\textit{How many $k$-smooth $b$'s exist in $Z_n$ of the form $a^2(\mod n~)$?}\\\\
Let $T$ be the number of $b$'s of the above kind.\\
Recall that $\Psi(n,k)=\{m \leq n~ |~ m$ is $k$-smooth $\}$ and $\psi(n,k) = |\Psi(n,k)|$.\\
Then it is easy to see that,

$T \geq \psi(\sqrt{n},k)$ $[$ taking all $k$-smooth numbers upto $\sqrt{n}$ as $a$'s $]$

$ \approx (\frac{\frac{1}{2}\ln n}{\ln k})^{\frac{\frac{1}{2}\ln n}{\ln k}}$\\
But we need to find a better lower bound of $T$.\\\\
$[$ To be continued in the next lecture $]$.

\end{document}