pollardsrho

// Pollard's rho implementation // See https://en.algorithmica.org/hpc/algorithms/factorization/#pollard-brent-algorithm // And https://en.wikipedia.org/wiki/Pollard%27s_rho_algorithm#Variants //@external("env", "consoleLog") //declare function consoleLog(a:u64): void; // ((a * b) >> 64) from https://doc.lagout.org/security/Hackers%20Delight.pdf function mulhu(a:u64, b:u64):u64 { const ahi = a >> 32; const alo = a & 0xFFFFFFFF; const bhi = b >> 32; const blo = b & 0xFFFFFFFF; const t = ahi * blo + ((alo * blo) >> 32); return ahi * bhi + (t >> 32) + ((alo * bhi + (t & 0xFFFFFFFF)) >> 32); } function modInverseMod2pow64(a:u64):u64 { let aInv = a; for (let e = 2; e < 64; e += e) { aInv = u64(aInv * (2 - u64(a * aInv))); } return aInv; } function montgomeryReduce(phi:u64, plo:u64, n:u64, nInv:u64):u64 { const x = mulhu(u64(plo * nInv), n); return phi - x + (phi < x ? n : 0); } function montgomeryMultiply(x:u64, y:u64, n:u64, nInv:u64):u64 { return montgomeryReduce(mulhu(x, y), u64(x * y), n, nInv); } function mulMod(a:u64, b:u64, m:u64):u64 { let s = u64(0); while (a !== 0) { s = ((a & 1) !== 0 ? s - (m - b) + (s < m - b ? m : 0) : s); b = b - (m - b) + (b < m - b ? m : 0); a >>= 1; } return s; } function montgomeryTransform(x:u64, n:u64):u64 { // (x * 2**64) % n : return mulMod(x, u64(-1) % n + 1, n); } export function gcdBinary(a:u64, b:u64):u64 { if (a === 0) { return b; } if (b === 0) { return a; } const z = i64.ctz(a | b); a >>= i64.ctz(a); b >>= i64.ctz(b); do { const absDiff = a < b ? b - a : a - b; // abs(a - b) b = a < b ? a : b; // min(a, b) a = absDiff; a >>= i64.ctz(a); } while (a !== 0); b <<= z; return b; } function f(x:u64, c:u64, n:u64, nInv:u64):u64 { let y = montgomeryMultiply(x, x, n, nInv); y = y - (n - c) + (y < (n - c) ? n : 0); return y; } function absDiff(a:u64, b:u64):u64 { return a < b ? b - a : a - b; } function internal(n:u64, x0:u64, c:u64, maxSteps:u32):u64 { const nInv = modInverseMod2pow64(n); x0 = montgomeryTransform(x0, n); c = montgomeryTransform(c, n); const one = u64(1); // (2**64)**-1 mod n in Montgomery Form // Brent cycle detection: let hare = x0; let i = u32(0); let power = u32(1); let product = one; let productStartHare = hare; let productStartStep = i; let cycleFound = false; while (i <= maxSteps) { const tortoise = hare; do { hare = f(hare, c, n, nInv); i += 1; if (i <= ((power * 3) >> 2)) { // see https://maths-people.anu.edu.au/~brent/pd/rpb051i.pdf product = one; productStartHare = hare; productStartStep = i; } else { const d = absDiff(hare, tortoise); if (product === one) { product = d; } else { product = montgomeryMultiply(product, d, n, nInv); } if (i === power || i % 128 === 0 || cycleFound) { const factor = gcdBinary(product, n); if (factor !== 1) { if (factor !== n) { return factor; } if (cycleFound) { return n; } cycleFound = true; hare = productStartHare; i = productStartStep; } product = one; productStartHare = hare; productStartStep = i; } } } while (i !== power); power <<= 1; } return 0; } export function PollardsRho64(n:u64, maxSteps:i32):u64 { if (n <= 2) { return 0; } if (n % 2 === 0) { return 2; } const x0 = u64(2); let c = u64(0); let g = n; do { // it is much better to switch c, not x0 // f(x) = x^2 + c, some values are not good with x0=2 (from my tests: 0, -2, -6, -7) c += 1; if (c > 42) { // n is prime? return 0; } g = internal(n, x0, c, maxSteps); } while (g === n); return g; }