Linear factors of very large polynomials

Neill Clift on Fri, 29 Jan 2021 01:21:14 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Linear factors of very large polynomials

To: "pari-users@pari.math.u-bordeaux.fr" <pari-users@pari.math.u-bordeaux.fr>
Subject: Linear factors of very large polynomials
From: Neill Clift <NeillClift@live.com>
Date: Fri, 29 Jan 2021 00:20:44 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0KzAFe9nHJhkAGXLcWxZY5GGfqxIPXDU2GOJYdmjXg=; b=TQMSSiRsXrogdw1hVOOeZAqRLm/0b0iWaLDQNXQ0lMAmUxs/xujsiyjA2sjIDLbsF2PocRrmvRyp/EXRrRcq14IEwx+eBCuVF/bVyQuhdFgK599JTtzORdXvj//UCX/+KrSeUYLwqCj+/L1cdxUsiZyHa6UZm/5zjyFBZqYiOTCxH/jvcO4FCtxLNthuhMm1Gnjv5RW0cN1mjjlo2LgTYvGdLqGQx1ebqHWPFQhJ0u/GSTEThQxDAJLTa9WN7LOOuR3PrvHRntwZ2eu8sIK0S7Jl83F1EOGOmIv3j6nUJI0vu7WLLkrIji6haSRWY5cAo4ZcQXVNkk4rC4uzEeIxGA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AQGa6QnxTxDuwqV7SNnoC7UQ8xIz9XJY9TKAkRm/8vQjqEQQ8x9xsMvZjqAG7AjBKHlaM7d13IGnwYE5GQcXb3nRKPtyg0eXL/OYOEpD5MbjLGymYlMaT8Iv3azyGnXD3Z1b/otCxGHAUSuDHuxUM9y1hMNHalKwkyLC7b09r5a09sL/P6I1Fm4Wx/ocr7ON5NhahyRMYA1Wljn3rjpFcQLPhUlYlJ2/UwDW+Y3/kMtnpPGzaxstwwGIMvb2rvPpyvRG5Y0RiKFrEa3ENk/iHRtNMK7+rf8xdFhygIKqLaCwpwJWZobsYmVkvoL0llRWLL98LzdFobc1TLhHQXViLQ==
Delivery-date: Fri, 29 Jan 2021 01:21:14 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0KzAFe9nHJhkAGXLcWxZY5GGfqxIPXDU2GOJYdmjXg=; b=CgeG5G/5Cmv+wgQ8vXq24uoZq2XwOfGsgGzaNsCSMugwCsN1R+fl20n37lD5QLlqBjECGpiLjJkwux5WA2syG6TwYPvNhhLwr1GnEoW1LAwuBtXX66rARsNAargnpd4g/i0X3GsVGV2vduj/FRzI0+SL+/V2ynkcxaFaY6+41pKW+uwzyxkGASYTy+sXa7rPYnphXQOT6kA3C5o9DmjwVFWWaMZFU9NwhPnAjUIPr088PXsb1AQISgLM0joJfhx5DQmr+XsBNdVt5RpL45/YWD0GdZ5Et1zzvqxcaMY+oN8EMwjoX/8KGW/Skorigf4MH6P8KcCBRqWbwZjVMaZOVA==
Thread-index: Adb10WAtPxkryAs+RnKg2XvqRBcS6Q==
Thread-topic: Linear factors of very large polynomials

Hi,

This is more of a question about the limits of computations pari/gp could do. This is not very important but it might be of interest to some people.

So a few decades ago I realized eventually the password hashing algorithm in the OpenVMS operating system would be invertible. It was just a matter of machines getting enough memory and being able to do some large GCD’s.

In 2017 I asked a few questions here and got pari to actual find the linear factors of a large polynomial mod 2^64-59. The polynomial looked like this:

f(x) = x^16777213 - 24 * x^16777153 - 120 * x^3 - 198 * x^2 - 264 * x + 17748126081817865973

The constant term is different for each password that is to be found. I used FpX_roots(f,2^64-59) to find the factors. I think it took about 12 hours to do.

Now OpenVMS isn’t a seriously used operating system anymore (I don’t doubt some people are still using it somewhere). It’s developed still by some enthusiasts.

They haven’t fixed this problem. Clearly a modern hash should be put in it’s place but they have a field size limitation of 64 bits. It can be changed but it’s more work.

I was thinking we could just increase the degree of the polynomial and maybe add more terms. We want the hashing to be slower and of course sieving out the linear terms to be impossible with some reasonable h/w.

Degree can’t exceed 2^64-59 or we could just reduce it obviously.

Would I be right in thinking:

Pari or any other software could not do the polynomial GCD to find the roots if the degree cause the coefficients to exceed current machine memory limits? I assume we are finding GCD(f(x),x^p-x) and the largest polynomial we get is the degree of f(x)^2 or something like that. During the GCD it probably becomes dense.
I read most random polynomials are irreducible. So increasing the degree can cause more solutions but maybe not a huge number. I saw various f(x) with changed constant terms having 1-4 roots.

I happen to work on addition chains so I can find large exponents that don’t have nice ways of calculating with fewer multiplies. So the binary method is close to optimal.

Thanks for your thoughts.

Neill.

Follow-Ups:
- Re: Linear factors of very large polynomials
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>
- Re: Linear factors of very large polynomials
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

Prev by Date: Fwd: How to use a named elliptic curve?
Next by Date: Re: Linear factors of very large polynomials
Previous by thread: Re: Curiosity
Next by thread: Re: Linear factors of very large polynomials
Index(es):
- Date
- Thread