EPFL Logo
fr|en
Login
Concept

General number field sieve

In number theory, the general number field sieve (GNFS) is the most efficient classical algorithm known for factoring integers larger than 10100. Heuristically, its complexity for factoring an integer n (consisting of ⌊log2 n⌋ + 1 bits) is of the form in O and L-notations. It is a generalization of the special number field sieve: while the latter can only factor numbers of a certain special form, the general number field sieve can factor any number apart from prime powers (which are trivial to factor by taking roots). The principle of the number field sieve (both special and general) can be understood as an improvement to the simpler rational sieve or quadratic sieve. When using such algorithms to factor a large number n, it is necessary to search for smooth numbers (i.e. numbers with small prime factors) of order n1/2. The size of these values is exponential in the size of n (see below). The general number field sieve, on the other hand, manages to search for smooth numbers that are subexponential in the size of n. Since these numbers are smaller, they are more likely to be smooth than the numbers inspected in previous algorithms. This is the key to the efficiency of the number field sieve. In order to achieve this speed-up, the number field sieve has to perform computations and factorizations in number fields. This results in many rather complicated aspects of the algorithm, as compared to the simpler rational sieve. The size of the input to the algorithm is log2 n or the number of bits in the binary representation of n. Any element of the order nc for a constant c is exponential in log n. The running time of the number field sieve is super-polynomial but sub-exponential in the size of the input. Number field Suppose f is a k-degree polynomial over Q (the rational numbers), and r is a complex root of f. Then, f(r) = 0, which can be rearranged to express rk as a linear combination of powers of r less than k. This equation can be used to reduce away any powers of r with exponent e ≥ k.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Related courses (3)
MATH-521: Advanced analytic number theory
We will present the work of James Maynard (MF 2022) on the existence of bounded gaps between primes
MATH-489: Number theory II.c - Cryptography
The goal of the course is to introduce basic notions from public key cryptography (PKC) as well as basic number-theoretic methods and algorithms for cryptanalysis of protocols and schemes based on PKC
COM-401: Cryptography and security
This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how
Related lectures (17)
Integer Factorization: Quadratic Sieve
Covers the Quadratic Sieve method for integer factorization, emphasizing the importance of choosing the right parameters for efficient factorization.
Integer Factorization: Quadratic Sieve
Explores integer factorization using the quadratic sieve method and the challenges of working with algebraic number fields.
Shor Algorithm: Circuit Details II
Explores the Shor algorithm circuit details for efficient number factoring using quantum computing.
Show more
Related publications (39)

Moments of the number of points in a bounded set for number field lattices

Maryna Viazovska, Nihar Prakash Gargava, Vlad Serban

We examine the moments of the number of lattice points in a fixed ball of volume VV for lattices in Euclidean space which are modules over the ring of integers of a number field KK. In particular, denoting by ωKω_K the number of roots of unity in KK, we ...
arXiv2023

Fluorescence lifetime imaging with a single-photon SPAD array using long overlapping gates: an experimental and theoretical study

Edoardo Charbon, Claudio Bruschini, Andrei Ardelean, Arin Can Ülkü

Developing large arrays of single-photon avalanche diodes (SPADs) with on-chip time-correlated single-photon counting (TCSPC) capabilities continues to be a difficult task due to stringent silicon real estate constraints, high data rates and system complex ...
2019

Design Tools for Small Implantable antennas

Anja Skrivervik, Zvonimir Sipus, Ismael Vico Triviño

Implantable applications have been increasing in number in an exponential manner since the turn of the millennium. This is largely due to the increasing availability of ultra low power consumption electronics, enabling the emergence of healthcare services ...
The European Association on Antennas and Propagation (EurAAP)2018
Show more
Related people (9)
Related units (2)
Scientific Computing and Uncertainty Quantification - CADMOS Chair
SCI STI SM Group
Related concepts (14)
Quadratic sieve
The quadratic sieve algorithm (QS) is an integer factorization algorithm and, in practice, the second fastest method known (after the general number field sieve). It is still the fastest for integers under 100 decimal digits or so, and is considerably simpler than the number field sieve. It is a general-purpose factorization algorithm, meaning that its running time depends solely on the size of the integer to be factored, and not on special structure or properties.
Smooth number
In number theory, an n-smooth (or n-friable) number is an integer whose prime factors are all less than or equal to n. For example, a 7-smooth number is a number whose every prime factor is at most 7, so 49 = 72 and 15750 = 2 × 32 × 53 × 7 are both 7-smooth, while 11 and 702 = 2 × 33 × 13 are not 7-smooth. The term seems to have been coined by Leonard Adleman. Smooth numbers are especially important in cryptography, which relies on factorization of integers.
L-notation
L-notation is an asymptotic notation analogous to big-O notation, denoted as for a bound variable tending to infinity. Like big-O notation, it is usually used to roughly convey the rate of growth of a function, such as the computational complexity of a particular algorithm. It is defined as where c is a positive constant, and is a constant . L-notation is used mostly in computational number theory, to express the complexity of algorithms for difficult number theory problems, e.g.
Show more

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.