Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits


We study the problem of finding solutions to linear equations modulo an unknown divisor p of a known composite integer N. An important application of this problem is factorization of N with given bits of p. It is well-known that this problem is polynomial-time solvable if at most half of the bits of p are unknown and if the unknown bits are located in one consecutive block. We introduce an heuristic algorithm that extends factoring with known bits to an arbitrary number n of blocks. Surprisingly, we are able to show that ln (2) ≈ 70% of the bits are sufficient for any n in order to find the factorization. The algorithm’s running time is however exponential in the parameter n. Thus, our algorithm is polynomial time only for \(n = {\mathcal O}(\log\log N)\) blocks.
This research was supported by the German Research Foundation (DFG) as part of the project MA 2536/3-1.