# Factoring n and the Number of Points of Kummer Hypersurfaces mod n

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10737)

## Abstract

In this paper we describe the reduction of factorization of a square-free integer n to the problem of determining the number of points in $$\mathbb {Z}_n^{d+1}$$ on twists of Kummer hypersurfaces $$y^k = f(x_1,\ldots , x_d)\,{\text {mod}}\,n$$, where $$f(x_1,\ldots , x_d)\in \mathbb {Z}_n[x_1,\ldots , x_d]$$ and $$k>1$$. This reduction is expected to be polynomial time (in $${\text {log}}\,n$$) for small k and fixed number of prime divisors of n provided that some necessary for this reduction conditions are satisfied. This extends the known reduction of factorization to determining the number of points on elliptic curves $$y^2 = x^3 +ax +b$$ over $$\mathbb {Z}_n$$. In particular our reduction implies that factorization of n can be reduced to determining the number of points on quadrics in $$\mathbb {Z}_n^{d}$$, $$d>1$$, which extends the known reduction of factorization to determining the order of $$\mathbb {Z}_n^*$$. We also describe the reduction of factorization to determine the number of points in $$\mathbb P^2(\mathbb {Z}_n)$$ on superelliptic curves $$y^k = f(x_1)\,{\text {mod}}\,n$$. To study the complexity of these reductions we introduce some notions and prove useful facts for a more precise analysis. In greater detail we consider the case of the reduction when $$n=pq$$ is a product of two primes and $$k=2$$.

## Keywords

Dirichlet characters Least r-th power nonresidue Integer factorization Reductions Elliptic and hyperelliptic curve Kummer surface

## References

Adleman, L.M., McCurley, K.S.: Open problems in number theoretic complexity, II. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 291–322. Springer, Heidelberg (1994).
2. [Bac84]
Bach, E.: Discrete logarithms and factoring. Computer Science Division, University of California, Berkeley (1984)Google Scholar
3. [Dav67]
Davenport, H.: Multiplicative Number Theory. Markham Publishing Company, Chicago (1967)
4. [DrPo17]
Dryło, R.E., Pomykała, J.: Integer factoring problem and elliptic curves over the ring $$\mathbb{Z}_n$$ (submitted)Google Scholar
5. [DuPo17]
Durnoga, K., Pomykała, J.: Large sieve, Miller-Rabin compositness witnesses and integer factoring problem. Fundam. Inf. 156(2), 179–185 (2017)
6. [GPS02]
Galbraith, S., Paulus, S., Smart, N.: Arithmetic on superelliptic curves. Math. Comput. 71(237), 393–405 (2002)
7. [HaWr79]
Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers, 5th edn. OxfordScience Publications/Clarendon Press, Oxford (1979)
8. [KuKo98]
Kunihiro, N., Koyama, K.: Equivalence of counting the number of points on elliptic curve over the ring Zn and factoring n. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 47–58. Springer, Heidelberg (1998). Google Scholar
9. [KnPa76]
Knuth, D.E., Trabb, L.: Analysis of a simple factorization algorithm. Theoret. Comput. Sci. 3, 321–348 (1976)
10. [LaWu08]
Lau, Y.K., Wu, J.: On the least quadratic non-residue. Int. J. Number Theory 04, 423 (2008)
11. [Len87]
Lenstra Jr., H.W.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987)
12. [LePo05]
Lenstra Jr., H.W.C.: Pomerance, primality testing with Gaussian periods. http://www.ams.org/journals/mcom/2015-84-291/S0025-5718-2014-02840-8
13. [MMV01]
Martin, S., Morillo, P., Villar, J.L.: Computing the order of points on an elliptic curve modulo N is as difficult as factoring N. Appl. Math. Lett. 14(3), 341–346 (2001)
14. [OkUc98]
Okamoto, T., Uchiyama, S.: Security of an identity-based cryptosystem and the related reductions. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 546–560. Springer, Heidelberg (1998). Google Scholar