CONTINUED FRACTIONS AND FACTORING Niels Lauritzen
ii NIELS LAURITZEN DEPARTMENT OF MATHEMATICAL SCIENCES UNIVERSITY OF AARHUS, DENMARK EMAIL: niels@imf.au.dk URL: http://home.imf.au.dk/niels/
Contents 1 Factoring using continued fractions 1 1.0.1 The Fermat-Kraitchik method..... 1 2 Continued fractions 5 2.1 The game that might never stop... 5 2.1.1 Rational numbers...... 6 2.2 Basic theory of continued fractions...... 7 2.3 Eulers rule and corollaries..... 8 2.4 Continued fraction for a real number..... 10 2.5 Quadratic irrationalities...... 11 2.5.1 Purely periodic continued fractions...... 12 2.6 The continued fraction for Æ... 15 2.7 A few words on Pells equation... 16 3 Exercises 17 3.1 Inclass... 17 3.2 Homework... 17 iii
iv CONTENTS
Chapter 1 Factoring using continued fractions The statement that every integer can be written as a product of prime numbers is a typical mathematical statement with a simple proof. Things become much more complicated when you (inspired by Gauss) ask for a good algorithm for factoring a given integer Æ. In a non-trivial factorization Æ one of the factors and must be Æ.IfÆ is even ¾ divides and we have found a factor. If Æ is odd we may find a factor of Æ, by starting with and try dividing with odd numbers up to Æ. This procedure is called trial division. The number of steps in trial division is proportional to the smallest prime factor. This is extremely slow. If you want to factor a ¼¼ digit number, which is the product of two ¼ digit prime numbers, you must carry out approximately ¼ ¼ steps of trial division. If every step takes ¼ ¼ seconds, you will have to wait for ¼ ¼ seconds (or approximately ¼ ¾ years). There are better algorithms. 1.0.1 The Fermat-Kraitchik method Currently the most effective algorithms for factoring difficult integers originates in the historic fact that if an integer Æ can be written as the difference Ü ¾ Ý ¾ between two squares, we have the factorization Æ Ü ¾ Ý ¾ Ü Ýµ Ü Ýµ On the other hand if an odd number Æ ÙÚ is composite, then Ù Ú ¾ Ù Ú ¾ Æ ¾ ¾ This method of factoring goes back to Fermat. Suppose we wish to factor Æ. Fermat s method would start with the function Ë Üµ Ü ¾ Æ 1
2 CHAPTER 1. FACTORING USING CONTINUED FRACTIONS and search for Ü, such that Ë Üµ Ý ¾ is square. Usually one runs through Ü Æ Ü Æ, where Æ denotes the integral part of Æ. Putting Æ ¾, one would find Ë µ ¼Ë ¼µ ¾. This means that ¾ ¼ µ ¼ µ. Of course using this method on a composite number (like ¾ ¼¼¼ ) works just as terribly as trial division. There is a beautiful variation of Fermat s method (due to M. Kraitchik (1882 1957)) using congruences. The insight is that it usually suffices that Æ divides Ü ¾ Ý ¾ to find a factor of Æ. This means that Æ Ü ¾ Ý ¾ Ü Ýµ Ü Ýµ Now if Æ does not divide any of Ü Ý and Ü Ý, then we may conclude that Ü Ý Æµ and use the Euclidean algorithm to find ÆÜ Ýµ, which is a non-trivial factor of Æ. So one should look for solutions Ü, Ý such that Ü ¾ Ý ¾ ÑÓ Æ µ Ü Ý ÑÓ Æ µ Suppose we have collected Ü Ü Ò, such that Ü ¾ ÑÓ Æ µü ¾ Ò Ò ÑÓ Æ µ for some integers Ò. If a subset Ö of ¾ Ò satisifes that Ö is a square, then Ü Ü Ö µ ¾ Ö ÑÓ Æ µ and we have our congruence Ü ¾ Ý ¾ ÑÓ Æ µ. This congruence may or may not satisfy Ü Ý ÑÓ Æ µ. To tell if a number Ò is square we factor it Ò Ò ÒÖ Ö using some predefined factor basis È Ö of (small) prime numbers. Now Ò is a square if and only if all the exponents Ò Ò Ö are even. Exercise 1.0.1 Suppose that the prime factorizations of Ò over the factor basis È (assume all a s factor completely using primes from È )are Ñ ¾ Ñ ¾. Ò Ñ Ò Ñ Ö Ö Ñ ¾Ö Ö ÑÒÖ Ö Use linear algebra over ¾ to find a subset Ö of ¾Ò such that Ö is a square.
3 Let us apply this to the numbers we get from the function Ë Üµ Ü ¾ Æ. Notice that Ü ¾ Ë Üµ ÑÓ Æ µ. We wish to find values Ü Ü Ò, such that the product of a suitable subset of the numbers Ë Ü µë Ü Ò µ is a square. For Æ ¾¼(this example is from [1]) we illustrate this in the table below Ü Ü ¾ Æ Factorization Marked 46 75 ¾ 47 168 ¾ 48 263 ¾ 49 360 ¾ ¾ 50 459 51 560 ¾ The above table shows that Ë µë µë µë µ ¼ ¼ ¾ ¾ ¾ µ ¾ is a square. Putting Ù ¾ ¾ ¾, we get Ù ¾ ¼¼¼ ¾ ¾ ÑÓ ¾¼µ. Now we know that Ù ¾ Ú ¾ ÑÓ ¾¼µ where Ú ¼¾ ÑÓ ¾¼µ. Using the Euclidean algorithm one finds the greatest common divisor of Ù Ú ¼ and ¾¼, which is. We have found the factorization ¾¼. Using the original method of Fermat we would have to wait until Ü ¼ before having a subset whose product is a square. The heavy part of the algorithm is factoring Ë Üµ Ü ¾ Æ. Around 1982 Pommerance discovered a nice trick to avoid this. The observation is that a prime power Ö divides Ë Üµ if and only if it divides Ë Ü Ö µ, where ¾. So if one can locate a number Ü such that Ö Ë Üµ, then we know in advance that Ö Ë Ü Ö µë Ü ¾ Ö µ. This is a socalled sieving procedure (like the sieve of Eratosthenes eliminating multiples of prime numbers). It leads to the factorization algorithm called the quadratic sieve. In [1] you can find a nice description of this and other sieving methods for factoring. These are currently the most effective factoring the challenges issued by RSA. In fact the RSA challenge with digits was factored using sieving. We will however describe the champion of factoring preceeding the quadratic sieve, the continued fraction algorithm. This is in order to get involved in some fantastic 19th century mathematics and show how an idea from the heart of mathematics can be applied in easing factoring. The problem with Fermats method is that Ë Üµ Ü ¾ Æ grows too rapidly. It takes longer and longer to factor Ë Üµ. One can instead use convergents Ò Ø Ò in the continued fraction expansion of Æ (or Æ, where ¾ Æ). Then one tries the above method for factoring successively using the numbers Ü Ò Ò Ý Ò ¾ Ò Æؾ Ò
4 CHAPTER 1. FACTORING USING CONTINUED FRACTIONS Clearly Ü ¾ Ò Ý Ò ÑÓ Æ µ. From the theory of continued fractions one gets the inequality Ý Ò ¾ Æ Exercise 1.0.2 Prove this inequality after having read about continued fractions in the next chapter.
Chapter 2 Continued fractions 2.1 The game that might never stop Let Ü denote the largest integer Ü, where Ü ¾ Ê is a real number. For a given real number we wish to decide if is rational. Clearly this is true if. If not, we may write Now put.if, was a rational number. If not we put ¾ and write ¾ We continue this and cook up new real numbers and stop if Ò Ò for some Ò. This game is called the continued fraction algorithm for a real number. The game never stops if is an irrational number. Exercise 2.1.1 Prove this! Example 2.1.2 The first steps of the continued fraction algorithm for leads 5
6 CHAPTER 2. CONTINUED FRACTIONS to the following continued fraction where is an irrational number. ¾¾ Example 2.1.3 The continued fraction algorithm for ¾ can be carried out by algebraic computations. Here is how. First we rewrite a bit ¾ ¾ ¾ Now we have an expression for ¾ that bites its own tail. Let us insert it into itself: ¾ ¾ ¾ ¾ We can repeat this to get the continued fraction ¾ ¾ ¾ ¾ In this way we have proved that ¾ is irrational or have we? 2.1.1 Rational numbers The continued fraction algorithm for rational numbers turns out to be the classical Euclidean algorithm. This is quite easy to see. Consider a fraction, where ¼. Then Õ Ö and Õ. Therefore Õ Ö Õ Ö
2.2. BASIC THEORY OF CONTINUED FRACTIONS 7 and the continued fraction algorithm continues with the fraction Ö. Ultimately this process will stop. Example 2.1.4 Consider the fraction ¼ ¼¾. Division with remainder gives ¼ ¼¾. This implies that ¼ ¼¾ ¼¾ Again ¼¾ ¾, Therefore ¼¾ Continue with ¾ ¾¾: ¾ ¾ ¾ ¾¾ ¾ ¼¾ 2.2 Basic theory of continued fractions ¾¾ A continued fraction is formally a sequence of integers ¼ Ò, where ¾ and ¼ for ¼. There is a one to one correspondence between continued fractions and real numbers. This is displayed in the notation ¼ ( ) ¾ to be understood as the following sequence of numbers ¼ ¼ ¼ ¾ ¼ ¾ Does this make sense? Does this sequence converge (to a real number)? We need to compute a bit more to answer this question.
8 CHAPTER 2. CONTINUED FRACTIONS 2.3 Eulers rule and corollaries The above sequence of (honest) fractions are called convergents for the continued fraction in ( ). What are the fractions? Before we compute them let us make a subtle observation.denote the numerator of the Ò-th convergent of a continued fraction Ü Ü ¾ Ü by Ü Ü ¾ Ü Ò. Then the Ò-th convergent is Therefore Using this we get Ü Ü ¾ Ü Ò Ü ¾ Ü Ò Ü Ü Ü Ò Ü ¾ Ü Ò Ü Ü ¾ Ü Ò Ü Ü ¾ Ü Ò Ü Ü Ò Ü Ü Ü Ü ¾ Ü Ü ¾ Ü Ü ¾ Ü Ü Ü ¾ Ü Ü Ü Ü Ü ¾ Ü Ü Ü Ü ¾ Ü Ü Ü Ü Ü ¾ Ü Ü Ü ¾ Ü Ü ¾ Ü Ü Ü Ü Ü ¾ Ü Ü Ü Ü Ü Ü Ü Ü Ü Ü Ü ¾ Ü Ü Ü ¾ Ü Ü Ü Notice that Ü Ü ¾ Ü Ü Ü Ü Ü Ü Ü ¾ Ü. This is a very pleasant surprise and it holds in general! In fact we have the following result. Proposition 2.3.1 (Eulers rule) Ü Ü ¾ Ü Ò is a sum of terms constructed from Ü Ü ¾ Ü Ò by first deleting ¼ consecutive variables, then deleting ¾ consecutive variables, then and so on. Proof. Follows by induction using Ü Ü ¾ Ü Ò Ü Ü ¾ Ü Ò Ü Ü Ò Corollary 2.3.2 Ü Ü ¾ Ü Ò Ü Ò Ü Ò Ü Corollary 2.3.3 ¼ Ò Ò ¼ Ò ¼ Ò ¾ Exercise 2.3.4 Write the continued fraction for a fraction ÙÚ, where Ù Ú ¼ as ¼ Ò ¾ Ò, where Ù Úµ. Conclude that if the Euclidean algorithm requires precisely Ò steps for Ù and
2.3. EULERS RULE AND COROLLARIES 9 Ú, then Ù Ò ¾ and Ú Ò, where Ò denotes the Ò-th Fibonacci number. Here is the list of the first few Fibonacci numbers ¾ ¾ How many steps of the Euclidean algorithm do Ù Ò ¾ and Ú Ò take? If we denote the numerator and denominator of the Ò-th convergent Ò and Ø Ò respectively, then we have the inductive formula Ò Ò Ò Ò ¾ Ø Ò Ò Ø Ò Ø Ò ¾ where we put ¾ ¼ Ø ¾ Ø ¼. Remark 2.3.5 The sequence of denominators Ø Ò µ is a strictly increasing sequence of natural numbers. Example 2.3.6 Here is the beginning of the continued fraction for ¾. -2-1 0 1 2 3 4 5 1 2 2 2 2 2 0 1 1 3 7 17 41 99 Ø 1 0 1 2 5 12 29 70 Example 2.3.7 Here are the first convergents in the continued fraction for (cf. Example 2.1.2). -2-1 0 1 2 3 3 7 15 1 0 1 3 22 333 355 Ø 1 0 1 7 106 113 We recognize in particular ¾¾ as the archimedian approximation to. Less known is, which is a much better approximation. In fact whereas ¾. ¾ Proposition 2.3.8 Ò Ø Ò Ò Ø Ò µ Ò The numerator Ò and denominator Ø Ò in a convergent Ò Ø Ò are relatively prime integers.
10 CHAPTER 2. CONTINUED FRACTIONS Proof. Write Ò Ò Ò Ò and Ø Ò Ò Ø Ò Ø Ò. Then Ò Ø Ò Ò Ø Ò Ò Ò Ø Ò Ø Ò µ Ò Ò Ò µø Ò Ò Ø Ò Ò Ø Ò µ and the result follows by induction. Notice that ¾Ø Ø ¾. Corollary 2.3.9 We have the following inequalities ¼ Ø ¼ ¼ Ø ¼ Ø ¾ Ø ¾ Ø Ø ¾ Ø ¾ Ø Ø The even convergents form an increasing sequence bounded above by Ø and the odd convergents form a decreasing sequence bounded below by ¼ Ø ¼. By elementary real analysis both sequences ¾Ò Ø ¾Ò µ and ¾Ò Ø ¾Ò µ have a limit. In fact they converge to the same number. This is a result of the following computation. Lemma 2.3.10 Proof. Ò Ø Ò Ò Ø Ò Ò Ø Ò Ø ¾ Ò Ò ÒØ Ò Ø Ò Ò Ø Ò Ø Ò Ø Ò Ø ¾ Ò by Proposition 2.3.8 and since Ø Ò is an increasing sequence of natural numbers. 2.4 Continued fraction for a real number We pose a very relevant question. When we do the continued fraction algorithm for a real number, we get a continued fraction. What does this continued fraction have to do with? The answer is that the convergents (surprise!) converge to. Here is how to prove this. Consider the continued fraction algorithm for after Ò steps ¼ ¾ Ò Ò
2.5. QUADRATIC IRRATIONALITIES 11 This means that ¼ Ò Ò Ò Ò. Similarly to Lemma 2.3.10, we get the following result showing that the convergents really do converge to. Proposition 2.4.1 Proof. We may write Ò Ø Ò Ø ¾ Ò Ò Ò Ò Ò Ø Ò Ø Ò where Ò ¼. Using this, a small computation shows what we want. 2.5 Quadratic irrationalities A quadratic irrationality «is a non rational real root in a quadratic equation where ¾. Ü ¾ Ü ¼ ( ) Definition 2.5.1 If «is a quadratic irrationality, which is a root of ( ), then we let «¼ denote the other root of ( ). The other root is called the (algebraic) conjugate of «. Proposition 2.5.2 Let «be a quadratic irrationality and Õ ¾ an integer. Then i) «is a quadratic irrationality. ii) «Õ is a quadratic irrationality. iii) «Õµ ¼ «¼ Õ and «µ ¼ «¼. Proof. Exercise. The above proposition shows that if «is a quadratic irrationality and «Õ «where Õ «, then «is also a quadratic irrationality. In other words: all the steps in the continued fraction algorithm produce quadratic irrationalities when starting out with one. If «is a quadratic irrationality, then «È É
12 CHAPTER 2. CONTINUED FRACTIONS for È É ¾, where ¼. To carry out the first step in the continued fraction algorithm, first observe that Exercise 2.5.3 Prove this! È «É So if we have a good algorithm (we do) for finding the floor of the square root of an integer we are all set. Let us analyze the inversion step in the continued fraction algorithm. Here È È É È ¾ Notice that É È ¾, since È ¾ and É ¾, where «¾ «¼ and ¾. These observations give a very explicit integer algorithm for computing the continued fraction of a quadratic irrationality. But we are not satisfied! We will dive into the mind blowing theory of continued fractions in the 19th century proving a beautiful result of Galois. É 2.5.1 Purely periodic continued fractions Definition 2.5.4 A quadratic irrationality «is called reduced if i) «ii) «¼ ¼ Example 2.5.5 ¾ is not reduced since ¾µ ¼ ¾. But ¾ is reduced as ¾µ ¼ ¾. In general Õ ¼ Æ is reduced where Õ ¼ Æ. A continued fraction of the form ¼ Ò ¼ is called purely periodic. Example 2.5.6 Consider the real number ³ given by the simplest purely periodic continued fraction ³
2.5. QUADRATIC IRRATIONALITIES 13 Then ³ ³ Therefore ³¾ ³ ¼and ³ ¾ Some will recognize the part as the golden ratio. The golden ratio is a reduced quadratic irrational. Lemma 2.5.7 If «is a reduced quadratic irrationality and «Õ ¼ «where Õ ¼ «. Then «is a reduced quadratic irrationality. Proof. Exercise. Theorem 2.5.8 (Galois) ¾ Ê has a purely periodic continued fraction if and only if is a reduced quadratic irrational. Proof. Suppose that ¾ Ê has a purely periodic continued fraction. This means that ¼ ¾ Ò for some Ò. Then Ò Ò Ø Ò Ø Ò and must be a quadratic irrationality, since Ø Ò ¾ Ø Ò Ò µ Ò ¼ But why is it reduced? This is tricky. In fact one has to pull out a genuine trick to solve this. Consider the number given by reversing the period of : Ò Ò Ò ¾ ¼
14 CHAPTER 2. CONTINUED FRACTIONS Then ¼ Ò ¼ Ò ¼ Ò Ø Ò Ò Ø Ò Ò ¼ Ò Ò ¼ Ò and Ò ¾ Ø Ò Ò µ Ø Ò ¼ This shows that ¼, so that ¼ ¼. We have proved that a purely periodic continued fraction describes a reduced quadratic irrational. Let us prove the other way. Suppose that is a reduced quadratic irrational. Then È É Ò È ¼ É We may conclude first that É ¼ (consider important boundedness conditions ¼ ), then È ¼ and the i) È ii) ɾ on È and É by using that is reduced. Let us run through one step of the continued fraction algorithm. First let Õ. Then Õ È ÕÉ É Next step is to compute the reduced (recall Lemma 2.5.7) quadratic irrationality È ÕÉ É É È ÕÉ É È Õɵ µ È Õɵ ¾ So putting È ÕÉ È and É È ¾ µé we get È É Now we continue the algorithm with. Since there are only finitely many possibilities for È and É (there are only finitely many pairs È Éµ of natural numbers satisfying È É ¾ ), we will eventually run into a repetition Ñ Ò for ÑÒ. We will prove that this implies Ñ Ò. This
2.6. THE CONTINUED FRACTION FOR Æ 15 leads to the purely periodic continued fraction ¼ Ò Ñ ¼. In the Ò-th step of the continued fraction algorithm we have This implies that Ò Ò Ò ¼ Ò Ò, since Ò ¼ Ò Ò. So if Ñ Ò, we get Ñ Ò and therefore that Ñ Ò. This finally shows that a reduced quadratic irrationality has a purely periodic continued fraction. 2.6 The continued fraction for Æ Example 2.6.1 With enough patience one can compute that ¾ ¾ ¾ ¾ ¾ ¾ The example shows a pattern in the continued fraction for the square root. It seems that it repeats itself after encountering ¾ ¼. It also seems to be symmetric around a middle. This is no coincidence: Theorem 2.6.2 Let Æ be a natural number, which is not a square. Then where Õ Õ Ò Õ ¾ Õ Ò Æ Õ¼ Õ Õ Ò ¾Õ ¼ Õ Proof. Let Õ ¼ Æ. Then we know that Õ¼ Æ has a purely periodic continued fraction by Theorem 2.5.8. Thus Æ Õ ¼ ¾Õ ¼ Õ Õ Ò ¾Õ ¼ Õ. This proves the first statement. Consider now the conjugate Æ Õ¼ of Æ Õ¼. Then Æ Õ¼ Õ Ò Õ Ò Õ ¾Õ ¼ Õ Ò
16 CHAPTER 2. CONTINUED FRACTIONS This implies that Æ Õ¼ Õ Ò Õ Ò Õ ¾Õ ¼ Õ Ò By uniqueness of the continued fraction for Æ we get Õ Õ Ò, Õ ¾ Õ Ò. 2.7 A few words on Pells equation This is the diophantine equation Ü ¾ ÆÝ ¾ ( ) where Æ is a natural number, which is not a square. It would be a shame not to mention the elegant way of giving integer solutions to ( ) using the continued fraction expansion of Æ. Using the notation of Theorem 2.6.2, we get (in the usual way) Õ ¼ Æ µ Ò Ò Æ Õ ¼ Æ µøò Ø Ò Multiplying this out leads to Now Ò ÆØ Ò Õ ¼ Ò Ø Ò Ò Õ ¼ Ø Ò Ò Ø Ò Ò Ø Ò ÆØ Ò Õ ¼ Ò µø Ò Ò Ò Õ ¼ Ø Ò µæø ¾ Ò ¾ Ò We conclude that ¾ Ò Æؾ Ò Ò Ø Ò Ò Ø Ò µ µ Ò µ Ò Example 2.7.1 Consider the equation Ü ¾ Ý ¾. To find an integer solution we consider the continued fraction expansion for : ¾ ¾ ¾ ¾ and compute the convergents -2-1 0 1 2 3 4 5 6 4 2 1 3 1 2 8 0 1 4 9 13 48 61 170 1421 Ø 1 0 1 2 3 11 14 39 326 One checks that ¼ ¾ ¾
Chapter 3 Exercises 3.1 In class 1. Compute the continued fraction expansion of. 2. Write down the exact steps in an integer algorithm for computing the continued fraction expansion of Æ. 3. Compute the continued fraction expansions of and. 4. Find an integer solution to the equation Ü ¾ Ý ¾. 3.2 Homework 1. Solve all exercises in chapters and ¾ (don t forget the proofs). 2. Invent an integer algorithm to compute the continued fraction expansion for ¾. Compute the first ¼¼ q s in the continued fraction. The sad state of affairs in mathematics is that it is unknown even if the q s are bounded. 1 1 Do this exercise if you have time to spare. 17
18 CHAPTER 3. EXERCISES
Bibliography [1] C. Pomerance, A tale of two sieves, Notices of the American Mathematical Society 43 (1996), 1473 1485. 19