Representing the Integer Factorization Problem Using Ordered Binary Decision Diagrams

Abstract

A method is given to reduce the problem of finding a nontrivial factorization of a positive integer \(\alpha \), greater than one, to the problem of finding a solution to a system of Boolean equations, that is, a system of equations such that each equation is of the form \(f=g\) where f and g are Boolean functions, meaning \(\{0,1\}\)-valued functions in zero or more Boolean (\(\{0,1\}\)-valued) variables. Our system is obtained by applying a sequence of reductions to an initial system of equations of the form

$$\begin{aligned} \{f_i(\vec {x},\vec {y}) = \alpha _i \mid i \in \{0, \dots , 2n\} \} \end{aligned}$$

where for each i \(f_i(\vec {x},\vec {y})=f_i(x_0,\dots ,x_n,y_0,\dots ,y_n)\) gives the coefficient of \(2^i\) in the binary expansion of

$$\begin{aligned} (x_0+2x_1+\dots +2^{n}x_n)(y_0+2y_1+\dots +2^{n}y_n), \end{aligned}$$

\(\alpha _i\) gives the coefficient of \(2^i\) in the binary expansion of \(\alpha \), and \(x_i\) and \(y_i\) are \(\{0,1\}\)-valued variables. That is, the initial system represents a binary multiplier whose output bits have been set equal to the bits of \(\alpha \). It is shown that each Boolean function in our reduced system, that is, each Boolean function

$$\begin{aligned} (g-h)~ {\text {mod}} 2 = {\left\{ \begin{array}{ll} 0 &{} \iff g=h \\ 1 &{} \iff g \ne h \end{array}\right. } \end{aligned}$$

such that \(g=h\) is an equation in the reduced system, can be represented by a type of graph called an ordered binary decision diagram (OBDD) with an upper bound on its number of vertices of \(\mathcal {O} \left( \log _2(\alpha /\log _2(\alpha )))^3 \right) \). Previous work has shown that the initial system has at least one Boolean function with an OBDD representation with number of vertices exponential in \(\log _2(\alpha )\).

Appendix: Proofs for Section 2 (Preliminaries)

Proposition 1 For all \(N \in \mathbb {Z}_{+}\), \(\alpha ,\beta \in \mathbb {N}\), and \(x,y \in \mathbb {Z}\)

1. (1)

   \((x \pm y) ~\text {mod}~ N = (x \pm (y ~\text {mod}~ N))~\text {mod}~ N\)

2. (2)

   \((xy) ~\text {mod}~ N = ((x ~\text {mod}~ N)y) ~\text {mod}~ N\)

3. (3)

   \((x ~\text {mod}~ (N^{\beta }) ) ~\text {mod}~ (N^{\alpha }) = x ~\text {mod}~ (N^{\min (\alpha ,\beta )})\)

4. (4)

   \((x \pm y) ~\text {div}~ N = ( (x \pm (y ~\text {mod}~ N)) ~\text {div}~ N ) \pm (y ~\text {div}~ N)\)

5. (5)

   \((xy) ~\text {div}~ N = (x ~\text {div}~ N)y+(((x ~\text {mod}~ N)y) ~\text {div}~ N)\)

6. (6)

   \(( x ~\text {div}~ (N^{\beta }) ) ~\text {div}~ (N^{\alpha }) = x ~\text {div}~ (N^{\alpha +\beta })\)

7. (7)

   \(x = N^{\beta }(x ~\text {div}~ (N^{\beta }))+\sum _{k=0}^{\beta - 1}((x ~\text {div}~ (N^k)) ~\text {mod}~ N)N^k\)

8. (8)

   If \(x,y \in \mathbb {Z}\) and \(x \le y\) then \(((x ~\text {div}~ N) \le (y ~\text {div}~ N))\).

9. (9)

   \((-1-x) ~\text {mod}~ N = N-1-(x ~\text {mod}~ N)\)

Additionally, if \(\alpha \le \beta \) then

$$ (x ~\text {mod}~ (N^{\beta })) ~\text {div}~ (N^{\alpha }) = (x ~\text {div}~ (N^{\alpha })) ~\text {mod}~ (N^{\beta -\alpha }). $$

Proof

For all \(w \in \mathbb {Z}\) \(w ~\text {mod}~ 1 = 0\) and \(w ~\text {div}~ 1 = w\). Thus if \(N=1\) then 1 through 9 hold.

Suppose that \(N>1\) is a positive integer, \(x,y \in \mathbb {Z}\), and \(\alpha ,\beta \in \mathbb {N}\). Statements 1 and 2 follow from the fact that congruence mod N respects addition, subtraction, and multiplication. If \(\alpha \le \beta \) then it follows from 1 and 2 that

$$\begin{aligned} (x ~\text {mod}~ (N^{\beta }) ) ~\text {mod}~ (N^{\alpha })&= ((x ~\text {mod}~ (N^{\beta })) + N^{\beta }(x ~\text {div}~ (N^{\beta }))) ~\text {mod}~ (N^{\alpha }) \\&= x ~\text {mod}~ (N^{\alpha }) \\&= x ~\text {mod}~ (N^{\min (\alpha ,\beta )}). \end{aligned}$$

If \(\alpha > \beta \) then since \(\{0,\dots ,N^{\beta }-1\} \subset \{0,\dots ,N^{\alpha }-1\}\),

$$\begin{aligned} (x ~\text {mod}~ (N^{\beta })) ~\text {mod}~ (N^{\alpha })&= x ~\text {mod}~ (N^{\beta }) \\&= x ~\text {mod}~ (N^{\min (\alpha ,\beta )}). \end{aligned}$$

Therefore 3 holds. To see that 4 holds, observe that

$$\begin{aligned} (x+y) ~\text {div}~ N&= \frac{x+y-((x+y) ~\text {mod}~ N)}{N} \\&= \frac{x+y-(y ~\text {mod}~ N)+(y ~\text {mod}~ N)-((x+(y ~\text {mod}~ N)) ~\text {mod}~ N)}{N} \\&= \frac{x+(y ~\text {mod}~ N)-((x+(y ~\text {mod}~ N)) ~\text {mod}~ N)}{N} + \frac{y-(y ~\text {mod}~ N)}{N} \\&= ((x+(y ~\text {mod}~ N)) ~\text {div}~ N) + (y ~\text {div}~ N) \end{aligned}$$

and

$$\begin{aligned} (x-y) ~\text {div}~ N&= \frac{x-y-((x-y) ~\text {mod}~ N)}{N} \\&= \frac{x-(y-(y ~\text {mod}~ N)+(y ~\text {mod}~ N))-((x-(y ~\text {mod}~ N)) ~\text {mod}~ N)}{N} \\&= \frac{x-(y ~\text {mod}~ N)-((x-(y ~\text {mod}~ N)) ~\text {mod}~ N)}{N}-\frac{y-(y ~\text {mod}~ N)}{N} \\&= ((x-(y ~\text {mod}~ N)) ~\text {div}~ N)-(y ~\text {div}~ N). \end{aligned}$$

The proof of 5 is another derivation similar to that for 4:

$$\begin{aligned} (xy) ~\text {div}~ N&= \frac{xy - ((xy) ~\text {mod}~ N)}{N} \\&= \frac{N(x ~\text {div}~ N)y + (x ~\text {mod}~ N)y - (((x ~\text {mod}~ N)y) ~\text {mod}~ N)}{N} \\&= (x ~\text {div}~ N)y + \frac{(x ~\text {mod}~ N)y - (((x ~\text {mod}~ N)y) ~\text {mod}~ N)}{N} \\&= (x ~\text {div}~ N)y+(((x ~\text {mod}~ N)y) ~\text {div}~ N). \end{aligned}$$

For the proof of 6 first observe that

$$\begin{aligned} x&= (x ~\text {mod}~ (N^{\beta })) + N^{\beta } (x ~\text {div}~ (N^{\beta })) \\&= (x ~\text {mod}~ (N^{\beta })) + N^{\beta } ((x ~\text {div}~ (N^{\beta })) ~\text {div}~ (N^{\alpha })) + N^{\beta + \alpha }((x ~\text {div}~ (N^{\beta })) ~\text {div}~ (N^{\alpha })). \end{aligned}$$

Therefore since

$$ (x ~\text {mod}~ (N^{\beta })) + N^{\beta } ((x ~\text {div}~ (N^{\beta })) ~\text {div}~ (N^{\alpha }) ) \le N^{\beta }-1 + N^{\beta }(N^{\alpha }-1) = N^{\beta + \alpha } - 1 $$

it follows that

$$ x ~\text {mod}~ (N^{\beta +\alpha }) = (x ~\text {mod}~ (N^{\beta })) + N^{\beta } ((x ~\text {div}~ (N^{\beta })) ~\text {mod}~ (N^{\alpha })). $$

And so

$$ (x ~\text {div}~ (N^{\beta })) ~\text {div}~ (N^{\alpha }) = x ~\text {div}~ (N^{\alpha +\beta }). $$

We use statement 6 to prove 7 by induction. For the base case observe

$$ x = (x ~\text {mod}~ N) + N(x ~\text {div}~ N). $$

For the inductive step, suppose that m is a positive integer and

$$ x = N^{m}(x ~\text {div}~ (N^{m}))+\sum _{k=0}^{m - 1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^{k}. $$

It follows that

$$\begin{aligned} x&= N^{m}(x ~\text {div}~ (N^{m}))+\sum _{k=0}^{m - 1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k \\&= N^{m}(N((x ~\text {div}~ (N^{m})) ~\text {div}~ N) + ((x ~\text {div}~ (N^{m}))) ~\text {mod}~ N)+\sum _{k=0}^{m - 1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k \\&= N^{m+1}(x ~\text {div}~ (N^{m+1}))) + N^{m}((x ~\text {div}~ (N^{m})) ~\text {mod}~ N)+\sum _{k=0}^{m - 1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k \\&= N^{m+1}(x ~\text {div}~ (N^{m+1}))) + \sum _{k=0}^{(m+1) - 1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k. \end{aligned}$$

Statement 8 follows immediately from the definition of \( ~\text {div}~ \) and the fact that \(w \mapsto \left\lfloor w/N \right\rfloor \) is an increasing function.

For statement 9, observe that for \(x \in \mathbb {Z}\) since \((x ~\text {mod}~ N) \in \{0,\dots ,N-1\}\), \(N-1-(x ~\text {mod}~ N) \in \{0,\dots ,N-1\}\), and so

$$ N-1-(x ~\text {mod}~ N) = (N-1-(x ~\text {mod}~ N)) ~\text {mod}~ N = (-1-x) ~\text {mod}~ N. $$

Now suppose that \(\alpha \le \beta \). It is evident from the preceding that for \(x \in \mathbb {Z}\)

$$ x = \sum _{k \ge 0}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k, $$

$$ x ~\text {mod}~ (N^{\alpha }) = \sum _{k=0}^{\alpha -1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k, $$

and

$$ x ~\text {div}~ (N^{\alpha }) = \sum _{k \ge \alpha }((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^{k - \alpha }. $$

A direct derivation gives

$$\begin{aligned} (x ~\text {mod}~ (N^{\beta })) ~\text {div}~ (N^{\alpha })&= \left( \sum _{k=0}^{\beta -1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^k \right) ~\text {div}~ (N^{\alpha }) \\&= \sum _{k=\alpha }^{\beta -1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^{k-\alpha } \\&= \sum _{k=0}^{\beta -\alpha -1}((x ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^{k} \\&= \sum _{k=0}^{\beta -\alpha -1}(((x ~\text {div}~ (N^{\alpha })) ~\text {div}~ (N^{k})) ~\text {mod}~ N)N^{k} \\&= (x ~\text {div}~ (N^{\alpha })) ~\text {mod}~ (N^{\beta -\alpha }). \end{aligned}$$

\(\square \)