# Order finding

Factoring an integer $n$ can be reduced to finding the period of the *modular exponential function* (to be defined). Finding this period can be accomplished (with high probability) by finding the *order* of a randomly chosen element of the multiplicative group modulo $n$.

Let $n$ be a positive integer and $$ Z_n = \{ x \in \Z_{+} : x < n \text{ and } gcd(x,n) = 1 \} $$ be the multiplicative group modulo $n$. Given $ x \in Z $, compute the smallest positive integer $r$ such that $x^r \text{ mod } n = 1$.

In [1]:
"""Imports for the notebook."""
import fractions
import math
import random

import numpy as np
import sympy
from typing import Callable, List, Optional, Sequence, Union

In [2]:
"""Function to compute the elements of Z_n."""
def multiplicative_group(n: int) -> List[int]:
    """Returns the multiplicative group modulo n.

    Args:
        n: Modulus of the multiplicative group.
    """
    assert n > 1
    group = [1]
    for x in range(2, n):
        if math.gcd(x, n) == 1:
            group.append(x)
    return group

In [3]:
"""Example of a multiplicative group."""
n = 21
print(f"The multiplicative group modulo n = {n} is:")
print(multiplicative_group(n))

The multiplicative group modulo n = 21 is:
[1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20]


# Classic order finding

In [4]:
"""Function for classically computing the order of an element of Z_n."""
def classical_order_finder(x: int, n: int) -> Optional[int]:
    """Computes smallest positive r such that x**r mod n == 1.

    Args:
        x: Integer whose order is to be computed, must be greater than one
           and belong to the multiplicative group of integers modulo n (which
           consists of positive integers relatively prime to n),
        n: Modulus of the multiplicative group.

    Returns:
        Smallest positive integer r such that x**r == 1 mod n.
        Always succeeds (and hence never returns None).

    Raises:
        ValueError when x is 1 or not an element of the multiplicative
        group of integers modulo n.
    """
    # Make sure x is both valid and in Z_n.
    if x < 2 or x >= n or math.gcd(x, n) > 1:
        raise ValueError(f"Invalid x={x} for modulus n={n}.")

    # Determine the order.
    r, y = 1, x
    while y != 1:
        y = (x * y) % n
        r += 1
    return r

In [5]:
"""Example of (classically) computing the order of an element."""
x = 2
r = classical_order_finder(x, n)

# Check that the order is indeed correct.
print(f"x^r mod n = {x}^{r} mod {n} = {x**r % n}")

x^r mod n = 2^6 mod 21 = 1


In [9]:
# Compute the non-trivial factor.
y = x**(r // 2) % n
assert 1 < y < n
q = math.gcd(y - 1, n)
p = math.gcd(y + 1, n)
if 1 < q < n and 1 < p < n :
    print(f'{p}*{q}={n}')

3*7=21
