In [1]:
# Modular Exponentiation
# m is base, d is power, n is module
def mod_exp(m, d, n):
    x = 1
    while d:
        if d&1:
            x = x*m % n
        m = m * m % n
        d = d >> 1
    return x

### [Pohlig–Hellman algorithm](https://en.wikipedia.org/wiki/Pohlig%E2%80%93Hellman_algorithm#The_general_algorithm)
The following function can only work for prime number $p$.

$n = 24389$, thus $\varphi(n) = n\left(1-\frac{1}{29}\right) = 29\times29\times28$.

In [140]:
# could only use for prime p
def poh_hell(a, b, fac, p):
    for q, r in fac:
        phi = p-1
        beta = b
        xi = p-1
        print("--- factor {}^{} ---".format(q, r))
        a_  = [mod_exp(a, int(k*(p-1)/q), p) for k in range(q)]
        # print(a_)
        
        for i in range(r):    # i from 0 to r-1
            phi = int(phi/q)
            beta = beta * mod_exp(a, p-1-xi, p) % p    # current beta
            b_  = mod_exp(beta, phi, p)
            
            # print("phi = {}, lhs = {}, beta = {}".format(phi ,b_, beta))
            
            for coef in range(q):
                # print(coef, a_[coef])
                if b_ == a_[coef]:
                    xi = coef * (q**i)    # this is for update beta.
                    print("x_{} = {}".format(i, coef))
                    break

In [159]:
#   a -- generator
# fac -- factorization of |G|
# var -- order of U(Z/pZ)

def poh_hell(a, b, fac, p, var):
    for q, r in fac:
        phi = var
        beta = b
        xi = var
        print("--- factor {}^{} ---".format(q, r))
        a_  = [mod_exp(a, int(k*(var)/q), p) for k in range(q)]
        # print(a_)
        
        for i in range(r):    # i from 0 to r-1
            phi = int(phi/q)
            beta = beta * mod_exp(a, var-xi, p) % p    # current beta
            b_  = mod_exp(beta, phi, p)
            
            # print("phi = {}, lhs = {}, beta = {}".format(phi ,b_, beta))
            
            for coef in range(q):
                if b_ == a_[coef]:
                    xi = coef * (q**i)    # this is for update beta.
                    print("x_{} = {}".format(i, coef))
                    break

In [164]:
poh_hell(3, 3344, [(2, 2), (7, 1), (29, 2)], 24389, 23548)

--- factor 2^2 ---
x_0 = 0
x_1 = 1
--- factor 7^1 ---
x_0 = 2
--- factor 29^2 ---
x_0 = 28
x_1 = 8


In [209]:
mod_exp(3, 18762, 24389)

3344

### Pollard-rho factorization algorithm

In [204]:
def gcd(a, b):
    if a<b:
        a, b = b, a
    def new(x, y):
        return x, y
    r0 = b
    r1 = a
    s0 = 0
    s1 = 1
    t0 = 1
    t1 = 0
    while r0:
        q = int(r1/r0)
        r1, r0 = new(r0, r1 - q * r0)
        s1, s0 = new(s0, s1 - q * s0)
        t1, t0 = new(t0, t1 - q * t0)
    return r1

In [205]:
# since I am too lazy to define a function parameter, set default f(x) = x^2 + 1

def poll_rho(n):
    def f(x):
        return (x*x+1)%n
    a = 2
    b = 2
    d = 1
    while d==1:
        a = f(a)
        b = f(f(b))
        print(a, b)
        d = gcd((a-b)%n, n)
    print(a, b)
    print(d)
    if d==n:
        return -1
    else:
        return d

In [208]:
poll_rho(1432341231234235121231928371982374918237918273918371012983719283719834619832398192380909809)

5 26
26 458330
677 44127887745906175987802
458330 927179847797455840404378284063143440894396604410646558794295583278099014745544790563532408
210066388901 627638255183271368473851138879218734605536513913304944197454117806875031408688647419773562
44127887745906175987802 162954118596693717194122948119638099000293305018310214093344581827750651662283317603655001
44127887745906175987802 162954118596693717194122948119638099000293305018310214093344581827750651662283317603655001
53


53