In [4]:
from Crypto.Util.number import GCD as gcd
from Crypto.Util.number import sieve_base

# Prerequisites


- modular arithmetic
- divisibility
- gcd

# Theory 

Let $N = pq$ be the number we want to factor with $p,q$ prime. Then if $p-1$ is divisible by small primes we can efficiently factor $N$

The essential observation is that, by working in the multiplicative group modulo a composite number $N$, we are also working in the multiplicative groups modulo all of $N$'s factors. 

- https://en.wikipedia.org/wiki/Pollard%27s_p_%E2%88%92_1_algorithm

From Fermat's little theorem:
$a^{p-1} \equiv 1 \bmod  p$ then $p$ divides $\gcd(a^{p-1}-1, N)$

*Idea*:
- Since we don't know $p$ we choose some $k$ = product of powers of small primes and compute $\gcd(a^{k-1}-1, N)$
- If $p-1 | k$ then $p | a^k-1 => \gcd(a^{k-1}-1, N) \geq p >1$ 
    - $\gcd(a^{k-1}-1, N) = 1$ we choose a larger $k$
    - $\gcd(a^{k-1}-1, N) = N$ we choose another $a$
    - $\gcd(a^{k-1}-1, N) \neq N$ we found a factor on N
    


# Code

In [8]:
def pollard_factorization(n: int, bound: int, a: int = 2):
    """Pollard p-1 factorization

    Parameters
    ----------
    n : int
        Integer to be factored

    bound : int
        Upper bound for the search

    a : int, default = 2
        starting value
        
    Returns
    -------
    int or None
        a factor of n or None if none was found
    """
    # you can choose a to be other values
    for j in range(2, bound):
        a = pow(a, j, n)  # a^(n+1)! = a^(n! * (n+1))
        d = gcd(a - 1, n)
        if 1 < d and d < n:
            return d
    return None

In [9]:
n = 13927189
pollard_factorization(n, 15)

3823

In [10]:
n = 168441398857
pollard_factorization(n, 55)

350437