A Simple and Improved Algorithm for Integer Factorization with Implicit Hints

Given two integers N1 = p1q1 and N2 = p2q2 with α-bit primes q1, q2, suppose that the t least significant bits of p1 and p2 are equal. May and Ritzenhofen (PKC 2009) developed a factoring algorithm for N1, N2 when t ≥ 2α+3; Kurosawa and Ueda (IWSEC 2013) improved the bound to t ≥ 2α+ 1. In this paper, we propose a polynomial-time algorithm in a parameter κ, with an improved bound t = 2α−O(log κ); it is the first non-constant improvement of the bound. Both the construction and the proof of our algorithm are very simple; the worst-case complexity of our algorithm is evaluated by an easy argument, without any heuristic assumptions. We also give some computer experimental results showing the efficiency of our algorithm for concrete parameters, and discuss potential applications of our result to security evaluations of existing factoring-based primitives.