On polynomial selection for the general number field sieve

The general number field sieve (GNFS) is the asymptotically fastest algorithm for factoring large integers. Its runtime depends on a good choice of a polynomial pair. In this article we present an improvement of the polynomial selection method of Montgomery and Murphy which has been used in recent GNFS records. 1. The polynomial selection method of Montgomery and Murphy In this section we briefly discuss the problem of polynomial selection for GNFS. We also sketch the polynomial selection method of Montgomery and Murphy. The first step in GNFS (see [3]) for factoring an integer N consists in the choice of two coprime polynomials f1 and f2 sharing a common root modulo N . If we denote the corresponding homogenized polynomials by F1, resp. F2, the next (and most time consuming) step in GNFS consists in finding many pairs (a, b) ∈ Z of coprime integers for which both values Fi(a, b), i = 1, 2, are products of primes below some smoothness bounds Bi, i = 1, 2 (we will refer to these pairs as sieve reports). This is usually done by a sieving procedure which identifies (most of) these pairs in some region A ⊂ Z. In the case of line sieving A is of the form [−A,A]× [1, B] ∩ Z for some A and B. For lattice sieving the form of this region is more complicated, but we could use a rectangle as above as an approximation. The sieving region A and the smoothness bounds Bi, i = 1, 2, are chosen such that one finds approximately π(B1) + π(B2) sieve reports (π(x) denotes the number of primes below x). The time spent for sieving mainly depends on the size of the region A, i.e., 2AB. So we are left with two problems for the polynomial selection phase: how to find such polynomial pairs and, having found more than one, how to select a polynomial pair which minimizes sieving time. Both problems are addressed in several articles ([4], [5], [6]). We give a short description of the results of these articles. Let ρ(x) be Dickman’s function which roughly is the probability that the largest prime factor of a natural number n is at most n 1 x . A first approximation for the number of sieve reports is given by 6 π2 ∫ A ρ ( log(F1(x, y)) log(B1) ) ρ ( log(F2(x, y)) log(B2) ) dxdy Received by the editor December 22, 2004 and, in revised form, June 22, 2005. 2000 Mathematics Subject Classification. Primary 11Y05, 11Y16.