'\" t .\" Title: ECM .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 11/03/2023 .\" Manual: April 22, 2003 .\" Source: April 22, 2003 .\" Language: English .\" .TH "ECM" "1" "11/03/2023" "April 22, 2003" "April 22, 2003" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ecm \- integer factorization using ECM, P\-1 or P+1 .SH "SYNOPSIS" .HP \w'\fBecm\fR\ 'u \fBecm\fR [\fBoptions\fR] \fIB1\fR [\fIB2min\fR\-\fIB2max\fR | \fIB2\fR] .br .SH "DESCRIPTION" .PP ecm is an integer factoring program using the Elliptic Curve Method (ECM), the P\-1 method, or the P+1 method\&. The following sections describe parameters relevant to these algorithms\&. .SH "STEP 1 AND STEP 2 BOUND PARAMETERS" .PP \fB\fIB1\fR\fR .RS 4 \fIB1\fR is the step 1 bound\&. It is a mandatory parameter\&. It can be given either in integer format (for example 3000000) or in floating\-point format (3000000\&.0 or 3e6)\&. The largest possible \fIB1\fR value is 9007199254740996 for P\-1, and ULONG_MAX or 9007199254740996 (whichever is smaller) for ECM and P+1\&. All primes 2 <= p <= \fIB1\fR are processed in step 1\&. .RE .PP \fB\fIB2\fR\fR .RS 4 \fIB2\fR is the step 2 bound\&. It is optional: if omitted, a default value is computed from \fIB1\fR, which should be close to optimal\&. Like \fIB1\fR, it can be given either in integer or in floating\-point format\&. The largest possible value of \fIB2\fR is approximately 9e23, but depends on the number of blocks \fIk\fR if you specify the \fB\-k\fR option\&. All primes \fIB1\fR <= p <= \fIB2\fR are processed in step 2\&. If \fIB2\fR < \fIB1\fR, no step 2 is performed\&. .RE .PP \fB\fIB2min\fR\fR\fB\-\fR\fB\fIB2max\fR\fR .RS 4 alternatively one may use the \fIB2min\fR\-\fIB2max\fR form, which means that all primes \fIB2min\fR <= p <= \fIB2max\fR should be processed\&. Thus specifying \fIB2\fR only corresponds to \fIB1\fR\-\fIB2\fR\&. The values of \fIB2min\fR and \fIB2max\fR may be arbitrarily large, but their difference must not exceed approximately 9e23, subject to the number of blocks \fIk\fR\&. .RE .SH "FACTORING METHOD" .PP \fB\-pm1\fR .RS 4 Perform P\-1 instead of the default method (ECM)\&. .RE .PP \fB\-pp1\fR .RS 4 Perform P+1 instead of the default method (ECM)\&. .RE .SH "GROUP AND INITIAL POINT PARAMETERS" .PP \fB\-x0 \fR\fB\fIx\fR\fR .RS 4 [ECM, P\-1, P+1] Use \fIx\fR (arbitrary\-precision integer or rational) as initial point\&. For example, \fB\-x0 1/3\fR is valid\&. If not given, \fIx\fR is generated from the sigma value for ECM, or at random for P\-1 and P+1\&. .RE .PP \fB\-sigma \fR\fB\fIs\fR\fR .RS 4 [ECM] Use \fIs\fR (arbitrary\-precision integer) as curve generator\&. If omitted, \fIs\fR is generated at random\&. .RE .PP \fB\-A \fR\fB\fIa\fR\fR .RS 4 [ECM] Use \fIa\fR (arbitrary\-precision integer) as curve parameter\&. If omitted, is it generated from the sigma value\&. .RE .PP \fB\-go \fR\fB\fIval\fR\fR .RS 4 [ECM, P\-1, P+1] Multiply the initial point by \fIval\fR, which can any valid expression, possibly containing the special character N as place holder for the current input number\&. Example: .sp .if n \{\ .RS 4 .\} .nf ecm \-pp1 \-go "N^2\-1" 1e6 < composite2000 .fi .if n \{\ .RE .\} .sp .RE .SH "STEP 2 PARAMETERS" .PP \fB\-k \fR\fB\fIk\fR\fR .RS 4 [ECM, P\-1, P+1] Perform \fIk\fR blocks in step 2\&. For a given \fIB2\fR value, increasing \fIk\fR decreases the memory usage of step 2, at the expense of more cpu time\&. .RE .PP \fB\-treefile \fR\fB\fIfile\fR\fR .RS 4 Stores some tables of data in disk files to reduce the amount of memory occupied in step 2, at the expense of disk I/O\&. Data will be written to files \fIfile\fR\&.1, \fIfile\fR\&.2 etc\&. Does not work with fast stage 2 for P+1 and P\-1\&. .RE .PP \fB\-power \fR\fB\fIn\fR\fR .RS 4 [ECM] Use x^\fIn\fR for Brent\-Suyama\*(Aqs extension (\fB\-power 1\fR disables Brent\-Suyama\*(Aqs extension)\&. The default polynomial is chosen depending on the method and B2\&. .RE .PP \fB\-dickson \fR\fB\fIn\fR\fR .RS 4 [ECM] Use degree\-\fIn\fR Dickson\*(Aqs polynomial for Brent\-Suyama\*(Aqs extension\&. .RE .PP \fB\-maxmem \fR\fB\fIn\fR\fR .RS 4 Use at most \fIn\fR megabytes of memory in stage 2\&. .RE .PP \fB\-ntt\fR, \fB\-no\-ntt\fR .RS 4 Enable or disable the Number\-Theoretic Transform code for polynomial arithmetic in stage 2\&. With NTT, dF is chosen to be a power of 2, and is limited by the number suitable primes that fit in a machine word (which is a limitation only on 32 bit systems)\&. The \-no\-ntt variant uses more memory, but is faster than NTT with large input numbers\&. By default, NTT is used for P\-1, P+1 and for ECM on numbers of size at most 30 machine words\&. .RE .SH "OUTPUT" .PP \fB\-q\fR .RS 4 Quiet mode\&. Found factorizations are printed on standard output, with factors separated by white spaces, one line per input number (if no factor was found, the input number is simply copied)\&. .RE .PP \fB\-v\fR .RS 4 Verbose mode\&. More information is printed, more \fB\-v\fR options increase verbosity\&. With one \fB\-v\fR, the kind of modular multiplication used, initial x0 value, step 2 parameters and progress, and expected curves and time to find factors of different sizes for ECM are printed\&. With \fB\-v \-v\fR, the A value for ECM and residues at the end of step 1 and step 2 are printed\&. More \fB\-v\fR print internal data for debugging\&. .RE .PP \fB\-timestamp\fR .RS 4 Print a time stamp whenever a new ECM curve or P+1 or P\-1 run is processed\&. .RE .SH "MODULAR ARITHMETIC OPTIONS" .PP Several algorithms are available for modular multiplication\&. The program tries to find the best one for each input; one can force a given method with the following options\&. .PP \fB\-mpzmod\fR .RS 4 Use GMP\*(Aqs mpz_mod function (sub\-quadratic for large inputs, but induces some overhead for small ones)\&. .RE .PP \fB\-modmuln\fR .RS 4 Use Montgomery\*(Aqs multiplication (quadratic version)\&. Usually best method for small input\&. .RE .PP \fB\-redc\fR .RS 4 Use Montgomery\*(Aqs multiplication (sub\-quadratic version)\&. Theoretically optimal for large input\&. .RE .PP \fB\-nobase2\fR .RS 4 Disable special base\-2 code (which is used when the input number is a large factor of 2^n+1 or 2^n\-1, see \fB\-v\fR)\&. .RE .PP \fB\-base2\fR \fIn\fR .RS 4 Force use of special base\-2 code, input number must divide 2^\fIn\fR+1 if \fIn\fR > 0, or 2^|\fIn\fR|\-1 if \fIn\fR < 0\&. .RE .SH "FILE I/O" .PP The following options enable one to perform step 1 and step 2 separately, either on different machines, at different times, or using different software (in particular, George Woltman\*(Aqs Prime95/mprime program can produce step 1 output suitable for resuming with GMP\-ECM)\&. It can also be useful to split step 2 into several runs, using the \fIB2min\-B2max\fR option\&. .PP \fB\-inp \fR\fB\fIfile\fR\fR .RS 4 Take input from file \fIfile\fR instead of from standard input\&. .RE .PP \fB\-save \fR\fB\fIfile\fR\fR .RS 4 Save result of step 1 in \fIfile\fR\&. If \fIfile\fR exists, an error is raised\&. Example: to perform only step 1 with \fIB1\fR=1000000 on the composite number in the file "c155" and save its result in file "foo", use .sp .if n \{\ .RS 4 .\} .nf ecm \-save foo 1e6 1 < c155 .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-savea \fR\fB\fIfile\fR\fR .RS 4 Like \fB\-save\fR, but appends to existing files\&. .RE .PP \fB\-resume \fR\fB\fIfile\fR\fR .RS 4 Resume residues from \fIfile\fR, reads from standard input if \fIfile\fR is "\-"\&. Example: to perform step 2 following the above step 1 computation, use .sp .if n \{\ .RS 4 .\} .nf ecm \-resume foo 1e6 .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-chkpoint \fR\fB\fIfile\fR\fR .RS 4 Periodically write the current residue in stage 1 to \fIfile\fR\&. In case of a power failure, etc\&., the computation can be continued with the \fB\-resume\fR option\&. .sp .if n \{\ .RS 4 .\} .nf ecm \-chkpnt foo \-pm1 1e10 < largenumber\&.txt .fi .if n \{\ .RE .\} .sp .RE .SH "LOOP MODE" .PP The \(lqloop mode\(rq (option \fB\-c \fR\fB\fIn\fR\fR) enables one to run several curves on each input number\&. The following options control its behavior\&. .PP \fB\-c \fR\fB\fIn\fR\fR .RS 4 Perform \fIn\fR runs on each input number (default is one)\&. This option is mainly useful for P+1 (for example with \fIn\fR=3) or for ECM, where \fIn\fR could be set to the expected number of curves to find a d\-digit factor with a given step 1 bound\&. This option is incompatible with \fB\-resume, \-sigma, \-x0\fR\&. Giving \fB\-c 0\fR produces an infinite loop until a factor is found\&. .RE .PP \fB\-one\fR .RS 4 In loop mode, stop when a factor is found; the default is to continue until the cofactor is prime or the specified number of runs are done\&. .RE .PP \fB\-b\fR .RS 4 Breadth\-first processing: in loop mode, run one curve for each input number, then a second curve for each one, and so on\&. This is the default mode with \fB\-inp\fR\&. .RE .PP \fB\-d\fR .RS 4 Depth\-first processing: in loop mode, run \fIn\fR curves for the first number, then \fIn\fR curves for the second one and so on\&. This is the default mode with standard input\&. .RE .PP \fB\-ve \fR\fB\fIn\fR\fR .RS 4 In loop mode, in the second and following runs, output only expressions that have at most \fIn\fR characters\&. Default is \fB\-ve 0\fR\&. .RE .PP \fB\-i \fR\fB\fIn\fR\fR .RS 4 In loop mode, increment \fIB1\fR by \fIn\fR after each curve\&. .RE .PP \fB\-I \fR\fB\fIn\fR\fR .RS 4 In loop mode, multiply \fIB1\fR by a factor depending on \fIn\fR after each curve\&. Default is one which should be optimal on one machine, while \fB\-I 10\fR could be used when trying to factor the same number simultaneously on 10 identical machines\&. .RE .SH "SHELL COMMAND EXECUTION" .PP These optins allow for executing shell commands to supplement functionality to GMP\-ECM\&. .PP \fB\-prpcmd \fR\fB\fIcmd\fR\fR .RS 4 Execute command \fIcmd\fR to test primality if factors and cofactors instead of GMP\-ECM\*(Aqs own functions\&. The number to test is passed via stdin\&. An exit code of 0 is interpreted as \(lqprobably prime\(rq, a non\-zero exit code as \(lqcomposite\(rq\&. .RE .PP \fB\-faccmd \fR\fB\fIcmd\fR\fR .RS 4 Executes command \fIcmd\fR whenever a factor is found by P\-1, P+1 or ECM\&. The input number, factor and cofactor are passed via stdin, each on a line\&. This could be used i\&.e\&. to mail new factors automatically: .sp .if n \{\ .RS 4 .\} .nf ecm \-faccmd \*(Aqmail \-s \(lq$HOSTNAME found a factor\(rq me@myaddress\&.com\*(Aq 11e6 < cunningham\&.in .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-idlecmd \fR\fB\fIcmd\fR\fR .RS 4 Executes command \fIcmd\fR before each ECM curve, P\-1 or P+1 attempt on a number is started\&. If the exit status of \fIcmd\fR is non\-zero, GMP\-ECM terminates immediately, otherwise it continues normally\&. GMP\-ECM is stopped while \fIcmd\fR runs, offering a way for letting GMP\-ECM sleep for example while the system is otherwise busy\&. .RE .SH "MISCELLANEOUS" .PP \fB\-n\fR .RS 4 Run the program in \(lqnice\(rq mode (below normal priority)\&. .RE .PP \fB\-nn\fR .RS 4 Run the program in \(lqvery nice\(rq mode (idle priority)\&. .RE .PP \fB\-B2scale \fR\fB\fIf\fR\fR .RS 4 Multiply the default step 2 bound \fIB2\fR by the floating\-point value \fIf\fR\&. Example: \fB\-B2scale 0\&.5\fR divides the default \fIB2\fR by 2\&. .RE .PP \fB\-stage1time \fR\fB\fIn\fR\fR .RS 4 Add \fIn\fR seconds to stage 1 time\&. This is useful to get correct expected time with \fI\-v\fR if part of stage 1 was done in another run\&. .RE .PP \fB\-cofdec\fR .RS 4 Force cofactor output in decimal (even if expressions are used)\&. .RE .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Display a short description of ecm usage, parameters and command line options\&. .RE .PP \fB\-printconfig\fR .RS 4 Prints configuration parameters used for the compilation and exits\&. .RE .SH "INPUT SYNTAX" .PP The input numbers can have several forms: .PP Raw decimal numbers like 123456789\&. .PP Comments can be placed in the file: everything after \(lq//\(rq is ignored, up to the end of line\&. .PP Line continuation\&. If a line ends with a backslash character \(lq\e\(rq, it is considered to continue on the next line\&. .PP Common arithmetic expressions can be used\&. Example: \fI3*5+(2+7)^10\fR\&. .PP Factorial: example \fI53!\fR\&. .PP Multi\-factorial: example \fI15!3\fR means 15*12*9*6*3\&. .PP Primorial: example \fI11#\fR means 2*3*5*7*11\&. .PP Reduced primorial: example \fI17#5\fR means 5*7*11*13*17\&. .PP Functions: .PP GCD(a,b): Greatest common divisor .RS 4 example GCD(120,28) = 4 .RE .PP Phi(n,x): n\-th Cyclotomic Polynomial evaluated at x .RS 4 example Phi(3,5) = 1 + x + x^2 = 31 .RE .SH "EXIT STATUS" .PP The exit status reflects the result of the last ECM curve or P\-1/P+1 attempt the program performed\&. Individual bits signify particular events, specifically: .PP Bit 0 .RS 4 0 if normal program termination, 1 if error occurred .RE .PP Bit 1 .RS 4 0 if no proper factor was found, 1 otherwise .RE .PP Bit 2 .RS 4 0 if factor is composite, 1 if factor is a probable prime .RE .PP Bit 3 .RS 4 0 if cofactor is composite, 1 if cofactor is a probable prime .RE .PP Thus, the following exit status values may occur: .PP 0 .RS 4 Normal program termination, no factor found .RE .PP 1 .RS 4 Error .RE .PP 2 .RS 4 Composite factor found, cofactor is composite .RE .PP 6 .RS 4 Probable prime factor found, cofactor is composite .RE .PP 8 .RS 4 Input number found .RE .PP 10 .RS 4 Composite factor found, cofactor is a probable prime .RE .PP 14 .RS 4 Probable prime factor found, cofactor is a probable prime .RE .SH "BUGS" .PP Report bugs on \&. .SH "AUTHORS" .PP Pierrick Gaudry contributed efficient assembly code for combined mul/redc; .PP Jim Fougeron contributed the expression parser and several command\-line options; .PP Laurent Fousse contributed the middle product code, the autoconf/automake tools, and is the maintainer of the Debian package; .PP Alexander Kruppa <(lastname)al@loria\&.fr> contributed estimates for probability of success for ECM, the new P+1 and P\-1 stage 2 (with P\&.\-L\&. Montgomery), new AMD64 asm mulredc code, and some other things; .PP Dave Newman contributed the Kronecker\-Schoenhage and NTT multiplication code; .PP Jason S\&. Papadopoulos contributed a speedup of the NTT code .PP Paul Zimmermann is the author of the first version of the program and chief maintainer of GMP\-ECM\&. .PP Note: email addresses have been obscured, the required substitutions should be obvious\&.