1ECM(1) April 22, 2003 ECM(1)
2
6 ecm - integer factorization using ECM, P-1 or P+1
7
9 ecm [options] B1 [B2min-B2max | B2]
10
13 ecm is an integer factoring program using the Elliptic Curve Method
14 (ECM), the P-1 method, or the P+1 method. The following sections
15 describe parameters relevant to these algorithms.
16
18 B1
19 B1 is the step 1 bound. It is a mandatory parameter. It can be
20 given either in integer format (for example 3000000) or in
21 floating-point format (3000000.0 or 3e6). The largest possible B1
22 value is 9007199254740996 for P-1, and ULONG_MAX or
23 9007199254740996 (whichever is smaller) for ECM and P+1. All primes
24 2 <= p <= B1 are processed in step 1.
25 B2
27 B2 is the step 2 bound. It is optional: if omitted, a default value
28 is computed from B1, which should be close to optimal. Like B1, it
29 can be given either in integer or in floating-point format. The
30 largest possible value of B2 is approximately 9e23, but depends on
31 the number of blocks k if you specify the -k option. All primes B1
32 <= p <= B2 are processed in step 2. If B2 < B1, no step 2 is
33 performed.
34 B2min-B2max
36 alternatively one may use the B2min-B2max form, which means that
37 all primes B2min <= p <= B2max should be processed. Thus specifying
38 B2 only corresponds to B1-B2. The values of B2min and B2max may be
39 arbitrarily large, but their difference must not exceed
40 approximately 9e23, subject to the number of blocks k.
41
43 -pm1
44 Perform P-1 instead of the default method (ECM).
45 -pp1
47 Perform P+1 instead of the default method (ECM).
48 -t n
50 Perform trial division up to n, before P-1, P+1 or ECM. In loop
51 mode (see option -c), trial division is only performed in the first
52 run.
53
55 -x0 x
56 [ECM, P-1, P+1] Use x (arbitrary-precision integer or rational) as
57 initial point. For example, -x0 1/3 is valid. If not given, x is
58 generated from the sigma value for ECM, or at random for P-1 and
59 P+1.
60 -sigma s
62 [ECM] Use s (arbitrary-precision integer) as curve generator. If
63 omitted, s is generated at random.
64 -A a
66 [ECM] Use a (arbitrary-precision integer) as curve parameter. If
67 omitted, is it generated from the sigma value.
68 -go val
70 [ECM, P-1, P+1] Multiply the initial point by val, which can any
71 valid expression, possibly containing the special character N as
72 place holder for the current input number. Example:
73 ecm -pp1 -go "N^2-1" 1e6 < composite2000
75
78 -k k
79 [ECM, P-1, P+1] Perform k blocks in step 2. For a given B2 value,
80 increasing k decreases the memory usage of step 2, at the expense
81 of more cpu time.
82 -treefile file
84 Stores some tables of data in disk files to reduce the amount of
85 memory occupied in step 2, at the expense of disk I/O. Data will be
86 written to files file.1, file.2 etc. Does not work with fast stage
87 2 for P+1 and P-1.
88 -power n
90 [ECM, P-1] Use x^n for Brent-Suyama´s extension (-power 1 disables
91 Brent-Suyama´s extension). The default polynomial is chosen
92 depending on the method and B2. For P-1 and P+1, disables the fast
93 stage 2. For P-1, n must be even.
94 -dickson n
96 [ECM, P-1] Use degree-n Dickson´s polynomial for Brent-Suyama´s
97 extension. For P-1 and P+1, disables the fast stage 2. Like for
98 -power, n must be even for P-1.
99 -maxmem n
101 Use at most n megabytes of memory in stage 2.
102 -ntt, -no-ntt
104 Enable or disable the Number-Theoretic Transform code for
105 polynomial arithmetic in stage 2. With NTT, dF is chosen to be a
106 power of 2, and is limited by the number suitable primes that fit
107 in a machine word (which is a limitation only on 32 bit systems).
108 The -no-ntt variant uses more memory, but is faster than NTT with
109 large input numbers. By default, NTT is used for P-1, P+1 and for
110 ECM on numbers of size at most 30 machine words.
111
113 -q
114 Quiet mode. Found factorizations are printed on standard output,
115 with factors separated by white spaces, one line per input number
116 (if no factor was found, the input number is simply copied).
117 -v
119 Verbose mode. More information is printed, more -v options increase
120 verbosity. With one -v, the kind of modular multiplication used,
121 initial x0 value, step 2 parameters and progress, and expected
122 curves and time to find factors of different sizes for ECM are
123 printed. With -v -v, the A value for ECM and residues at the end of
124 step 1 and step 2 are printed. More -v print internal data for
125 debugging.
126 -timestamp
128 Print a time stamp whenever a new ECM curve or P+1 or P-1 run is
129 processed.
130
132 Several algorithms are available for modular multiplication. The
133 program tries to find the best one for each input; one can force a
134 given method with the following options.
135 -mpzmod
137 Use GMP´s mpz_mod function (sub-quadratic for large inputs, but
138 induces some overhead for small ones).
139 -modmuln
141 Use Montgomery´s multiplication (quadratic version). Usually best
142 method for small input.
143 -redc
145 Use Montgomery´s multiplication (sub-quadratic version).
146 Theoretically optimal for large input.
147 -nobase2
149 Disable special base-2 code (which is used when the input number is
150 a large factor of 2^n+1 or 2^n-1, see -v).
151 -base2 n
153 Force use of special base-2 code, input number must divide 2^n+1 if
154 n > 0, or 2^|n|-1 if n < 0.
155
157 The following options enable one to perform step 1 and step 2
158 separately, either on different machines, at different times, or using
159 different software (in particular, George Woltman´s Prime95/mprime
160 program can produce step 1 output suitable for resuming with GMP-ECM).
161 It can also be useful to split step 2 into several runs, using the
162 B2min-B2max option.
163 -inp file
165 Take input from file file instead of from standard input.
166 -save file
168 Save result of step 1 in file. If file exists, an error is raised.
169 Example: to perform only step 1 with B1=1000000 on the composite
170 number in the file "c155" and save its result in file "foo", use
171 ecm -save foo 1e6 1 < c155
173 -savea file
176 Like -save, but appends to existing files.
177 -resume file
179 Resume residues from file, reads from standard input if file is
180 "-". Example: to perform step 2 following the above step 1
181 computation, use
182 ecm -resume foo 1e6
184 -chkpoint file
187 Periodically write the current residue in stage 1 to file. In case
188 of a power failure, etc., the computation can be continued with the
189 -resume option.
190 ecm -chkpnt foo -pm1 1e10 < largenumber.txt
192
195 The “loop mode” (option -c n) enables one to run several curves on each
196 input number. The following options control its behavior.
197 -c n
199 Perform n runs on each input number (default is one). This option
200 is mainly useful for P+1 (for example with n=3) or for ECM, where n
201 could be set to the expected number of curves to find a d-digit
202 factor with a given step 1 bound. This option is incompatible with
203 -resume, -sigma, -x0. Giving -c 0 produces an infinite loop until a
204 factor is found.
205 -one
207 In loop mode, stop when a factor is found; the default is to
208 continue until the cofactor is prime or the specified number of
209 runs are done.
210 -b
212 Breadth-first processing: in loop mode, run one curve for each
213 input number, then a second curve for each one, and so on. This is
214 the default mode with -inp.
215 -d
217 Depth-first processing: in loop mode, run n curves for the first
218 number, then n curves for the second one and so on. This is the
219 default mode with standard input.
220 -ve n
222 In loop mode, in the second and following runs, output only
223 expressions that have at most n characters. Default is -ve 0.
224 -i n
226 In loop mode, increment B1 by n after each curve.
227 -I n
229 In loop mode, multiply B1 by a factor depending on n after each
230 curve. Default is one which should be optimal on one machine, while
231 -I 10 could be used when trying to factor the same number
232 simultaneously on 10 identical machines.
233
235 These optins allow for executing shell commands to supplement
236 functionality to GMP-ECM.
237 -prpcmd cmd
239 Execute command cmd to test primality if factors and cofactors
240 instead of GMP-ECM´s own functions. The number to test is passed
241 via stdin. An exit code of 0 is interpreted as “probably prime”, a
242 non-zero exit code as “composite”.
243 -faccmd cmd
245 Executes command cmd whenever a factor is found by P-1, P+1 or ECM.
246 The input number, factor and cofactor are passed via stdin, each on
247 a line. This could be used i.e. to mail new factors automatically:
248 ecm -faccmd ´mail -s “$HOSTNAME found a factor”
250 me@myaddress.com´ 11e6 < cunningham.in
251 -idlecmd cmd
254 Executes command cmd before each ECM curve, P-1 or P+1 attempt on a
255 number is started. If the exit status of cmd is non-zero, GMP-ECM
256 terminates immediately, otherwise it continues normally. GMP-ECM is
257 stopped while cmd runs, offering a way for letting GMP-ECM sleep
258 for example while the system is otherwise busy.
259
261 -n
262 Run the program in “nice” mode (below normal priority).
263 -nn
265 Run the program in “very nice” mode (idle priority).
266 -B2scale f
268 Multiply the default step 2 bound B2 by the floating-point value f.
269 Example: -B2scale 0.5 divides the default B2 by 2.
270 -stage1time n
272 Add n seconds to stage 1 time. This is useful to get correct
273 expected time with -v if part of stage 1 was done in another run.
274 -cofdec
276 Force cofactor output in decimal (even if expressions are used).
277 -h, --help
279 Display a short description of ecm usage, parameters and command
280 line options.
281 -printconfig
283 Prints configuration parameters used for the compilation and exits.
284
286 The input numbers can have several forms:
287 Raw decimal numbers like 123456789.
289 Comments can be placed in the file: everything after “//” is ignored,
291 up to the end of line.
292 Line continuation. If a line ends with a backslash character “\”, it is
294 considered to continue on the next line.
295 Common arithmetic expressions can be used. Example: 3*5+2^10.
297 Factorial: example 53!.
299 Multi-factorial: example 15!3 means 15*12*9*6*3.
301 Primorial: example 11# means 2*3*5*7*11.
303 Reduced primorial: example 17#5 means 5*7*11*13*17.
305 Functions: currently, the only available function is Phi(x,n).
307
309 The exit status reflects the result of the last ECM curve or P-1/P+1
310 attempt the program performed. Individual bits signify particular
311 events, specifically:
312 Bit 0
314 0 if normal program termination, 1 if error occured
315 Bit 1
317 0 if no proper factor was found, 1 otherwise
318 Bit 2
320 0 if factor is composite, 1 if factor is a probable prime
321 Bit 3
323 0 if cofactor is composite, 1 if cofactor is a probable prime
324 Thus, the following exit status values may occur:
326 0
328 Normal program termination, no factor found
329 1
331 Error
332 2
334 Composite factor found, cofactor is composite
335 6
337 Probable prime factor found, cofactor is composite
338 8
340 Input number found
341 10
343 Composite factor found, cofactor is a probable prime
344 14
346 Probable prime factor found, cofactor is a probable prime
347
349 Report bugs to <ecm-discuss@lists.gforge.inria.fr>, after checking
350 <http://www.loria.fr/~zimmerma/records/ecmnet.html> for bug fixes or
351 new versions.
352
354 Pierrick Gaudry <gaudry at lix dot polytechnique dot fr> contributed
355 efficient assembly code for combined mul/redc;
356 Jim Fougeron <jfoug at cox dot net> contributed the expression parser
358 and several command-line options;
359 Laurent Fousse <laurent at komite dot net> contributed the middle
361 product code, the autoconf/automake tools, and is the maintainer of the
362 Debian package;
363 Alexander Kruppa <(lastname)al@loria.fr> contributed estimates for
365 probability of success for ECM, the new P+1 and P-1 stage 2 (with P.-L.
366 Montgomery), new AMD64 asm mulredc code, and some other things;
367 Dave Newman <david.(lastname)@jesus.ox.ac.uk> contributed the
369 Kronecker-Schoenhage and NTT multiplication code;
370 Jason S. Papadopoulos contributed a speedup of the NTT code
372 Paul Zimmermann <zimmerma at loria dot fr> is the author of the first
374 version of the program and chief maintainer of GMP-ECM.
375 Note: email addresses have been obscured, the required substitutions
377 should be obvious.
378April 22, 2003 03/17/2010 ECM(1)