New Semi-Prime Factorization and Application in Large RSA Key Attacks

Abstract

Semi-prime factorization is an increasingly important number theoretic problem, since it is computationally intractable. Further, this property has been applied in public-key cryptography, such as the Rivest–Shamir–Adleman (RSA) encryption systems for secure digital communications. Hence, alternate approaches to solve the semi-prime factorization problem are proposed. Recently, Pythagorean tuples to factor semi-primes have been explored to consider Fermat’s Christmas theorem, with the two squares having opposite parity. This paper is motivated by the property that the integer separating these two squares being odd reduces the search for semi-prime factorization by half. In this paper, we prove that if a Pythagorean quadruple is known and one of its squares represents a Pythagorean triple, then the semi-prime is factorized. The problem of semi-prime factorization is reduced to the problem of finding only one such sum of three squares to factorize a semi-prime. We modify the Lebesgue identity as the sum of four squares to obtain four sums of three squares. These are then expressed as four Pythagorean quadruples. The Brahmagupta–Fibonacci identity reduces these four Pythagorean quadruples to two Pythagorean triples. The greatest common divisors of the sides contained therein are the factors of the semi-prime. We then prove that to factor a semi-prime, it is sufficient that only one of these Pythagorean quadruples be known. We provide the algorithm of our proposed semi-prime factorization method, highlighting its complexity and comparative advantage of the solution space with Fermat’s method. Our algorithm has the advantage when the factors of a semi-prime are congruent to 1 modulus 4. Illustrations of our method for real-world applications, such as factorization of the 768-bit number RSA-768, are established. Further, the computational viabilities, despite the mathematical constraints and the unexplored properties, are suggested as opportunities for future research.

1. Introduction

Prime numbers have caught the attention of mathematicians since the work of Euclid due to their unfathomable structural properties. This paper leverages some elegant properties of prime numbers beyond their basic definition of being divisible by themselves and one only. They also possess the property of being randomly distributed, which is not exploited fully [1,2,3]. The current perception is that there appears to be only a limited understanding of their underlying structure, and several mathematicians are constantly trying to uncover the mysteries behind these prime numbers. There is still much to be carried out, and areas of further interest are channeled towards a better understanding of the structure of primes for arriving at faster prime number generating algorithms and faster solutions to the prime factorization problem [4,5,6,7]. There is a need for generating more robust primes that are less susceptible to known factorization methods. In this paper, we draw attention to creating new approaches for the prime factorization of large prime factors or the semi-prime factorization problem. The focus of this research problem has an impact worldwide due to its practical application in digital communication, and in particular, the associated information security attacks and privacy challenges of today [8,9].

In information security, large semi-primes have applications in encryption algorithms. They are used for generating public keys and private keys, such as in the Rivest–Shamir–Adleman (RSA) cryptosystems [10]. The property that the prime factorization of large numbers is a challengingly difficult task is well utilized in RSA-based encryption algorithms. Due to the dominant application of the RSA public-key primitive in cryptography, the security of RSA has been extensively analyzed for various attack scenarios [11]. In this paper, we take a modest step further by proposing new methods of semi-prime factorization of the RSA primitive.

Previous research [1] proved that the semi-primes can be represented as the sum of four squares. A new factorization method, by exploiting the relationship among the four squares, was proposed as a faster alternative to Euler’s method, as given in [12]. The purpose of this paper is to explore the topic of factorization further with a computationally simple approach for applications in RSA cryptography. In earlier work [1], we showed that a semi-prime $N$ could be constructed from two primes, $p_1$ and $p_2,$ in accordance with Fermat’s Christmas theorem, as given in [13]. In other words, Fermat stated that an odd prime p can be represented as the sum of two squares of integers $x_1$ and $x_2,$ if and only if $1 \left(mod 4\right)\equiv p=x_1^2+x_2^2$. Hence, this determined which numbers can be represented as the sum of two squares and was later proved by Euler [12]. It is also mathematically represented that the semi-prime product is congruent to $1\left(mod 4\right)\equiv p_1{p}_2.$ This paper advances further by applying the Brahmagupta–Fibonacci identity uniquely to establish that the product of these two primes (which is a sum of four squares) could be mathematically reduced to two sums of two squares [14]. In other words, we prove mathematically how the Brahmagupta–Fibonacci identity reduces these four Pythagorean quadruples to two Pythagorean triples. Hence, our proposed factorization method based on this property would be computationally successful whenever the semi-prime, a product of two primes, is such that both factors are congruent to 1 modulus 4.

In this work, we leverage on the gaps found in the literature towards providing a novel proposal for semi-prime factorization. While there are several properties of Pythagorean triples, new patterns based on these properties are yet to be researched in the context of semi-prime factorization [15]. The main contributions of the paper are envisaged via the key features of our proposed factorization method, as listed below:

i.

The novel semi-prime factorization method uses simple number theory uniquely for the first of its kind;

ii.

The method applies new patterns of Pythagorean tuples and triples that are unexplored so far in literature;

iii.

By employing simple arithmetic operations, the semi-prime factorization algorithm assures a low order of computing cost;

iv.

The algorithm exhibits an enhanced solution space as compared to Fermat’s method.

The paper is organized as follows: Section 2 provides related works, and Section 3 postulates the background theory of our proposed new method, which includes definitions, a theorem, and four lemmas. In Section 4, we show how to factorize semi-primes using Pythagorean quadruples and triples by proving the theorems and the four lemmas. Further, we provide the algorithm of our proposed semi-prime factorization method and summarize its complexity, comparison, and constraints with existing similar works qualitatively. In Section 5, case study examples illustrate the ease of computing the factors of a semi-prime integer with the proposed approach numerically. Moreover, we demonstrate the application of the method for RSA-768 successfully. Finally, we draw key conclusions and future research directions in Section 6.

2. Related Works

Several studies on the important problem of semi-primes factorization have challenged the intractability of RSA [16,17,18]. Since the first RSA cryptanalytic attack by Wiener in 1990 using the continued fractions method [19], several methods have been explored, such as the lattice reduction approach by Coppersmith [20] and by Blomer and May [21], as well as the Boneh and Durfee attack on short decryption exponents of RSA [22]. More recent works approach the problem differently, with varying purposes, such as to find weak RSA keys for transport layer security (TLS) attacks [23], LogJam [24], or to factorize RSA keys for smartcard cryptography attacks on several devices [25].

Historically, general-purpose factorization of integers can be dated back to the continued fraction factorization method (CFRAC) introduced by Lehmer and Powers in 1931 [26], which was later implemented as a computer algorithm by Morrison and Brillhart [27]. Subsequently, Pomerance and Wagstaff devised an improved algorithm [28], and such works including Pollard’s ρ algorithm [29] and Pomerance’s quadratic sieve method (1985) [30] lay the foundation for generating interests in general-purpose factorization of integers in various applications. In the context of RSA cryptography applications, recent works have considered such known factorization methods to focus on security parameters such as the length of the prime factors $p_1$ and $p_2,$ of the RSA modulus $n=p_1{p}_2$, or other structural properties of the primes. Modifications of existing methods have become popular recently, such as using the prime sum $p_1+p_2$ with sublattice reduction techniques and Coppersmith’s methods [31] or using a small prime difference $p_1-p_2$ method with Wiener’s original method [32]. The method by Lenstra’s elliptic-curve method also serves as the state-of-the-art proposal for several future studies [33]. A recent work has considered Chengs’s $4p-1$ method [34] to provide simplified and asymptotically deterministic versions, as it is similar to the well-known Lenstra’s methods [35]. The study analyzed existing methods as the means of a potential backdoor for the RSA primes generated.

A survey of the literature shows that the factorization problem of prime numbers is gaining research popularity, with a recent focus towards developing efficient mathematical techniques that are computationally faster and simpler [36,37,38,39]. Recent research interest in polynomials, which generate sums of squares, has featured applications to cryptography [40,41,42,43,44,45]. In this context, our previous works leverage the semi-prime representation as the sum of four squares [1,46] with an enhancement to Euler’s method [47,48]. Such a factorization method focusing on the special form of primes allows for an efficient factorization of RSA moduli. Thus, an adversary is motivated to subvert the prime generation to produce such RSA keys and could serve as a backdoor. With this view, we propose a new semi-prime factorization based on unique properties of Pythagorean triples with new mathematical theories and underlying patterns that are unexplored so far, with the purpose of advancing our research further in this direction.

3. Background Theory

This section provides the background theory that forms the mathematical foundations of this research work. Mathematical proofs, along with a summary of the definitions and a theorem with the supporting lemmas that are used for our proposed semi-prime factorization approach, are given below.

Let us consider the Brahmagupta–Fibonacci identity [14], which expresses the product of two prime sums of two squares as two sums of two squares in two different ways with the following mathematical representation:

$$p_1{p}_2=\left(x_{11}^2+x_{12}^2\right)\left(x_{21}^2+x_{22}^2\right)={\left(x_{11}{x}_{21}\right)}^2+{\left(x_{11}{x}_{22}\right)}^2+{\left(x_{12}{x}_{21}\right)}^2+{\left(x_{12}{x}_{22}\right)}^2$$

(1)

$$p_1{p}_2={\left(x_{11}{x}_{21}\mp x_{12}{x}_{22}\right)}^2+{\left(x_{11}{x}_{22}\pm x_{12}{x}_{21}\right)}^2$$

(2)

Jacobi [2] provides various sums of four squares for a particular number. Among these, Equation (1) is a special case in the set of possible $r_4\left(n\right)$ solutions.

$$r_4\left(n\right)=8{{\displaystyle \sum }}_{d\mid n}^{}\left(n\right), n is odd.$$

(3)

Let us consider Lagrange’s four-square theorem, also known as Bachet’s conjecture [49], which states that every natural number can be represented as the sum of four integer squares with the following mathematical representation:

$$n={\displaystyle \sum }_{k=1}^4{y}_k^2 , y_k are integers such that n=y_1^2+y_2^2+y_3^3+y_4^2$$

According to Legendre’s three-square theorem [50], a natural number $n$ can be represented as the sum of three squares of integers as follows:

$$n={{\displaystyle \sum }}_{l=1}^3{z}_l^2, z_l are integers \mathrm{iff} n\ne 4^a\left(8b+7\right) where a, b are integers$$

From Lebesgue’s identity [51], the square of the sum of four squares can be given by the sum of three squares and can be represented as follows:

$$n^2={\left({\displaystyle \sum }_{k=1}^4{y}_k^2\right)}^2={\displaystyle \sum }_{l=1}^3{z}_l^2, n^2=z_1^2+z_2^2+z_3^2$$

(4)

$$n=y_1^2+y_2^2+y_3^2+y_4^2, z_1=y_1^2+y_2^2-y_3^2-y_4^2,$$

$$z_2=2\left(y_1{y}_3+y_2{y}_4\right), z_3=2\left(y_1{y}_4-y_2{y}_3\right)$$

$${\left(y_1^2+y_2^2+y_3^2+y_4^2\right)}^2={\left(y_1^2+y_2^2-y_3^2-y_4^2\right)}^2+{\left(2\left(y_1{y}_3+y_2{y}_4\right)\right)}^2+{\left(2\left(y_1{y}_4-y_2{y}_3\right)\right)}^2$$

Definitions 1.

The definitions of Pythagorean triple and Pythagorean quadruple are given below [52].

A Pythagorean triple is an ordered triple of distinct positive integers $\left(\alpha ,\beta ,N\right)$ with a mathematical notation as follows [48]:

$$\mathrm{Pythagorean} \mathrm{triple}\left(\alpha ,\beta ,N\right)\stackrel{\scriptscriptstyle\mathrm{def}}{=}{\alpha }^2+{\beta }^2=N^2,\alpha \ne \beta$$

(5)

A Pythagorean quadruple is an ordered quadruple of positive integers $\left(z_1,z_2,z_3,N\right)$ expressed mathematically as follows:

$$\mathrm{Pythagorean} \mathrm{quadruple} \left(z_1,z_2,z_3, N\right)\stackrel{\scriptscriptstyle\mathrm{def}}{=}{z}_1^2+z_2^2+z_3^2 =N^2, z_1,z_2,z_3 not equal$$

(6)

In this paper, we prove the following theorem with some lemmas:

Theorem 1.

If a Pythagorean quadruple has a square of a triple and $N$ is semi-prime, then N can be factored.

Lemma 1.

The square product of two primes (each sum of two squares) is four sums of three squares.

Lemma 2.

The square of a semi-prime is four sums of two squares.

Lemma 3.

The greatest common divisor of all the two squares factors the semi-prime.

Lemma 4.

One of the squares of a Pythagorean quadruple represents a Pythagorean triple.

Lemma 1 produces the four Pythagorean quadruples. Lemma 2 reduces the four Pythagorean quadruples to two Pythagorean triples. Lemma 3 factors the semi-prime. Lemma 4 reduces a Pythagorean quadruple to a triple. Overall, the theorem shows that it is sufficient to only find such a Pythagorean quadruple to factor the semi-prime.

4. Proposed Method for Factoring Semi-Primes

The inherent hardness of finding the prime factors of large semi-primes forms the fundamental premise for RSA robustness [53]. However, this holds good until there is an efficient method found to compute the unknown prime factors of RSA keys, which are essentially large semi-prime numbers [54]. While several methods for integer factorization exist in general [55,56,57], none of them focus on semi-prime factorization relating to RSA cryptosystems. Hence, in this paper we will take this challenge and focus on solving the semi-prime factorization problem with a proposed reduced problem approach. Through the rest of the paper, it will be shown that the problem can be reduced to finding only one suitable sum of three squares to factorize a semi-prime. We provide a mathematical proof for our proposed approach in this section.

Proposed method: “The sum of four squares factorization” generates r4n solutions [48] (Equation (3)), of which only one solution is applicable to the Brahmagupta–Fibonacci identity, namely Equations (1) and (2). The remaining solutions do not lead to solutions for the semi-prime factorization. Some simple case examples are given below.

Case Example 1.

Let us consider N = 169.

$$169={13}^2=\left(2^2+3^2\right)\left(2^2+3^2\right)=4^2+6^2+6^2+9^2=4^2+4^2+4^2+{11}^2$$

Applying the Brahmagupta–Fibonacci identity Equation (2), we obtain:

$$4^2+6^2+6^2+9^2={\left(9-4\right)}^2+{\left(6+6\right)}^2=5^2+{12}^2={\left(9+4\right)}^2+{\left(6-6\right)}^2={13}^2+0^2$$

$$4^2+4^2+4^2+{11}^2 \ne {\left(11-4\right)}^2+{\left(4+4\right)}^2 = 7^2+8^2 =113 \ne 169$$

$$4^2+ 4^2+4^2+{11}^2 \ne {\left(11+4\right)}^2+{\left(4-4\right)}^2 = 15+0^2 =225 \ne 169$$

Case Example 2.

Let us consider N = 377.

$$377=\left(13\right)\left(29\right)=\left(2^2+3^2\right)\left(2^2+5^2\right)=4^2+6^2+{10}^2+{15}^2$$

Applying the Brahmagupta–Fibonacci identity provides the two sums of squares.

$$377=4^2+6^2+{10}^2+{15}^2={\left(15-4\right)}^2+{\left(10+6\right)}^2= {11}^2+{16}^2={\left(15+4\right)}^2+{\left(10-6\right)}^2={19}^2+4^2$$

$$377=4^2+{19}^2={11}^2+{16}^2$$

Once the two sums of two squares are known, the prime factors can be found using a modified Euler factorization [1].

$$\Delta e=16-4=12, \Delta o=19-11=8, g=\gcd \left(8,12\right)=4, p_1={\left(\frac{8}{4}\right)}^2+{\left(\frac{12}{4}\right)}^2=13$$

However, in this case, there are nine sums of four squares, as follows:

$$\left(1,4,6,18\right),\left(1,6,12,14\right),\left(2,2,12,15\right),\left(2,6,9,16\right),\left(4,6,6,17\right)$$

$$\left(\mathbf{4},\mathbf{6},\mathbf{10},\mathbf{15}\right),\left(5,8,12,12\right),\left(6,6,7,16\right),\left(6,8,9,14\right)$$

Only one of these is applicable to the Brahmagupta–Fibonacci identity, providing the two sums of two squares. A faster method, using a modified binary greatest common divisor [14], quickly validates a sum of four squares given below:

$$\left(4,6,10,15\right)=15, 2\left(5,2,3\right)\Rightarrow \left(5,2\right),\left(2,3\right)\Rightarrow \left(2^2+5^2\right)\left(2^2+3^2\right)=\left(29\right)\left(13\right)=377$$

(7)

This requires the sums of four squares to be found until the correct sum of four squares is factored. This is not viable for the factorization of large semi-primes. In this paper, it will be shown that it is sufficient to find only one suitable sum of three squares to factorize a semi-prime, and a theorem proof and four lemmas follow.

Restating Theorem 1.

If a Pythagorean quadruple has a square of a triple and $N$ is semi-prime, then N can be factored. Some lemmas required are provided below.

Lemma 1.

The square product of two primes (each sum of two squares) is four sums of three squares.

Proof. 

Consider the Lebesgue identity. The square of the sum of four squares can be given by the sum of three squares. From Equation (4), we have:

$$n^2={\left({\displaystyle \sum }_{k=1}^4{y}_k^2\right)}^2={\displaystyle \sum }_{l=1}^3{z}_l^2, n^2=z_1^2+z_2^2+z_3^2$$

and

$$c_1^2=a_1^2+b_1^2, c_2^2=a_2^2+b_2^2, n=c_1{c}_2, n^2={\left(c_1{c}_2\right)}^2=c_1^2{c}_2^2$$

$$c_1^2{c}_2^2=c_1^2\left(a_2^2+b_2^2\right)={\left(a_2{c}_1\right)}^2+{\left(b_2{c}_1\right)}^2$$

(8)

$$c_1^2{c}_2^2=c_2^2\left(a_1^2+b_1^2\right)={\left(a_1{c}_2\right)}^2+{\left(b_1{c}_2\right)}^2$$

(9)

The four sums of three squares are thus:

$${\left(a_2{c}_1\right)}^2+{\left(b_2{c}_1\right)}^2={\left(a_2{c}_1\right)}^2+{\left(b_2{a}_1\right)}^2+{\left(b_2{b}_1\right)}^2$$

(10)

$${\left(a_2{c}_1\right)}^2+{\left(b_2{c}_1\right)}^2={\left(a_2{a}_1\right)}^2+{\left(a_2{b}_1\right)}^2+{\left(b_2{c}_1\right)}^2$$

(11)

$${\left(a_1{c}_2\right)}^2+{\left(b_1{c}_2\right)}^2={\left(a_1{c}_2\right)}^2+{\left(b_1{a}_2\right)}^2+{\left(b_1{b}_2\right)}^2$$

(12)

$${\left(a_1{c}_2\right)}^2+{\left(b_1{c}_2\right)}^2={\left(a_1{a}_2\right)}^2+{\left(a_1{b}_2\right)}^2+{\left(b_1{c}_2\right)}^2$$

(13)

The four Pythagorean quadruples from Equations (9)–(12) are given as:

$$\left(a_1{b}_2, b_1{b}_2,c_1{a}_2, c_1{c}_2\right), \left(a_1{a}_2, b_1{a}_2, c_1{b}_2,c_1{c}_2\right), \left(a_1{c}_2,b_1{a}_2,b_1{b}_2,c_1{c}_2\right) \left(a_1{a}_2, a_1{b}_2,b_1{c}_2, c_1{c}_2\right)$$

(14)

□

Lemma 2.

The square of the semi-prime is four sums of two squares.

Proof: 

We have the following product of two sums of squares:

$${\left(c_1{c}_2\right)}^2=c_1^2{c}_2^2={\left(a_1^2+b_1^2\right)}^2{\left(a_2^2+b_2^2\right)}^2$$

Using the Brahmagupta–Fibonacci identity, we obtain:

$$c_1^2={\left(a_1^2\right)}^2+{\left(a_1{b}_1\right)}^2+{\left(a_1{b}_1\right)}^2+{\left(b_1^2\right)}^2={\left(a_1^2-b_1^2\right)}^2+{\left(2a_1{b}_1\right)}^2={\left(a_1^2+b_1^2\right)}^2$$

$$c_2^2={\left(a_2^2\right)}^2+{\left(a_2{b}_2\right)}^2+{\left(a_2{b}_2\right)}^2+{\left(b_2^2\right)}^2={\left(a_2^2-b_2^2\right)}^2+{\left(2a_2{b}_2\right)}^2={\left(a_2^2+b_2^2\right)}^2$$

$$c_1^2={\left(a_1^2-b_1^2\right)}^2+{\left(2a_1{b}_1\right)}^2={\left(a_1^2+b_1^2\right)}^2 , c_2^2={\left(a_2^2-b_2^2\right)}^2+{\left(2a_2{b}_2\right)}^2={\left(a_2^2+b_2^2\right)}^2{\left(c_1{c}_2\right)}^2={\left[\left(a_1^2+b_1^2\right)\left(a_2^2+b_2^2\right)\right]}^2$$

$$c_1{c}_2={\left(a_1{a}_2\right)}^2+{\left(b_1{a}_2\right)}^2+{\left(a_1{b}_2\right)}^2+{\left(b_1{b}_2\right)}^2$$

$$={\left(a_1{a}_2-b_1{b}_2\right)}^2+{\left(a_1{b}_2+b_1{a}_2\right)}^2={\left(a_1{a}_2+b_1{b}_2\right)}^2+{\left(a_1{b}_2-b_1{a}_2\right)}^2$$

$${\left(c_1{c}_2\right)}^2=\left[{\left(a_1{a}_2-b_1{b}_2\right)}^2+{\left(a_1{b}_2+b_1{a}_2\right)}^2\right]\left[{\left(a_1{a}_2+b_1{b}_2\right)}^2+{\left(a_1{b}_2-b_1{a}_2\right)}^2\right]$$

$$\begin{gathered} {\left(c_1{c}_2\right)}^2={\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)}^2+{\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)}^2 \\ +{\left(\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)}^2+{\left(\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)}^2 \end{gathered}$$

$$\begin{gathered} {\left(c_1{c}_2\right)}^2={\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{a}_2+b_1{b}_2\right)+\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)}^2 \\ +{\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{b}_2-b_1{a}_2\right)-\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)}^2 \end{gathered}$$

$$\begin{gathered} {\left(c_1{c}_2\right)}^2={\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)-\left(\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)}^2 \\ +{\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)+\left(\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)}^2 \\ +{\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)+\left(\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)}^2 \end{gathered}$$

(15)

We make use of Equations (7) and (8), and we have the four sums of two squares for ${\left(c_1{c}_2\right)}^2$, as follows:

$$\begin{gathered} {\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{a}_2+b_1{b}_2\right)+\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)}^2 \\ + {\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{b}_2-b_1{a}_2\right)-\left(a_1{b}_2+b_1{a}_2\right) \left(a_1{a}_2+b_1{b}_2\right)\right)}^2 \end{gathered}$$

(16)

$$\begin{gathered} {\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{a}_2+b_1{b}_2\right)-\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{b}_2-b_1{a}_2\right)\right)}^2 \\ + {\left(\left(a_1{a}_2-b_1{b}_2\right)\left(a_1{b}_2-b_1{a}_2\right)+\left(a_1{b}_2+b_1{a}_2\right)\left(a_1{a}_2+b_1{b}_2\right)\right)}^2. \end{gathered}$$

(17)

Two of the four Pythagorean triples from Equations (18) and (19) have no common factors. The other two of the four Pythagorean triples, which are factorable from Equations (7) and (8), are given by:

$$\left(c_1{a}_2, c_1{b}_2,c_1{c}_2\right), \left(c_2{a}_1, c_2{b}_1,c_1{c}_2\right)$$

(18)

□

Lemma 3. 

The greatest common divisors of the sums of two squares factor the semi-prime.

Proof. 

Consider the semi-prime $n=c_1{c}_2$ and assume that $c_1$, $c_2=1 \left(\mathrm{mod} 4\right)$, i.e., $c_1$ and $c_2$ are the sum of two squares, then we have:

$$1\left(mod 4\right)\equiv c=x_1^2+x_2^2$$

From Equation (14), we have:

$$\left(c_1{a}_2, c_1{b}_2, c_1{c}_2\right), \left(c_2{a}_1, c_2{b}_1,c_1{c}_2\right)$$

$$\left(c_1{a}_2, c_1{b}_2, c_1{c}_2\right)\Rightarrow \gcd \left(c_1{a}_2, c_1{b}_2\right)=c_1, \left(c_2{a}_1, c_2{b}_1, c_1{c}_2\right)\Rightarrow \gcd \left(c_2{a}_1, c_2{b}_1\right)=c_2$$

The greatest common divisors of the sums of two squares are the factors of the semi-prime.

$$\left(\alpha ,\beta ,N\right), c_1=\gcd \left(\alpha ,\beta \right), c_2=\frac{N}{c_1}$$

(19)

□

Lemma 4.

There exists a Pythagorean quadruple, a square of which represents a triple.

Proof. 

From Pythagorean quadruple Equation (6) given by $N^2=z_1^2+z_2^2+z_3^2$ and Pythagorean triple Equation (5) given by $N^2={\alpha }^2+{\beta }^2, \alpha \ne \beta$ we have the following:

$$\mathrm{If} \beta \in \left\{z_1,z_2,z_3\right\} \exists \left(\alpha ,\beta ,N\right) :{\alpha }^2=N^2-{\beta }^2, \alpha \ne \beta$$

(20)

From Equation (13), it can be seen that:

$$\left(a_1{b}_2, b_1{b}_2,c_1{a}_2, c_1{c}_2\right)\Rightarrow {\beta }_1=c_1{a}_2\Rightarrow$$

$${\alpha }_1,{\beta }_1, c_1{c}_2)=\left({\alpha }_1,c_1{a}_2, c_1{c}_2\right)\Rightarrow {\alpha }_1=c_1{b}_2$$

$$\left(a_1{a}_2, b_1{a}_2, c_1{b}_2,c_1{c}_2\right)\Rightarrow {\beta }_2=c_1{b}_2\Rightarrow$$

$$({\alpha }_2,{\beta }_2, c_1{c}_2)=\left({\alpha }_2,c_1{b}_2, c_1{c}_2\right)\Rightarrow {\alpha }_2=c_1{a}_2$$

$$\left(a_1{c}_2,b_1{a}_2,b_1{b}_2,c_1{c}_2\right)\Rightarrow {\beta }_3=c_2{a}_1\Rightarrow ({\alpha }_3,{\beta }_3, c_1{c}_2)=\left({\alpha }_3,c_2{a}_1, c_1{c}_2\right)\Rightarrow {\alpha }_3=c_2{b}_1$$

$$\left(a_1{a}_2, a_1{b}_2,b_1{c}_2, c_1{c}_2\right)\Rightarrow {\beta }_4=c_2{b}_1\Rightarrow ({\alpha }_4,{\beta }_4, c_1{c}_2)=\left({\alpha }_4,c_2{b}_1, c_1{c}_2\right)\Rightarrow {\alpha }_4=c_2{a}_1$$

$$\left({\beta }_1,{\alpha }_1, c_1{c}_2\right)=\left({\alpha }_2,{\beta }_2, c_1{c}_2\right)=\left(c_1{a}_2, c_1{b}_2, c_1{c}_2\right), \left({\beta }_3,{\alpha }_3, c_1{c}_2\right)=$$

$$\left({\alpha }_4,{\beta }_4, c_1{c}_2\right)=\left(c_2{a}_1, c_2{b}_1, c_1{c}_2\right)$$

$$\beta \in \left\{c_1{b}_2,c_1{a}_2,c_2{b}_1,c_2{a}_1\right\}\exists \left(\alpha ,\beta ,N\right) :{\alpha }^2=N^2-{\beta }^2, \alpha \ne \beta$$

□

Theorem 2.

If a Pythagorean quadruple has a square of a triple, the semi-prime can be factored.

Proof. 

From Lemma 1, we have:

The four Pythagorean quadruples from Equation (13) are given as:

$$\left(a_1{b}_2, b_1{b}_2,c_1{a}_2, c_1{c}_2\right), \left(a_1{a}_2, b_1{a}_2, c_1{b}_2,c_1{c}_2\right),$$

$$\left(a_1{c}_2,b_1{a}_2,b_1{b}_2,c_1{c}_2\right),\left(a_1{a}_2, a_1{b}_2,b_1{c}_2, c_1{c}_2\right)$$

From Lemma 4, there exists a Pythagorean quadruple, a square of which represents a triple.

$$\beta \in \left\{c_1{b}_2,c_1{a}_2,c_2{b}_1,c_2{a}_1\right\}\exists \left(\alpha ,\beta ,N\right) :{\alpha }^2=N^2-{\beta }^2, \alpha \ne \beta$$

(21)

From Lemma 2, the Pythagorean triples with prime factors from Equation (14) are given as follows:

$$\left(c_1{a}_2, c_1{b}_2, c_1{c}_2\right), \left(c_2{a}_1, c_2{b}_1,c_1{c}_2\right)$$

$$N=c_1{c}_2, \exists \left(\alpha ,\beta ,N\right):\left(\alpha ,\beta \right)\in \left\{\left(a_2{c}_1, b_2{c}_1\right), \left(a_1{c}_2, b_1{c}_2\right)\right\}$$

(22)

From Lemma 3, we have:

$$\left(\alpha ,\beta ,N\right), c_1=\gcd \left(\alpha ,\beta \right), c_2=\frac{N}{c_1}$$

□

4.1. Algorithm of Our Proposed Semi-Prime Factorization

Cryptographic algorithms make use of standard integer factorization algorithms found in the literature, such as Pollard’s factoring algorithm, Lenstra’s elliptic curve factorization algorithm, and others with different kinds of number sieves [58,59]. For our algorithm to factor semi-primes, we capitalize on the properties of semi-prime representations as the sum of three squares, which is supported by well-proven theorems [60]. Based on the theoretical background postulated in this work, our algorithm consists of four key steps, as given below:

Step 1. Square the semi-prime to be factored: $N^2$.

Step 2. Find sums of three squares such that:

$$\left(N^2-x^2\right)=prime\equiv 1 mod 4={\beta }^2+a^2$$

   //Increment $x$ until a prime is found congruent to 1 mod 4 [61]

   {x+

   +$x^2$

   $N^2-x^2$ }

   Do primality test, 1 mod 4 test, sum of two squares}

Step 3. Save $\left\{x, a, b\right\}$ such that $\left(N,x,a,b\right),\beta : \beta \in \left\{x,a,b\right\}$

      Test $\beta$ to find $\alpha$ such that ${\alpha }^2=N^2-{\beta }^2$

   Step 3.1 Test $\left\{x, a, b\right\}$ to find $\left\{\alpha ,\beta \right\}$, $x^2,a^2, b^2;N^2-x^2, N^2-a^2, N^2-b^2$

   Step 3.2 Test for perfect square // use a square root function)

Step 4. Calculate and output the semi-prime factors $c_1$ and $c_2$ such that $N=c_1{c}_2$

   Step 4.1 $c_1=\gcd \left(\alpha ,\beta \right)$ // use gcd function

   Step 4.2 $c_2=\frac{N}{c_1}$

4.2. Complexity, Comparison and Constraints of Our Algorithm

We summarize the complexity of our proposed semi-prime factorization algorithm in terms of memory and computational time. These complexity measures are followed in similar lines to existing methods reported in the literature [61]. The memory requirement of our algorithm is very minimal, with most computations operating on the memory variables (N, x, a, b, α, β), which use BigInteger arithmetic. In terms of time complexity, our method compares favorably against Fermat’s factorization method, in that only one solution exists in Fermat’s method. As was shown in Case Example 2, our method has identified 45 solutions, of which 11 could lead directly to a factorization and the others may as well, if their sums of squares are part of a tree that reveals other sums of squares.

In our algorithm, the initial step of squaring the number to be factorized could be a constraint for large semi-prime numbers. Further, the method is also probabilistic, while in many ways it is comparable to the stochastic nature of finding a sum of two squares. However, the advantage of our algorithm is that there are many possible solutions in the set of the sum of three squares, making it more likely that such a solution also leads towards finding a sum of two squares. Moreover, once a sum of three squares is known, the squares themselves form trees, which will be explored in future work. For instance, in Case Example 2 discussed earlier, 45 possible sums of squares were obtained. Among these, 11 created direct solutions to the factorization of the semi-prime and our method provides more possibilities of the solution space. Otherwise, using common approaches such as Fermat’s, only two sums of squares exist for the semi-prime. Therefore, using our method, the probability of finding a solution is greatly enhanced and, in this case, it is more likely by an order of six times than the common methods. Further, traversing the tree of squares, if any of the 45 possible solutions are discovered, then any of these may lead to a factorization solution, which is 22 times more likely to lead to a solution. These trees provide additional sums of three squares, some of which will lead to a sum of two squares. Once a sum of two squares is known, the search for the second sum of squares is contained in a subset, thereby reducing the search space via the efficient use of polynomials to factorize semi-primes quickly [1].

5. Case Study Examples Applied to RSA Key Factorization

In this section, we illustrate the application of our proposed semi-prime factorization method using case study examples. An application area of particular interest in considering specific variants of RSA is how both small and large encryption keys perform within our proposed factorization approach. With the evolution of the Internet of things (IoT), the emergence of lightweight cryptography is on the rise. However, due to the relatively low computational power of personal devices, malicious attacks are recently targeting IoT networks [62,63,64]. Since the security of cryptographic operations in both small keys as well as large keys depends upon whether the semi-prime factorization can be solved efficiently, we consider one application example for each of the two scenarios.

Application Example 1.

Let us consider Case Example 2 with N = 377.

The 45 Pythagorean quadruples are:

(12,81,368,377), (12,108,361,377), (12,156,343,377), (12,224,303,377), (15,252,280,377), (17,144,348,377), (17,192,324,377), (24,143,348,377), (24,177,332,377), (28,72,369,377), (28,252,279,377), (39,72,368,377), (39,208,312,377), (44,207,312,377), (44,228,297,377), (64,252,273,377), (72,199,312,377), (72,252,271,377), (81,108,352,377), (84,132,343,377), (84,208,303,377), (87,116,348,377), (87,156,332,377), (87,172,324,377), (89,192,312,377), (100,105,348,377), (100,240,273,377), (105,252,260,377), (108,207,296,377), (108,233,276,377), (116,177,312,377), (116,192,303,377), (132,224,273,377), (143,156,312,377), (143,228,264,377), (144,172,303,377), (145,240,252,377), (152,207,276,377), (156,172,297,377), (156,208,273,377), (156,233,252,377), (172,207,264,377), (177,180,280,377), (180,215,252,377), (192,208,249,377)

β ∈ {12, 15, 17, 24, 28, 39, 44, 64, 72, 81, 84, 87, 89, 100, 105, 108, 116, 132, 143, 144, 145, 152, 156, 172, 177, 180, 192, 207, 208, 215, 224, 228, 233, 240, 249, 252, 260, 264, 271, 273, 276, 279, 280, 296, 297, 303, 312, 324, 332, 343, 348, 352, 361, 368, 369}

From Lemma 4 and Equation (20) we have:

$$\beta \in \left(z_1,z_2,z_3\right) \exists \left(\alpha ,\beta ,N\right) :{\alpha }^2=N^2-{\beta }^2, \alpha \ne \beta$$

The four Pythagorean triples are:

(135,352,377), (145,348,377), (152,345,377), (260,273,377)

Note that:

$$\exists \alpha :\left\{\alpha \right\}⊈\left\{\beta \right\} :\left\{135, 345\right\}$$

$\nexists \left\{\beta \right\}$ with $\gcd \left(\alpha ,\beta \right)=1$ are not solutions to the semi-prime. However, solutions can be found as follows [1,14]:

$$\left\{\alpha \right\}⊈\left\{\beta \right\}\Rightarrow \gcd \left(\alpha ,\beta \right)=1,$$

$$\left(135,352,377\right)\Rightarrow \gcd \left(135,352\right)=1,$$

$$x_1=\sqrt{\left(\frac{377-135}{2}\right)}=11, x_2=\sqrt{377-{11}^2}=16$$

$$377={11}^2+{16}^2$$

$$\left(152,345,377\right)\Rightarrow \gcd \left(152,345\right)=1$$

$$x_3=\sqrt{\left(\frac{377-345}{2}\right)}=4, x_4=\sqrt{377-4^2}=19$$

$$377=4^2+{19}^2$$

$$\stackrel{\scriptscriptstyle\mathrm{def}}{=}o=19-11=8, \stackrel{\scriptscriptstyle\mathrm{def}}{=}e=16-4=12, g=\gcd \left(8,12\right)=4$$

$$p_1={\left(\frac{\stackrel{\scriptscriptstyle\mathrm{def}}{=}o}{g}\right)}^2+{\left(\frac{\stackrel{\scriptscriptstyle\mathrm{def}}{=}e}{g}\right)}^2={\left(\frac{8}{4}\right)}^2+{\left(\frac{12}{4}\right)}^2=2^2+3^2=13$$

$$p_2=\frac{N}{p_1}=\frac{377}{13}=29$$

From Lemma 3 and Equation (15) we have:

$$\left(\alpha ,\beta ,N\right), c_1=\gcd \left(\alpha ,\beta \right), c_2=\frac{N}{c_1}$$

$$\left\{\alpha \right\}{{\displaystyle \cap }}^{ }\left\{\beta \right\}\Rightarrow \gcd \left(\alpha ,\beta \right)=c_1$$

$$\left(145,348,377\right)\Rightarrow \gcd \left(145,348\right)=29, \frac{377}{29}=13$$

$$\left(260,273,377\right)\Rightarrow \gcd \left(260,273\right)=13, \frac{377}{13}=29$$

$$N=c_1{c}_2=377=\left(13\right)\left(29\right)$$

From Lemma 2 we have:

The Pythagorean triples with prime factors from Equation (14) are given as follows:

$$\left(c_1{a}_2, c_1{b}_2, c_1{c}_2\right), \left(c_2{a}_1, c_2{b}_1,c_1{c}_2\right)$$

$$\left(a_1, b_1,c_1\right)=\left(5,12,13\right), \left(a_2,b_2, c_2\right)=\left(20,21,29\right)$$

$$\left(c_1{a}_2, c_1{b}_2, c_1{c}_2\right)=\left(13\ast 20, 13\ast 21, 377\right)=\left(260, 273, 377\right)\Rightarrow \gcd \left(260, 273\right)=13$$

$$\left(c_2{a}_1, c_2{b}_1,c_1{c}_2\right)=\left(29\ast 5, 29\ast 12, 377\right)=\left(145, 348, 377\right)\Rightarrow \gcd \left(145, 348\right)=29$$

Figure 1 provides a pictorial representation of Pythagorean triples with prime factors for the case example with N = 377.

Application Example 2. In computer security applications, the aim of a cryptosystem is to encrypt a message before communication, and only the authenticated user that has the right key can be able to decrypt the message, thereby enforcing message integrity, confidentiality, authentication, and privacy. Among several ciphers developed for this purpose, RSA is widely used in key exchange, digital signatures, and small blocks of data encryption. For the second application example, we consider RSA where the key is derived from a very large number (a semi-prime). Since determining the two prime factors of the large number is computationally difficult, research studies on evaluating the RSA and the factorization schemes are gaining attention [65,66,67]. Hence, we describe how our proposed semi-prime factorization method can be applied to factorize RSA quickly.

The steps involved in RSA encryption are given below:

• Pick two large prime numbers $c_1$ and $c_2$;
• Consider the semi-prime $N=c_1{c}_2$;
• Consider $\mathsf{\phi }\left(N\right)=(c_1-1)\ast \left(c_2-1\right)$;
• Choose an integer $e$ such that $1<e<\mathsf{\phi }\left(N\right)$ and gcd($e, \mathsf{\phi }\left(N\right))=1$;
• Compute $d$ such that $de\equiv 1 \left(\mathrm{mod} \mathsf{\phi }\left(N\right)\right)$.

While the public key $\left(N,e\right)$ is distributed for encrypting a message, the private key $\left(N,d\right)$ is kept a secret for decrypting the message only by an authorized entity. Hence, based on this RSA scheme, it is evident that with the factorization of $N$, we can compute $de\equiv 1 \left(\mathrm{mod} \mathsf{\phi }\left(N\right)\right)$ [68], which gives the private key $\left(N,d\right).$ When the factorization is efficient, RSA can be broken. The factoring challenge was introduced to identify the safety limits of the key length to be used for the RSA encryption algorithm that can ensure information security. Hence, researchers focus on mathematically proving the cryptanalytic strength using efficient RSA factorization methods.

Table 1. Application of the proposed semi-prime factorization method for RSA-768 attack.

$c_1{c}_2$$\mathrm{RSA}768$	123018668453011775513049495838496272077285356959533479219732245215 172640050726365751874520219978646938995647494277406384592519255732 630345373154826850791702612214291346167042921431160222124047927473 7794080665351419597459856902143413
${\left(c_1{c}_2\right)}^2$	151335927879520346290803999457322598363508796074958341058717144380 245872835312747521375274637572332720319718269519140130366434717995 557448975805325285592901195789698493475842912499609903738365207236 511522080338199512854710820317535056362120218189196094883472059867 670273711218840191206761008283107936158558105422755888818703810974 813042919826949446811902964522404849739464632596646341875606194756 2985467999013006479462484696511372504488571635778058519793619288569
$\beta$	122282464059209245992171436897658189706307595059665852419459721623 575268394641485120055721728993778585098737802795637062458727992772 215791535778942916633321748296084895133564298582155097077049551048 7891461504154220362780972595368188
$\stackrel{\alpha }{\sqrt{{\left(c_1{c}_2\right)}^2-{\beta }^2}}$	134384437923531027642685110944406395128150457221349204815473265992 860466317855675453545164265884545802321235838004890967990322730328 639778020385449818260083476767779296347341551505950443482805814798 593564305646242411389559844289235
$c_1\gcd \left(\alpha ,\beta \right)$	334780716989568987860441698482126908177047949837137685689124313889 82883793878002287614711652531743087737814467999489
$c_2$$\frac{\mathrm{RSA}768}{c_1}$	367460436667995904282446337996279526322791581643430876426760322838 15739666511279233373417143396810270092798736308917

demonstrates the application of our proposed semi-prime factorization method for a key length of 768 decimal digits, denoted as RSA-768. The sums of squares and polynomials have been explored for semi-prime factorization in previous research works [1,46,69]. However, there are more than 50 properties of Pythagorean triples that have been reported and new patterns yet to be explored [15,70]. In this research work, the proposed method has applied such unique patterns unexplored so far in the literature and maintains the algorithm’s order of computational complexity, similar to the existing approaches that have been evaluated and reported recently [71,72]. A recent experimental study employed the representation of primes in the form p = 6 · x ± 1 and applied the theory to the RSA factorization problem [73]. Another work shows the decomposition of the two prime numbers with the Pisano period factorization method, which has been proven to be a subexponential complexity method [74]. Several integer factorization methods have also suggested direct application to cryptanalysis of RSA by applying different genetic algorithms [75]. While genetic algorithms could be a promising avenue of research for integer factorization, they are computationally complex. This paper’s focus to involve new simple arithmetic operations while exploring unique structures of prime numbers has resulted in an efficient factorization.

In our computationally simple method, the need to square the number that is to be factorized could be considered a constraint for large semi-primes to be attacked quickly. An example for RSA-768 is given below, illustrating our method of squaring the number to achieve semi-prime factorization. Future work will be devoted towards how the inherent mathematical constraint can be overcome by reducing the solution search space. One method is to use low order prime multipliers congruent to 1 mod 4 (for example 5,13,50) to increase the likelihood of finding sums of three squares (and two squares) without the complexity of first squaring the number to be factored. An illustration of the complexity is given below. The likelihood of finding a solution, $\beta$, is sparse and becomes less likely for larger semi-primes, as shown below. Future work should explore reducing the search space implied by squaring of the semi-prime to be factored. $c_1{c}_2$$\mathrm{RSA}768$${\left(c_1{c}_2\right)}^2$$\beta$$\alpha$$\sqrt{{\left(c_1{c}_2\right)}^2-{\beta }^2}$$c_1\gcd \left(\alpha ,\beta \right)$$c_2$$\frac{\mathrm{RSA}768}{c_1}$

6. Conclusions and Future Research

In this paper, we proposed a new method for semi-prime factorization and emphasized its key contribution in the context of information security underpinned by the RSA cryptosystem of the current digital world. Some new ideas have resulted in a breakthrough of factoring the RSA-129 challenge number, but these were possible only after several years. Our novel method follows with the proof that the sum of fours squares of a semi-prime $c_1{c}_2$ has many solutions, but only one solution leads to factorization. The validation is fast, and the method uses a binary greatest common division approach with simple arithmetic operations to find the sum of two squares of one (or both) of the prime factors.

The sum of two squares has only two solutions and both are valid, though hard to find. Once these are known, previous work has proved that a modified Euler factorization can easily determine the prime factorization [1]. This paper was enhanced further by considering the sum of three squares, which has many solutions. However, the semi-prime must first be squared, resulting in larger numbers required to be processed. This is offset by the abundance of suitable solutions, leading to factorization successfully without affecting the order of computational complexity. The algorithm and the case examples have demonstrated the simplicity of our proposed method and its enhanced solution space, as compared to Fermat’s method. The complexity of our proposed approach was demonstrated using numerical illustrations, including the real-time factorization of the 768-bit number RSA-768.

It is noted that for extremely large semi-primes, the search space may be constrained with the need to square the semi-prime. One approach to address this is highlighted and forms the key motivation for future research. In this context, one of the properties of semi-primes that forms a motivation for future research is given as follows: once the sum of three squares is known, the squares themselves form trees. Hence, reducing the solution search space of these trees for such cases, using our earlier associated research work, will be quite promising to explore.