Factoring appendix

lecture-notes.tex

@@ -81,7 +81,7 @@ \part{Conclusions}
 
 \appendix
 \part{Appendices}
-\include{lectures/app-factor}
+\include{lectures/lec06-app}
 
 \backmatter
 

lectures/app-factor.tex → lectures/lec06-app.tex

@@ -1,5 +1,5 @@
 \chapter{Factoring integers}
-\label{sec:fact:bg}
+\label{sec:fact}
 
 The problem of integer factorization was central to 20th-century cryptography.
 Breaking the one-wayness of the RSA trapdoor one-way function (\cref{chap:rsa}), for example,
@@ -11,6 +11,7 @@ \chapter{Factoring integers}
 Throughout, let $n = \lceil \log_2 N \rceil$ be the bitlength of the number to factor.
 
 \section{Background}
+\label{sec:fact:bg}
 
 \paragraph{Trial division.}
 We can factor $N$ by trying to divide $N$ by each of the primes of size $\leq \sqrt N$

lectures/lec06.tex

@@ -282,6 +282,9 @@ \subsection{Why should the RSA function be hard to invert?}
       (We will say more on this in a moment.)
       Since the best algorithms for factoring run in time roughly $2^{\sqrt[3]{\log N}} = 2^{\sqrt[3]{\lambda}}$,
       this approach is infeasible at present without knowing the factorization of $N$.
+      \marginnote{In \cref{sec:fact} we present a factoring algorithm that runs
+      in sub-exponential time $2^{\sqrt{\log N \log \log N}}$.
+}
 
 \item \textbf{Find a root over the integers} and reduce it modulo $N$.\marginnote{Actually,
       it suffices to find a root over the rational numbers, but the distinction isn't important here.}