In the fastest-performing integer factoring algorithms, one creates a sequence of integers (in a pseudo-random way) and wishes to rapidly determine a subsequence whose product is a square. In 1994 Pomerance stated the following problem which encapsulates all of the key issues: Select integers a1,a2,…, at random from the interval [1,x], until some (nonempty) subsequence has product equal to a square. Find a good estimate for the expected stopping time of this process. A good solution should allow one to determine the optimal choice of parameters in many factoring algorithms.
Pomerance (1994), using an idea of Schroeppel (1985), showed that with probability 1−o(1) the first subsequence whose product equals a square occurs after at least J1−o(1)0 integers have been selected, but no more than J0, for an appropriate (explicitly determined) J0=J0(x). We tighten Pomerance’s interval to
where γ=0.577… is the Euler-Mascheroni constant, and believe that the correct interval is [(e−γ−o(1))J0,(e−γ+o(1))J0], a “sharp threshold”. In our proof we confirm the well-established belief that, typically, none of the integers in the square product have large prime factors.
The heart of the proof of our upper bound lies in delicate calculations in probabilistic graph theory, supported by comparative estimates on smooth numbers using precise information on saddle points.