Asymptotic semismoothness probabilities

Abstract

We call an integer semismooth with respect to y and z if each of its prime factors is y, and all but one are z. Such numbers are useful in various factoring algorithms, including the quadratic sieve. Let G(; ) be the asymptotic probability that a random integer n is semismooth with respect to n and n. We present new recurrence relations for G and related functions. We then give numerical methods for computing G ,t ables of G, and estimates for the error incurred by this asymptotic approximation.

Full text

MATHEMATICS OF COMPUTATION
Volume 65, Number 216
October 1996, Pages 1701–1715
ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES
ERIC BACH AND REN´
E PERALTA
Abstract. We call an integer semismooth with respect to yand zif each of
its prime factors is ≤y, and all but one are ≤z. Such numbers are useful in
various factoring algorithms, including the quadratic sieve. Let G(α, β )bethe
asymptotic probability that a random integer nis semismooth with respect to
nβand nα. We present new recurrence relations for Gand related functions.
We then give numerical methods for computing G,tablesofG, and estimates
for the error incurred by this asymptotic approximation.
1. Introduction
Many number-theoretic algorithms, such as the quadratic sieve factoring method
[19], rely on auxiliary numbers whose prime factors lie within prescribed bounds.
In practice, one often uses so-called “large prime” versions of these algorithms, in
which the auxiliary numbers are composed of one moderately large prime factor and
a number of smaller ones. In analyzing these, it is useful to know the asymptotic
probability that a random number has this form. In this paper, we show how to
compute this probability quickly and accurately and assess the accuracy of our
asymptotic approximations.
Following Knuth and Trabb Pardo [8], we factor a positive integer nuniquely
as n=n1n2...,whereeachn
iis prime, and n1≥n2≥....Inotherwords,n
iis
the ith largest prime factor of n, counted by multiplicity. If iis greater than the
number of prime factors, we define nito be 1.
We will say that nis semismooth with respect to yand zif n1≤yand n2≤z.
That is, all the prime factors of nare bounded by z, with the possible exception of
a prime factor bounded by y.Welet
Ψ(x, y, z)=#{n≤x:n
1≤y, n2≤z}.
This generalizes de Bruijn’s function [3]
Ψ(x, y)=#{n≤x:n
1≤y}.
We will prove that for every α, β satisfying 0 <α<β<1,
G(α, β) = lim
x→∞ Ψ(x, xβ,x
α)/x(1.1)
Received by the editor December 14, 1992 and, in revised form, July 5, 1994 and October 23,
1995.
1991 Mathematics Subject Classification. Primary 11N25; Secondary 11Y05, 11Y70.
The first author was supported in part by NSF Grants DCR-8552596 and CCR-9208639. The
second author was supported in part by NSF Grant CCR-9207204.
c
1996 American Mathematical So ciety
1701

1702 ERIC BACH AND REN´
E PERALTA
exists. This should be thought of as the asymptotic joint distribution of the relative
lengths of n1and n2. Thus, the function σ(u, v)=G(1/u, 1/v) can be considered
a two-dimensional analog of Dickman’s well-known rho function.
The function Gsatisfies some interesting recurrence relations. In §3 we use these
to show the limit in (1.1) exists, and to estimate the rate of convergence. In §4
we discuss methods for computing Gnumerically and tabulate the results in §5.
Finally, §6 discusses the accuracy of our asymptotic approximations.
2. Background
The Dickman rho function is defined for real x≥0bytherelation
ρ(x)=(1if0≤x≤1,
1
x
R
x
x−1
ρ(t)dt otherwise.
(2.1)
We al s o l et F(α )=ρ(1/α).
Norton [17] surveys some useful properties of the rho function, which we sum-
marize here. First, 0 <ρ(x)≤1, and
ρ0(x)=−ρ(x−1)/x(2.2)
when x≥1(atx= 1 we take the right derivative). This implies that ρis non-
increasing, and |ρ0(x)|≤1. In fact, the rho function decreases very rapidly for large
x;wehaveρ(x)≤1/x!.
The differential-delay equation (2.2) implies that ρis piecewise analytic. More
precisely, there is an analytic function ρkagreeing with ρ(x)whenk−1≤x≤k,
for k=1,2,3,... . We have, for example, ρ1=1,andρ
2=1−log x.Itisalso
easy to see that ρbelongs to the class Ckon the interval [k, ∞).
Let π(x) denote the number of primes ≤x, and let li(x)=Rx
0dt/ log t(the
Cauchy principal value is intended here). We will use the prime number theorem,
in the form
π(x) = li(x)+O(x
logcx);(2.3)
this relation holds for any c>0. We write (x) for the error term, so that π(x)=
li(x)+(x). Schoenfeld proved, assuming the Riemann hypothesis, that
|(x)|<(√xlog x)/(8π)(2.4)
provided x≥2,657. (See (6.18) of [22].)
The prime number theorem implies
X
p<x
1
p=loglogx+O(1)(2.5)
and
X
p<x
1
plog p=O(1).(2.6)
Let 0 <α<1. Results of de Bruijn imply that if 0 <α≤γand tα≥2, we have
Ψ(t, tγ)=tF (γ)+O(t
αlog t).(2.7)
(To prove this, combine (1.4) and (5.3) of [3] with (2.3) above, taking c=4.)
In results such as the above, an unadorned “O” symbol indicates an absolute
constant.

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1703
3. Recurrence relations for smoothness distributions
Many of the useful properties of asymptotic smoothness distributions can be
derived from a simple heuristic model, which we call random bisection . The idea is
that asymptotically, the relative lengths of the prime factors of a random number
can be obtained by choosing a random λuniformly from (0,1)—this gives the
relative length of the first factor—and then proceeding recursively with the smaller
interval (0,1−λ). (This was previously applied to prime factorizations in [1].)
To illustrate, we derive a recurrence for F(α), the asymptotic probability that
none of n’s prime factors exceed nα. This is the probability that all lengths chosen
by random bisection are ≤α; conditioning on the first length λ, we should have
F(α)=Zα
0
F(α
1−λ
)dλ.(3.1)
This is equivalent to (2.1), as the substitutions t=(1−λ)/α and x=1/α show.
Using a similar argument, one can deduce that F2(α), the asymptotic probability
that n2≤nα, should satisfy
F2(α)=Zα
0
F
2
(α
1−λ
)dλ +Z1
α
F(α
1−λ)dλ.(3.2)
(Compare with (3.8) and (3.11) of [8].)
Now, we let G(α, β) denote the asymptotic probability that n2≤nαand n1≤
nβ. Again by conditioning on the first length λ, we conclude that G, if it exists,
should satisfy
G(α, β)=Zα
0
G(α
1−λ
,β
1−λ
)dλ +Zβ
α
F(α
1−λ)dλ.(3.3)
We will prove this rigorously below, using a different relation for Gthat is not
as easy to motivate:
G(α, β)=F(α)+Zβ
α
Fα
1−λdλ
λ.(3.4)
We can, however, give it a probabilistic interpretation. We condition on the largest
length λproduced by random bisection. Either λ≤α(which accounts for the term
F(α)), or it lies between αand β. The second event contributes a term
Zβ
α
Pr[λ(2) ≤α|λ(1) =λ]dF (λ).
(Here λ(1) >λ
(2) >··· are the lengths produced by random bisection, in sorted
order.) The distribution of λ(1) is absolutely continuous; from (2.2), we get
dF (λ)=F(λ
1−λ
)
dλ
λ.
Because (3.4) holds for arbitrary α≤β, a standard theorem of analysis (see [23, p.
360]) implies that we can take
Pr[λ(2) ≤α|λ(1) =λ]=F(α
1−λ
)/F (λ
1−λ).(3.5)
So far, we have relied on heuristic arguments. We now prove (3.4) and (3.3).

1704 ERIC BACH AND REN´
E PERALTA
Theorem 3.1. If 0<α<β<1,then
Ψ(x, xβ,x
α)=xF (α)+xZβ
α
Fα
1−λdλ
λ+O(log(α−1)
α(1 −β)
x
log x).
Therefore, the limit
G(α, β) = lim
x→∞ Ψ(x, xβ,x
α)/x
exists, and satisfies (3.4).
Proof. The basic idea of the proof is to carefully repeat the conditioning argument
for (3.4), employing a uniform estimate for the Ψ function and the prime number
theorem.
We have
Ψ(x, xβ,x
α)= X
p≤x
α
#{n≤x:n
1=p}+X
x
α
<p≤xβ
#{n≤x:n1=p, n2≤xα}.
(3.6)
For the first sum, we have
X
p≤xα
#{n≤x:n1=p}=#{n≤x:n
1≤x
α
}=xF (α)+O(x
αlog x).
The second sum requires more work. We first observe that
X
xα<p≤xβ
#{n≤x:n1=p, n2≤xα}=X
xα<p≤xβ
#{m≤x/p :m1≤xα}
=X
xα<p≤xβ
#{m≤x/p :m1≤(x/p)α
1−log p/ log x}.(3.7)
When xα<p≤x
β
,
0≤α< α
1−α<α
1−log p/ log x≤α
1−β.
The estimate (2.7) applies, so
X
xα<p≤xβ
#{m≤x/p :m1≤(x/p)α
1−log p/ log x}
=X
xα<p≤xβ
x
pF(α
1−log p/ log x)+O(1
αX
x
α
<p≤xβ
x/p
log(x/p)).
Applying (2.5) and (2.6), we get
Ψ(x, xβ,x
α)=xF (α)+ X
x
α
<p≤xβ
x
pF(α
1−log p/ log x)+O(log(α−1)
α(1 −β)
x
log x).
(3.8)
Using Stieltjes integration, we have
X
xα<p≤xβ
1
pF(α
1−log p/ log x)=Zx
β
x
α
ρ(
1−log t/ log x
α)dπ(t)
t.(3.9)

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1705
If we integrate by parts, substitute π(t) = li(t)+(t), and recombine the terms
involving li(t), we obtain
Zxβ
xα
ρ(1−log t/ log x
α)dπ(t)
t=Zxβ
xα
ρ(1−log t/ log x
α)dt
tlog t
+hρ(1−log t/ log x
α)(t)
tixβ
xα−Zxβ
xα
d
dt1
tρ(1−log t/ log x
α)(t)dt.
(3.10)
We now show the error terms in (3.10) are small. Using |ρ|≤1 and (2.3) (with
c= 1), we obtain
hρ(1−log t/ log x
α)(t)
tixβ
xα=O(1
αlog2x).
After differentiating the quotient and estimating each resulting term separately, we
get
Zxβ
xα
d
dt1
tρ(1−log t/ log x
α)(t)dt =OZxβ
xα
dt
tlog2t=O(1
αlog x).
This shows that
Ψ(x, xβ,x
α)=xF (α)+Zx
β
x
α
ρ(1−log t/ log x
α)dt
tlog t+O(log(α−1)x
α(1 −β)logx).
Making the substitution λ=logt/ log x, we obtain the first statement of the theo-
rem. The second follows from dividing by xand letting x→∞.
The novelty in the above theorem is a careful estimate of the error term. Knuth
and Trabb Pardo gave (3.4) for the special case β=2α. Weaker statements of
Theorem 3.1 (that is, without error estimates) appear in [9] and [15]. We now
prove (3.3), which we believe to be new.
Theorem 3.2. We have
G(α, β)=Zα
0
G(α
1−λ
,β
1−λ
)dλ +Zβ
α
F(α
1−λ)dλ.
Proof. If 0 <γ<1, we have
F(γ)=Zγ
0
F(γ
1−ζ)dζ.
Now substitute ζ=λ/(1 −ν)andγ=α/(1 −ν), and rearrange terms to obtain
F(α
1−ν)=Zα
0
F(α
1−ν−λ
)dλ +νF(α
1−ν).
If we divide this by ν, integrate over α≤ν≤β, reverse the order of integration,
and substitute ν=(1−λ)µ,weget
Zβ
α
F(α
1−ν
)
dν
ν=Zα
0
dλ Zβ
1−λ
α
1−λ
F(α
(1 −λ)(1 −µ))dµ
µ+Zβ
α
F(α
1−ν)dν.

1706 ERIC BACH AND REN´
E PERALTA
If we add F(α)=Rα
0F(α/(1 −λ))dλ to both sides and apply (3.4), we get
G(α, β)=F(α)+Zβ
α
F(α
1−ν)dν
ν
=Zα
0
dλhZβ
1−λ
α
1−λ
F(α
(1 −λ)(1 −µ))dµ
µ+F(α
(1 −λ))i+Zβ
α
F(α
1−ν)dν
=Zα
0
G(α
1−λ,β
1−λ)dλ +Zβ
α
F(α
1−λ)dλ.
4. Numerical methods
Several authors have discussed computing smoothness distributions such as the
Dickman rho function. We briefly discuss this work and then present our numerical
methods for the semismoothness distribution G.
Implicit in the random bisection idea is the notion that smoothness distributions
can be computed by Monte Carlo methods. This was done for the rho function by
Chamayou [5], albeit with a different probabilistic model than ours. Although
one could also approximate Gby simulation, we have not done this because the
probabilities of current interest are so small.
It is also possible to combine a recurrence relation with numerical integration.
This was done by van de Lune and Wattel [13] and Knuth and Trabb Pardo [8]. For
example, replacing the integral in (2.1) with an appropriate quadrature rule gives
a linear equation that can be solved to obtain an approximation to ρ(x). Either of
the relations (3.3) and (3.4) can be used in this way to compute G. In practice,
however, we were dissatisfied with the performance of the resulting methods. Use
of the recurrence relation (3.3) involves computing values of Gin a two-dimensional
region and interpolating the values on a line of integration. The relation (3.4) is
more useful, as it only relies on values of F(i.e., ρ); however, one needs an accurate
table of this function before numerical integration is feasible.
The best methods for calculating ρare based on the following idea. Recall
that there is an analytic function ρkthat agrees with ρon the interval [k−1,k].
Knowing the Taylor series for ρk, one can use (2.2) to get the Taylor series for ρk+1
up to a constant term, which can be then determined from (2.1). This was used by
Cheer and Goldston [6], Marsaglia, Zaman, and Marsaglia [14], and Patterson and
Rumsey [18] to evaluate ρand similar functions.
To compute G, we used Patterson and Rumsey’s method for ρ,whichwesum-
marize as follows. (Its derivation is similar to §3 of [6].) Let 0 ≤ξ≤1. Define
coefficients c(k)
iby
ρk(k−ξ)=
∞
X
i=0
c(k)
iξk,k=1,2,... .
Then we have
c(1)
0=1,c
(0)
i=0for i≥1,
c
(2)
0=1−log 2,c
(2)
i=1/(i2
i
)fori≥1,(4.1)

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1707
and for k>2
c
(k)
i=
i−1
X
j=0
c(k−1)
j
iki−j,(4.2)
with
c(k)
0=1
k−1
∞
X
j=1
c(k)
j
j+1.(4.3)
It can be shown that 0 ≤c(k)
i≤1/2i,sothatm+ 1 terms of the series will
approximate ρkwithin an (absolute) error of 2−m. Empirically, we found that 55
coefficients were enough to compute ρto IEEE standard double precision (relative
error about 10−17) in the range 0 ≤x≤20.
Although this suffices for our purposes, we remark that the method of [14] is
superior when one wishes to compute ρ(x) to high precision. It expands ρkin
circles of radius 1/2 about k−1/2, using simpler recurrences than (4.1)–(4.3). (We
do call attention to one oversight in [14]: the authors state that “ρ(x) behaves
asymptotically like xαx,” and provide data suggesting that α.
=−1.18. However,
de Bruijn [4] proved that log ρ(x)∼−xlog xas x→∞,soα=−1.)
Our method for computing Guses (3.4), together with term-by-term integration
of the Taylor series determined by (4.1)–(4.3). Rather than use (3.4) directly, it is
more convenient to work with σ(u, v)=G(1/u, 1/v), which satisfies
σ(u, v)=ρ(u)+Zu
v
ρ(u−u/t)dt
t.
(To prove this, make the substitutions α=1/u,β=1/v,andλ=1/t in (3.4).)
We define
J(u, v, w)=Zu
v
ρ(w−w/t)dt
t,
so that
σ(u, v)=ρ(u)+J(u, v , u).
We now show how to compute J(u, v, w). Let k=dw−w/ue, and define ξ(t)
by w−w/t =k−ξ(t).
If ξ(t)∈[0,1] for v≤t≤u, we can proceed as follows:
J(u, v, w)=Zu
v
ρ(k−ξ(t)) dt
t=
∞
X
i=0
c(k)
iZu
v
ξ(t)idt
t
=
∞
X
i=0
c(k)
iZw/v
w/u
(η+k−w)i
ηdη.
(Here we have substituted η=w/t.) If Hi(u, v, w)=Rw/v
w/u
(η+k−w)i
ηdη, then writing
(η+k−w)i/η as (η+k−w)i−1+(η+k−w)
i−1(k−w)/η gives
Hi(u, v, w)=(log(u/v)ifi=0,
(w/v+k−w)i−(w/u+k−w)i
i+(k−w)H
i−1(u, v, w)otherwise.

1708 ERIC BACH AND REN´
E PERALTA
Solving the recurrence yields
Hi(u, v, w)=C
i
log(u/v)+
i
X
j=1
(A/C)j
j−
i
X
j=1
(B/C)j
j
,(4.4)
where A=w/v +k−w,B=w/u +k−w,andC=k−w.
Thus, in the case ξ(t)∈[0,1], we have
J(u, v, w)=
∞
X
i=0
c(k)
iHi(u, v, w),(4.5)
where the Hi’s are defined by (4.4). If ξ(t)6∈ [0,1], we must split the integral. Note
that when t=w/(w−k+1), we have ξ(t) = 1, that is, w−w/t =k−1. In this
case, we have
J(u, v, w)=Z
w/(w−k+1)
v
ρ(w−w/t)dt
t+Zu
w/(w−k+1)
ρ(w−w/t)dt
t
=J(w/(w−k+1),v,w)+J(u, w/(w−k+1),w).
The second integral can be computed via (4.5) and the first integral is computed
recursively. We note that the integral is split if and only if v<w/(w−k+1).
We can bound the recursion depth for computing J(u, v, u) by observing that at
the ith recursive step, uis replaced by u/(1 + i−r), where r=due−u. (This can
be verified by induction on i.) From this it can be seen that the integral is split no
more than u/v times.
If we approximate J(u, v, w)bynterms of the series (4.5), the tail is bounded
by
∞
X
i=n+1
c(k)
iZu
v
ξ(t)idt
t≤
∞
X
i=n+1
c(k)
iZu
v
dt
t
= log(u/v)
∞
X
i=n+1
c(k)
i
≤log(u/v)
∞
X
i=n+1
(1/2)i
=log(u/v)
2n
when ξ(t)∈[0,1]. When computing J(u, v, u), the integral is split into at most u/v
pieces, so the total error is at most ulog(u/v)
v2n.
Some care is required in the computation of Hi(u, v, w), because massive cancel-
lation occurs in (4.4) when iis large. We deal with this in the following way. In
any recursive call (i.e., not the top level), it can be shown that 0 ≤A≤1, B=0,

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1709
and C<−1. For these cases, we replace (4.4) by the convergent series
Hi(u, v, w)=
∞
X
j=i+1
Bj
Cj−ij−
∞
X
j=i+1
Aj
Cj−ij.(4.6)
At the top level, A/C and B/C are unbounded, and naive use of (4.4) can lead to
overflow whenever Cis close to 0. Here, in our calculations we replaced (4.4) by
the equivalent form
Hi(u, v, w)=C
ilog(u/v)+
i
X
j=1
Aj
Cj−ij−
i
X
j=1
Bj
Cj−ij
(4.7)
whenever |C|<0.2.
5. Table s
In this section we give tables of the asymptotic semismoothness distribution,
computed with the methods of §4. Our calculations used 22 terms of the Taylor
series for ρk(x) and 22 terms in the expansion given by (4.5).
As a check on our computations we used an independent computation of G(α, 2α)
(using (3.2) and numerical integration), as well as Table 1 in [8]. This table includes
values of G(α, α)=ρ(α
−1
), as well as values of G(α, 2α). Our results agree with
[8] to seven significant figures.
Table 1 s h ow s σ( u, v)=G(
1
u,1
v)foru, v in the range 2 ≤u≤20 and 2 ≤v≤10.
Of particular interest nowadays are values of G(α, β)for(α, β) near (1/12,1/7.5).
This is so because recent implementations of the multiple polynomial quadratic
sieve are designed to factor 100-digit cryptographic integers (i.e., products of two
large primes), using auxiliary 60-digit numbers which are semismooth with re-
spect to bounds near 108and 105. It is believed that these auxiliary numbers are
semismooth with the same probability as random numbers, so that the bulk of
the algorithm’s work can be viewed as a search for semismooth numbers among
what are essentially random 60-digit numbers. Thus the probability of a “hit” is
given by Ψ(1060,108,105), which is approximately G(1/12,1/7.5) (for details, see
[10]). Most other factoring algorithms also allow for a “large prime” variation (see
[15, 16]). Semismoothness tables should be of aid in choosing optimal parameters
for these algorithms as well.
Table 2 gives values of G(α, β)forαand βin the current range of interest for
factorization algorithms.
We observe that, in the range of Table 2, log(σ(u, v)) is almost linear in u, v.
By analogy with known approximations to Dickman’s rho function we performed a
least squares fit of a linear function of ulog u, v log v. The resulting approximation
is
σ(u, v)≈e4.55219−0.933064ulog u−0.280283vlog v.(5.1)
In the range of Table 2, this approximation has a relative error of no more than
30% (the error increases rapidly outside this range). The approximation also shows
that σ(u, v) is much more dependent on uthan on v.

1710 ERIC BACH AND REN´
E PERALTA
Table 1 . Val ues of σ( u, v)=G(1/u, 1/v)for2≤u≤20 ; 2 ≤v≤10
u v
2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0
2.0 3.068528e-01 —– —– —– —– —– —– —– —–
3.0 2.246518e-01 4.860839e-02 —– —– —– —– —– —– —–
4.0 9.639901e-02 2.465561e-02 4.910926e-03 —– —– —– —– —– —–
5.0 3.079212e-02 6.144568e-03 1.849280e-03 3.547247e-04 —– —– —– —– —–
6.0 8.511187e-03 1.092267e-03 3.127192e-04 1.051674e-04 1.964970e-05 —– —– —– —–
7.0 2.184024e-03 1.596965e-04 3.754974e-05 1.317947e-05 4.778139e-06 8.745670e-07 —– —– —–
8.0 5.297043e-04 2.058327e-05 3.662652e-06 1.179057e-06 4.696284e-07 1.796314e-07 3.232069e-08 —– —–
9.0 1.221795e-04 2.418992e-06 3.097157e-07 8.573660e-08 3.319264e-08 1.439810e-08 5.732620e-09 1.016248e-09 —–
10.0 2.684198e-05 2.633999e-07 2.352672e-08 5.382861e-09 1.915717e-09 8.358903e-10 3.855071e-10 1.583472e-10 2.770172e-11
11.0 5.627512e-06 2.679280e-08 1.637888e-09 3.019323e-10 9.556196e-11 3.985501e-11 1.890085e-11 9.128686e-12 3.844123e-12
12.0 1.128672e-06 2.559021e-09 1.057229e-10 1.544758e-11 4.254912e-12 1.647475e-12 7.654740e-13 3.859215e-13 1.932249e-13
13.0 2.170148e-07 2.304231e-10 6.373298e-12 7.303377e-13 1.725544e-13 6.086492e-14 2.698020e-14 1.355061e-14 7.158754e-15
14.0 4.009759e-08 1.962928e-11 3.606489e-13 3.218087e-14 6.459110e-15 2.048898e-15 8.518898e-16 4.157376e-16 2.213880e-16
15.0 7.134198e-09 1.587081e-12 1.923443e-14 1.329397e-15 2.252007e-16 6.367265e-17 2.454356e-17 1.145796e-17 6.005714e-18
16.0 1.224713e-09 1.221450e-13 9.701521e-16 5.171612e-17 7.360498e-18 1.843517e-18 6.534072e-19 2.887008e-19 1.467795e-19
17.0 2.032238e-10 8.971949e-15 4.641835e-17 1.901399e-18 2.266007e-19 5.005962e-20 1.621962e-20 6.731238e-21 3.286696e-21
18.0 3.265002e-11 6.304945e-16 2.112631e-18 6.627200e-20 6.595740e-21 1.281259e-21 3.779199e-22 1.465048e-22 6.821566e-23
19.0 5.086645e-12 4.248307e-17 9.169125e-20 2.195713e-21 1.820808e-22 3.103008e-23 8.307233e-24 2.996162e-24 1.323455e-24
20.0 7.695287e-13 2.750199e-18 3.803595e-21 6.932224e-23 4.779992e-24 7.133404e-25 1.729532e-25 5.786581e-26 2.415504e-26

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1711
Table 2 . Val ues o f σ( u, v )=G(1/u, 1/v) for 10 ≤u≤15; 6 ≤
v≤9
u v
6.0 6.5 7.0 7.5 8.0 8.5 9.0
10.0 1.915717e-09 1.246194e-09 8.358903e-10 5.685742e-10 3.855071e- 10 2.548590e-10 1.583472e-10
10.5 4.347011e-10 2.790060e-10 1.862869e-10 1.273550e-10 8.785696e- 11 6.019803e-11 4.010645e-11
11.0 9.556196e-11 6.027060e-11 3.985501e-11 2.719972e-11 1.890085e- 11 1.319996e-11 9.128686e-12
11.5 2.042300e-11 1.261597e-11 8.230457e-12 5.579976e-12 3.879851e- 12 2.734419e-12 1.930373e-12
12.0 4.254912e-12 2.567571e-12 1.647475e-12 1.105464e-12 7.654740e- 13 5.408660e-13 3.859215e-13
12.5 8.660935e-13 5.094235e-13 3.206906e-13 2.123547e-13 1.459152e- 13 1.028856e-13 7.371953e-14
13.0 1.725544e-13 9.875063e-14 6.086492e-14 3.967965e-14 2.698020e- 14 1.891864e-14 1.355061e-14
13.5 3.369911e-14 1.873623e-14 1.128729e-14 7.230573e-15 4.854135e- 15 3.375809e-15 2.408918e-15
14.0 6.459110e-15 3.484569e-15 2.048898e-15 1.287611e-15 8.518898e- 16 5.863181e-16 4.157376e-16
14.5 1.216276e-15 6.360275e-16 3.645830e-16 2.244685e-16 1.461324e- 16 9.936033e-17 6.986140e-17
15.0 2.252007e-16 1.140545e-16 6.367265e-17 3.836313e-17 2.454356e- 17 1.646200e-17 1.145796e-17
6. Error analysis
In this section, we consider the question of how closely asymptotic distributions
such as ρand σapproximate actual smoothness probabilities. We will show, in
a certain sense, that if ρis a good approximation to the smoothness distribution,
then σis a good approximation to the semismoothness distribution.
We first consider the question of whether xρ(u) is a good approximation to
Ψ(x, x1/u). This is of practical importance since asymptotic relations such as
xρ(u)∼Ψ(x, x1/u) do not guarantee that ρ(u) is a good approximation to the
probability of 1/u-smoothness for any numbers of practical interest.
For example, from results of Ramaswami [20] (cited as equations 3.7 and 3.8 of
[17]) and Knuth and Trabb Pardo [8], we know that
Ψ(x, x1/u)=xρ(u)+x(1 −γ)ρ(u−1)
log x+O(x
log2x),
and therefore
Ψ(x, x1/u)
xρ(u)=1+ρ(u−1)
ρ(u)
(1 −γ)
log x+O(1
ρ(u)log
2x).
(Here, γ=0.5772... is Euler’s constant.) The unknown part of the relative error is
O(1
ρ(u)log
2x).(6.1)
Taking the crude approximation ρ(u)≈u−u, we note that for (6.1) to be small,
we need log xuu/2. This is not likely to be attained in practical situations; for
example, if u=7.5andx=10
60,wehave(u
−ulog2x)−1= 191.5.
On the other hand, accurate tables of ρ(u) have been available for at least two
decades, going well beyond the values of uneeded to evaluate current factoring
methods. As far as we know, no discrepancy has been observed between values of
the rho function and smoothness probabilities, in the range of interest to algorithm
designers. For example, Table 3 exhibits smooth number counts found by Odlyzko
(from [21]); as soon as the predicted count of smooth numbers is moderately large,
one finds reasonable agreement with the rho function. (We note that Odlyzko only
counted numbers whose prime power factors are small, a definition more stringent
than ours.)

1712 ERIC BACH AND REN´
E PERALTA
Table 3 . Counts of even 2k-smooth numbers in [1015 ,1015 +2×105]
kcount u=log(1015)
log(2k)105ρ(u)ratio
6 0 8.305 0.001144 0.000
7 0 7.118 0.05981 0.000
8 1 6.229 0.9810 1.019
9 6 5.537 7.727 0.777
10 27 4.983 37.18 0.726
11 110 4.530 126.6 0.869
12 326 4.152 336.0 0.970
13 691 3.833 739.3 0.935
14 1425 3.559 1416 1.006
15 2416 3.322 2425 0.996
16 3852 3.114 3816 1.009
17 5691 2.931 5616 1.013
18 7979 2.768 7823 1.020
Therefore, we will simply take as given that ρis a good approximation to smooth-
ness probabilities; investigating this question further is beyond the scope of this
paper. We proceed from this assumption to study the question of when σ(u, v)is
a good approximation to Ψ(x, x1/u,x
1/v )/x.
The following theorem states that if Fis a good approximation to the smoothness
distribution, then Gis a good approximation to the semismoothness distribution.
In this result, αand βsatisfy 0 <α<β<1, and ρ(x) is extended to be 1 for
negative numbers.
Theorem 6.1. Assume the Riemann hypothesis. Choose c1and c2so that
c1≤Ψ(t, tγ)
tF (γ)≤c2
whenever α
1−α≤γ≤α
1−βand t≥x1−β. Then, if xα≥2,657, we have
c1(1 −∆) ≤Ψ(x, xβ,x
α)
xG(α, β)≤c2(1 + ∆),
where
|∆|≤ β
4πG(α, β)"2ρ(1−β
α)+ ρ(1−α−β
α)
(1 −β)logx#log x
xα/2.(6.2)
Proof. From (3.6) and (3.7) we obtain
Ψ(x, xβ,x
α)=Ψ(x, xα)+ X
x
α
<p≤xβ
Ψ(x/p, (x/p)α
1−log p/ log x).(6.3)
From the definition of c2, plus (3.9) and (6.3), we have
c−1
2Ψ(x, xβ,x
α)≤xF (α)+xX
x
α
<p≤xβ
1
pF(α
1−log p/ log x)
=xF (α)+xZx
β
x
α
ρ(1−log t/ log x
α)dπ(t)
t.

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1713
Using (3.4) and (3.10), and writing λ(t)=logt/ log x,wehave
c
−1
2Ψ(x, xβ,x
α)≤xF (α)+xZx
β
x
α
ρ(1−λ(t)
α)dt
tlog t+xE1(α, β, x)+xE2(α, β, x)
=xG(α, β)+xE1(α, β, x)+xE2(α, β, x),
(6.4)
where
E1(α, β, x)=hρ(
1−λ(t)
α)
(t)
tix
β
x
α=ρ(
1−β
α)
(x
β
)
x
β−ρ(
1−α
α)
(x
α
)
x
α
(6.5)
and
E2(α, β, x)=−Zx
β
x
α
d
dt1
tρ(1−λ(t)
α)(t)dt
=Zxβ
xα
(t)t−2ρ(1−λ(t)
α)+ρ
0
(1−λ(t)
α)/(αlog x)dt.
(6.6)
Schoenfeld’s bound (2.4) (which assumes the Riemann hypothesis) and (6.5) imply
|E1|≤log x
8πρ(1−β
α)βx−β/2+ρ(1−α
α)αx−α/2≤log x
4πρ(1−β
α)βx−α/2.
(6.7)
Similarly, but using (2.2) and (6.6), we have
|E2|≤Zx
β
x
α
log t
8πt3/2ρ(1−λ(t)
α)+ρ(1−λ(t)
α−1)/(log x−log t)dt.
So far, we have assumed that ρ(x)=0whenx<0. If we redefine ρ(x)tobe1
when x<0, the inequality above still holds, and we have made ρmonotonic. Using
this new extension of ρ, we find
|E2|≤ A
8πZx
β
x
α
t
−3/2log tdt≤Aβ log x
8πZ∞
xα
t−3/2dt =Aβ log x
4πx−α/2,
(6.8)
where Adenotes the expression
ρ(1−β
α)+ρ(1−α−β
α)1
(1 −β)logx.
Let
∆(α, β, x)= (E
1+E
2
)
G(α, β);
then (6.4), the inequalities (6.7) and (6.8), and a little algebra give the upper bound
in the theorem. The lower bound is proved by an entirely analogous argument,
starting with the estimate Ψ(t, tγ)≥c1tF (γ).
With the help of Theorem 6.1, the extra relative error incurred by using the
asymptotic two-dimensional smoothness distribution can be explicitly estimated.
For exa m p l e, if x≈1060,α=1
12 ,andβ=1
7.5
, then (6.2) gives |∆|≤0.062.

1714 ERIC BACH AND REN´
E PERALTA
We also remark that Theorem 6.1 can be improved slightly at some cost in
readability. For example, the first inequalities in (6.7) and (6.8) could be used
directly (note that the first integral in (6.8) can be expressed in closed form).
In a certain sense, Theorem 6.1 ascribes most of the error in the approximation
Ψ(x, xα,x
β)≈xG(α, β)
to the use of the rho function. Hildebrand [11] proved that if the Riemann hypoth-
esis holds, then
Ψ(x, xα)=xF (α)1+O(log(α−1)
αlog x),(6.9)
as x→∞. However, Theorem 6.1 and equation (3.4) imply that
∆=O(
log x
xα/2),
which is asymptotically much smaller than the relative error in (6.9).
7. Addendum
Following the ideas in this paper, Robert Lambert [12] has computed the asymp-
totic probability that a random integer ≤xhas exactly two prime factors between
xαand xβ, with all other prime factors ≤xα.
Simon Tavar´e has kindly informed us that the random bisection model also
plays a role in theoretical population biology. We briefly note the connection to
our work. We have studied the asymptotic joint distribution of the normalized
lengths of the prime factors (ordered by size) of a random integer x≤n. Letting
n1≥n2≥n3≥··· be these prime factors, the asymptotic joint distribution of
log n1
log n,log n2
log n,log n3
log n,...
is identical to the distribution of allele frequencies (in a model with infinitely many
alleles), ranked by size. In theoretical biology this is known as the Poisson-Dirichlet
distribution. Algorithms for computing its marginal distributions (in our terms, the
distribution of the length of the kth-largest factor of a random integer), have been
given by Griffiths [7]. As far as we know, however, we are the first to publish an
algorithm for computing the joint distribution. For more on applications to biology,
we refer the reader to [7] and references therein.
Finally, we remark that there is a very efficient algorithm for sampling from the
factor length (Poisson-Dirichlet) distribution, which has been analyzed in [2].
References
1. E. Bach, How to generate factored random numbers, SIAM J. Comput., 17:179–193, 1988.
MR 89e:11082
2. , Exact analysis of a priority queue algorithm for random variate generation, Proc. 5th
Ann. ACM-SIAM Symposium on Discrete Algorithms, pp. 48–52, 1994. MR 95h:65005
3. N. G. de Bruijn, On the number of positive integers ≤xand free of prime factors >y,Indag.
Math., 13:50–60, 1951. MR 13:724e
4. , The asymptotic behavior of a function occurring in the theory of primes, J. Indian
Math.Soc.(N.S.), 15:25–32, 1951. MR 13:326f
5. J.-M.-F. Chamayou, A probabilistic approach to a differential-difference equation arising in
analytic number theory, Math. Comp., 27:197–203, 1973. MR 49:1725
6. A. Y. Cheer and D. A. Goldston, A differential delay equation arising from the sieve of
Eratosthenes, Math. Comp., 55:129–141, 1990. MR 90j:11091

ASYMPTOTIC SEMISMOOTHNESS PROBABILITIES 1715
7. R. C. Griffiths, On the distribution of points in a Poisson Dirichlet process, J. Appl. Probab.,
25:336–345, 1988. MR 89g:92026
8. D. Knuth and L. Trabb Pardo, Analysis of a simple factorization algorithm, Theoret. Comput.
Sci., 3:321–348, 1976. MR 58:16485
9. G. Kolesnik and E. G. Straus, On the first occurrence of values of a character, Trans. Amer.
Math. Soc., 246:385–394, 1978. MR 80c:10045
10. A.K. Lenstra and M.S. Manasse, Factoring by electronic mail, In EUROCRYPT 89,vol-
ume 434 of Lecture Notes in Computer Science, pages 355–371. Springer-Verlag, 1990. MR
91i:11182
11. A. Hildebrand, Integers free of large prime factors and the Riemann hypothesis, Mathematika,
31:258-271, 1984. MR 87a:11086
12. R. Lambert, Computational aspects of discrete logarithms, Ph.D. thesis, University of Water-
loo, 1996.
13. J. van de Lune and E. Wattel, On the numerical solution of a differential-difference equation
arising in analytic number theory, Math. Comp., 23:417–421, 1969. MR 40:1050
14. G. Marsaglia, A. Zaman, and J. C. W. Marsaglia, Numerical solution of some classical
differential-difference equations, Math. Comp., 53:191–201, 1989. MR 90h:65124
15. P. L. Montgomery, An FFT extension of the elliptic curve method of factorization,Ph.D.
thesis, University of California - Los Angeles, 1992.
16. P. L. Montgomery and R. D. Silverman, An FFT extension to the p−1 factoring algorithm,
Math. Comp., 54:839–854, 1990. MR 90j:11142
17. K. K. Norton, Numbers with small prime factors, and the least kth power non-residue, Mem.
Amer. Math. Soc., 106, 1971. MR 44:3948
18. N. Patterson, Letter to Eric Bach, November 1988.
19. C. Pomerance, The quadratic sieve factoring algorithm, In EUROCRYPT ’84, volume 209 of
Lecture Notes in Computer Science, pages 169-182. Springer-Verlag, 1985. MR 87d:11098
20. V. Ramaswami, The number of positive integers <xand free of prime divisors >x
c
,anda
problem of S.S. Pillai, Duke Math. J., 16:99–109, 1949. MR 10:597b
21. C.-P. Schnorr and H. W. Lenstra, Jr., A Monte Carlo factoring algorithm with linear storage,
Math. Comp., 43:289–311, 1984. MR 85d:11106
22. L. Schoenfeld, Sharper bounds for the Chebyshev functions θ(x)andψ(x). II, Math. Comp.,
30:337–360, 1976. MR 56:15581b
23. E. C. Titchmarsh, The Theory of Functions. Second Edition, Oxford Univ. Press, 1939.
Computer Sciences Department, University of Wisconsin–Madison, 1210 W. Dayton
St., Madison, Wisconsin 53706
E-mail address:bach@cs.wisc.edu
Department of Electrical Engineering and Computer Science, University of
Wisconsin–Milwaukee, P.O. Box 784, Milwaukee, Wisconsin 53201
E-mail address:peralta@cs.uwm.edu