This method was the best algorithm for integer factorization until the general number field sieve was developed. It is still best for factoring out divisors of size not exceeding 20 digits (64 bits), as its running time depends on the size of a factor p rather than on the size of the number n to be factored.
It is an improvement of the older Pollard p −1 factorization method. In that method, it was assumed that the given number n has a prime factor p such that p-1 had only "small" prime factors (numbers whose prime factors are all "small" are informally called smooth). Then, by Fermat's little theorem, ae'\'=1 mod p whenever p-1 divides e and p does not divide a. Taking e to be a product of small primes raised to small powers, and a to be a random residue mod n, we can hopefully factor n by computing the greatest common divisor of n and ae-1, as other divisors q of n are unlikely to have the property that q-1 divides e - smooth values are rare. However, we will not be able to factor n if n does not have a prime factor p with p''-1 smooth.
The Lenstra elliptic curve factorization gets around this obstacle by considering the group of a random elliptic curve over the finite field Zp, rather than considering the multiplicative group of Zp which always has order p-1. The order of the group of a random elliptic curve over Zp varies between p and 2p randomly, and is likely to be smooth for some Elliptic curves.
The Lenstra elliptic curve factorization method to find a factor of the given number n works as follows: