Why can’t you use cyclotomic polynomials to factor big numbers really quickly?

Lets suppose you're in the worst case scenario: $N=pq$ where $p=2p′+1$ and $q=2q′+1$ with $p$, $q$, $p′$ and $q′$ all prime and $p$ and $q$ roughly the same size. Then the order of $x$ modulo $p$ will be either $p′$ or $2p′$ for any $x \neq \pm 1 \mod p$, and similarly modulo $q$. So we expect $GCD(N,x^k−1)$ to be nontrivial only if $p′$ or $q′$ divide $k$. The odds of this happening are roughly $1/p′+1/q′ \approx 4/\sqrt{N}$, so you need to try $\sqrt{N}$ values of $(x,k)$ before you expect a hit.

Cyclotomic Factoring is a class of integer factoring algorithms. It is based on the Euler congruence $x^{\varphi(n)}-1 \equiv 0 \mod n$. There are a few well known special cases.

1. The $p-1$-Pollard algorithm.
2. The $p+$-William algorithm.

3. Aurifeuillian Factoring, this is the oldest.

   The time complexity is $O(n^{1/4})$ arithmetic operations. Many authors have tried to obtain $O(n^{1/5})$, but no major reduction in complexity have been achieved in the last few decades.

   There is a large literature on this topic, a few are listed.

4. A. Granville, Aurifeuillian factors, Math Comp. Vol. 75, 2006.

5. E. Bach, Factoring with Cyclotomic Polynomials, Math. Comp. 1989.