Let $f(z, k) = (z^2 - 1)(z^2 - 2^2)(z^2 - 3^2)(z^2 - 4^2) \cdots (z^2 - k^2)$ in less than $1 + k + k + k + (k-1) = 4k$ arithmetic operations, specifically I need it to be roughly $2k$ operations or less.
In the cost formula, the first $1$ comes from needing to square $z$, the first $k$ from incrementing a counter $k$ times to make up $1, 2, 3, \dots k$, i.e. you don't get to have arbitrary constants or tables of constants which really wouldn't add much efficiency anyway. The second $k$ comes from squaring each $k$, the third $k$ comes from the subtraction in each parenthesis. The $(k-1)$ comes from the $(k-1)$ multiplications. So that the totals is $4k$ arithmetic operations if computed directly using the given formula for $f$.
Where does this come from? These are the factors (combined) in $\dfrac{x!}{(x - 2k - 1)!}$ where $z$ is taken to the median factor in the sequence $x(x-1)(x-2)\cdots (z+1)z(z-1) \cdots (z-k)$. I don't know if that is 100% accurate, but that part doesn't matter. Just to tell you where it comes from. Computing this directly requires twice as many operations as $f(z,k)$. So already in computing a factorial I've reduced the operations by half. So I'm just wondering if we can or can't find a way of reducing it by another half.
Question. How can we compute $f(z,k)$ in $2k$ arithmetic operations or less (roughly)?
If you can do it with $\dfrac{8k}{5}$ operations or something that would also be interesting if you get my drift.
This might help because of group theory: All the arithmetic is done modulo some $n\in \Bbb{N}\setminus 1$ and $\sqrt{n} \geq z,k$. But note $n$ will be huge or 1000's of digits (think RSA numbers that are hard to factor). But also note that we can take each $1,2,3,\dots, k$ as well as $z$ to be coprime to $n$ because in any factorization algorithm you can check the result of every arithmetic operation and only add a polynomial factor slow-down (the cost of computing $\gcd(x\pmod n, n)$). Thus on the right we have that the results of all arithmetic operations are units in $\Bbb{Z}/n$. If it turns out that they're not, then we can halt the algorithm because a factor has been found or $\gcd(x\pmod n, n) = n$ in which case we can stop computing the long factorial and change the binary search parameters to another range $[y,x]$ because a $\gcd$ result of $n$ would indicate "you've gone too far" and included all factors of $n$, so back up and try again.
Because of coprimality, the set $\{ y^2 \pmod n\} \leqslant (\Bbb{Z}/n)^{\times}$ forms a subgroup of the units. We're also able to "pretend that we're working in a field" because of this, that is until a factor is found. I know that other integer factorization algorithms do just that.
Expanding on my comment, the central symmetry of the product suggests looking at symmetric pairs:
$$ \begin{align} (z^2-j^2)(z^2-(k-j+1)^2) &=\color{red}{(z-j)}\color{blue}{(z+j)}\color{red}{\big(z-(k+1-j)\big)}\color{blue}{\big(z+(k+1-j)\big)} \\ &= \color{red}{\big(z^2 - (k+1)z +j(k+1-j)\big)}\color{blue}{\big(z^2 + (k+1)z +j(k+1-j)\big)} \\ &= \big(z^2+j(k+1-j)\big)^2 - (k+1)^2z^2 \\ &= \big(z^2+n_j\big)^2 - (k+1)^2z^2 \end{align} $$
Here $\,n_j=j(k+1-j)\,$, which can be calculated recursively with $\,n_1=k\,$ and $\,n_{j+1}=n_{j}+k-2j\,$.
For $\,j=1\,$ to $\,k/2\,$, an approximate count ignoring some half $\,1/2\,$ ops:
the sequence $\,k-2j\,$ can be calculated iteratively by subtracting $\,2\,$ at each step, total $\,k/2\,$ ops;
the sequence $\,n_{j+1}=n_j+(k-2j)\,$ then takes one addition at each step, total $\,k/2\,$ ops;
the term $\,\big(z^2+n_j\big)^2\,$ takes $\, 2 \cdot k/2 = k\,$ ops;
the difference of terms takes $\,k/2\,$ op.
the multiplication of pairs take $\,k/2\,$ ops.
In the end, it adds up to about $\,3k\,$ ops, which is slightly better than the baseline, but still short of the target $\,2k\,$.