feedc0de/boost_integer
1
0
Fork 0
forked from boostorg/integer
Code Pull Requests Activity

[ci skip] Use less verbose naming. Add asserts as verfication of algorithms is a negligible fraction of total runtime. Use boost::multiprecision::powm and boost::multiprecision::sqrt rather than one-offs.

Browse Source
This commit is contained in:
Nick Thompson
2018-02-09 17:19:26 -06:00
parent fc4d657201
commit 8c415f77b1
10 changed files with 111 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
include/boost/integer/discrete_log.hpp
View File

@ -12,10 +12,10 @@
#include <limits>
#include <unordered_map>
#include <boost/optional.hpp>
#include <boost/integer/floor_sqrt.hpp>
#include <boost/integer/modular_multiplicative_inverse.hpp>
#include <boost/integer/modular_exponentiation.hpp>
#include <boost/integer/common_factor.hpp>
#include <boost/format.hpp>
#include <boost/multiprecision/integer.hpp>
#include <boost/integer/common_factor_rt.hpp>
#include <boost/integer/mod_inverse.hpp>
namespace boost { namespace integer {
@ -29,19 +29,28 @@ boost::optional<Z> trial_multiplication_discrete_log(Z base, Z arg, Z p)
if (base <= 1)
{
throw std::logic_error("The base must be > 1.\n");
throw std::domain_error("The base must be > 1.\n");
}
if (p < 3)
{
throw std::logic_error("The modulus must be > 2.\n");
throw std::domain_error("The modulus must be > 2.\n");
}
if (arg < 1)
{
throw std::logic_error("The argument must be > 0.\n");
throw std::domain_error("The argument must be > 0.\n");
}
if (base >= p || arg >= p)
{
throw std::logic_error("Error computing the discrete log: Are your arguments in the wrong order?\n");
if (base >= p)
{
auto e = boost::format("Error computing the discrete log: The base %1% is greater than the modulus %2%. Are the arguments in the wrong order?") % base % p;
throw std::domain_error(e.str());
}
if (arg >= p)
{
auto e = boost::format("Error computing the discrete log: The argument %1% is greater than the modulus %2%. Are the arguments in the wrong order?") % arg % p;
throw std::domain_error(e.str());
}
}
if (arg == 1)
@ -54,6 +63,8 @@ boost::optional<Z> trial_multiplication_discrete_log(Z base, Z arg, Z p)
s = (s * base) % p;
if (s == arg)
{
// Maybe a bit trivial assertion. But still a negligible fraction of the total compute time.
BOOST_ASSERT(arg == boost::multiprecision::powm(base, i, p));
return i;
}
}
@ -61,14 +72,14 @@ boost::optional<Z> trial_multiplication_discrete_log(Z base, Z arg, Z p)
}
template<class Z>
class baby_step_giant_step_discrete_log
class bsgs_discrete_log
{
public:
baby_step_giant_step_discrete_log(Z base, Z p) : m_p{p}
bsgs_discrete_log(Z base, Z p) : m_p{p}, m_base{base}
{
using std::numeric_limits;
static_assert(numeric_limits<Z>::is_integer,
"The baby_step_giant_step discrete log works on integral types.\n");
"The baby-step, giant-step discrete log works on integral types.\n");
if (base <= 1)
{
@ -82,18 +93,20 @@ public:
{
throw std::logic_error("Error computing the discrete log: Are your arguments in the wrong order?\n");
}
m_root_p = floor_sqrt(p);
m_root_p = boost::multiprecision::sqrt(p);
if (m_root_p*m_root_p != p)
{
m_root_p += 1;
}
auto x = modular_multiplicative_inverse(base, p);
auto x = mod_inverse(base, p);
if (!x)
{
throw std::logic_error("The gcd of the b and the modulus is > 1, hence the discrete log is not guaranteed to exist. If you don't require an existence proof, use trial multiplication.\n");
auto d = boost::integer::gcd(base, p);
auto e = boost::format("The gcd of the base %1% and the modulus %2% is %3% != 1, hence the discrete log is not guaranteed to exist, which breaks the baby-step giant step algorithm. If you don't require existence proof for all inputs, use trial multiplication.\n") % base % p % d;
throw std::logic_error(e.str());
}
m_inv_base_pow_m = modular_exponentiation(x.value(), m_root_p, p);
m_inv_base_pow_m = boost::multiprecision::powm(x.value(), m_root_p, p);
m_lookup_table.reserve(m_root_p);
// Now the expensive part:
@ -119,17 +132,24 @@ public:
auto it = m_lookup_table.find(k);
if (it != m_lookup_table.end())
{
return (i*m_root_p + it->second) % m_p;
Z log_b_arg = (i*m_root_p + it->second) % m_p;
// This computation of the modular exponentiation is laughably quick relative to computing the discrete log.
// Why not put an assert here for our peace of mind?
BOOST_ASSERT(arg == boost::multiprecision::powm(m_base, log_b_arg, m_p));
return log_b_arg;
}
ami = (ami*m_inv_base_pow_m) % m_p;
k = k * ami % m_p;
}
// never should get here . . .
BOOST_ASSERT(false);
// Suppress compiler warnings.
return -1;
}
private:
Z m_p;
Z m_base;
Z m_root_p;
Z m_inv_base_pow_m;
std::unordered_map<Z, Z> m_lookup_table;

6
include/boost/integer/extended_euclidean.hpp
View File

@ -59,7 +59,13 @@ std::tuple<Z, Z, Z> extended_euclidean(Z m, Z n)
if (swapped)
{
std::swap(u1, u2);
BOOST_ASSERT(u2*m+u1*n==u0);
}
else
{
BOOST_ASSERT(u1*m+u2*n==u0);
}
return std::make_tuple(u0, u1, u2);
}

34
include/boost/integer/floor_sqrt.hpp
View File

@ -1,34 +0,0 @@
/*
* (C) Copyright Nick Thompson 2017.
* Use, modification and distribution are subject to the
* Boost Software License, Version 1.0. (See accompanying file
* LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
*
* The integer floor_sqrt doesn't lose precision like a cast does.
* Based on Algorithm 5.9 of "The Joy of Factoring".
*/
#ifndef BOOST_INTEGER_FLOOR_SQRT_HPP
#define BOOST_INTEGER_FLOOR_SQRT_HPP
#include <limits>
namespace boost { namespace integer {
template<class Z>
Z floor_sqrt(Z N)
{
static_assert(std::numeric_limits<Z>::is_integer,
"The floor_sqrt function is for taking square roots of integers.\n");
Z x = N;
Z y = x/2 + (x&1);
while (y < x) {
x = y;
y = (x + N / x)/2;
}
return x;
}
}}
#endif

10
include/boost/integer/modular_multiplicative_inverse.hpp → include/boost/integer/mod_inverse.hpp
View File

@ -13,8 +13,13 @@
namespace boost { namespace integer {
// From "The Joy of Factoring", Algorithm 2.7.
// The name is a bit verbose. Here's some others names I've found for this function:
// PowerMod[a, -1, m] (Mathematica)
// mpz_invert (gmplib)
// modinv (some dude on stackoverflow)
// Would modular_inverse be sometimes mistaken as the modular *additive* inverse?
template<class Z>
boost::optional<Z> modular_multiplicative_inverse(Z a, Z modulus)
boost::optional<Z> mod_inverse(Z a, Z modulus)
{
using std::numeric_limits;
static_assert(numeric_limits<Z>::is_integer,
@ -37,12 +42,13 @@ boost::optional<Z> modular_multiplicative_inverse(Z a, Z modulus)
return {};
}
Z x = std::get<1>(u);
// x might not be in the range 0 < x < m, let's fix that:
x = x % modulus;
// x might not be in the range 0 < x < m, let's fix that:
while (x <= 0)
{
x += modulus;
}
BOOST_ASSERT(x*a % modulus == 1);
return x;
}

39
include/boost/integer/modular_exponentiation.hpp
View File

@ -1,39 +0,0 @@
/*
* (C) Copyright Nick Thompson 2018.
* Use, modification and distribution are subject to the
* Boost Software License, Version 1.0. (See accompanying file
* LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
*/
#ifndef BOOST_INTEGER_MODULAR_EXPONENTIATION_HPP
#define BOOST_INTEGER_MODULAR_EXPONENTIATION_HPP
#include <limits>
namespace boost { namespace integer {
template<class Z>
Z modular_exponentiation(Z base, Z exponent, Z modulus)
{
using std::numeric_limits;
static_assert(numeric_limits<Z>::is_integer,
"Modular exponentiation works on integral types.\n");
Z result = 1;
if (exponent < 0 || modulus < 0)
{
throw std::domain_error("Both the exponent and the modulus must be > 0.\n");
}
while (exponent > 0)
{
if (exponent & 1)
{
result = (result*base) % modulus;
}
base = (base*base) % modulus;
exponent >>= 1;
}
return result;
}
}}
#endif