[ci skip] Use less verbose naming. Add asserts as verfication of algorithms is a negligible fraction of total runtime. Use boost::multiprecision::powm and boost::multiprecision::sqrt rather than one-offs.

2018-02-09 17:19:26 -06:00
parent fc4d657201
commit 8c415f77b1
10 changed files with 111 additions and 149 deletions
--- a/include/boost/integer/discrete_log.hpp
+++ b/include/boost/integer/discrete_log.hpp
@ -12,10 +12,10 @@
 #include <limits>
 #include <unordered_map>
 #include <boost/optional.hpp>
-#include <boost/integer/floor_sqrt.hpp>
-#include <boost/integer/modular_multiplicative_inverse.hpp>
-#include <boost/integer/modular_exponentiation.hpp>
-#include <boost/integer/common_factor.hpp>
+#include <boost/format.hpp>
+#include <boost/multiprecision/integer.hpp>
+#include <boost/integer/common_factor_rt.hpp>
+#include <boost/integer/mod_inverse.hpp>

 namespace boost { namespace integer {

@ -29,19 +29,28 @@ boost::optional<Z> trial_multiplication_discrete_log(Z base, Z arg, Z p)

    if (base <= 1)
    {
-        throw std::logic_error("The base must be > 1.\n");
+        throw std::domain_error("The base must be > 1.\n");
    }
    if (p < 3)
    {
-        throw std::logic_error("The modulus must be > 2.\n");
+        throw std::domain_error("The modulus must be > 2.\n");
    }
    if (arg < 1)
    {
-        throw std::logic_error("The argument must be > 0.\n");
+        throw std::domain_error("The argument must be > 0.\n");
    }
    if (base >= p || arg >= p)
    {
-        throw std::logic_error("Error computing the discrete log: Are your arguments in the wrong order?\n");
+        if (base >= p)
+        {
+            auto e = boost::format("Error computing the discrete log: The base %1% is greater than the modulus %2%. Are the arguments in the wrong order?") % base % p;
+            throw std::domain_error(e.str());
+        }
+        if (arg >= p)
+        {
+            auto e = boost::format("Error computing the discrete log: The argument %1% is greater than the modulus %2%. Are the arguments in the wrong order?") % arg % p;
+            throw std::domain_error(e.str());
+        }
    }

    if (arg == 1)
@ -54,6 +63,8 @@ boost::optional<Z> trial_multiplication_discrete_log(Z base, Z arg, Z p)
        s = (s * base) % p;
        if (s == arg)
        {
+            // Maybe a bit trivial assertion. But still a negligible fraction of the total compute time.
+            BOOST_ASSERT(arg == boost::multiprecision::powm(base, i, p));
            return i;
        }
    }
@ -61,14 +72,14 @@ boost::optional<Z> trial_multiplication_discrete_log(Z base, Z arg, Z p)
 }

 template<class Z>
-class baby_step_giant_step_discrete_log
+class bsgs_discrete_log
 {
 public:
-    baby_step_giant_step_discrete_log(Z base, Z p) : m_p{p}
+    bsgs_discrete_log(Z base, Z p) : m_p{p}, m_base{base}
    {
        using std::numeric_limits;
        static_assert(numeric_limits<Z>::is_integer,
-                      "The baby_step_giant_step discrete log works on integral types.\n");
+                      "The baby-step, giant-step discrete log works on integral types.\n");

        if (base <= 1)
        {
@ -82,18 +93,20 @@ public:
        {
            throw std::logic_error("Error computing the discrete log: Are your arguments in the wrong order?\n");
        }
-        m_root_p = floor_sqrt(p);
+        m_root_p = boost::multiprecision::sqrt(p);
        if (m_root_p*m_root_p != p)
        {
            m_root_p += 1;
        }

-        auto x = modular_multiplicative_inverse(base, p);
+        auto x = mod_inverse(base, p);
        if (!x)
        {
-            throw std::logic_error("The gcd of the b and the modulus is > 1, hence the discrete log is not guaranteed to exist. If you don't require an existence proof, use trial multiplication.\n");
+            auto d = boost::integer::gcd(base, p);
+            auto e = boost::format("The gcd of the base %1% and the modulus %2% is %3% != 1, hence the discrete log is not guaranteed to exist, which breaks the baby-step giant step algorithm. If you don't require existence proof for all inputs, use trial multiplication.\n") % base % p % d;
+            throw std::logic_error(e.str());
        }
-        m_inv_base_pow_m = modular_exponentiation(x.value(), m_root_p, p);
+        m_inv_base_pow_m = boost::multiprecision::powm(x.value(), m_root_p, p);

        m_lookup_table.reserve(m_root_p);
        // Now the expensive part:
@ -119,17 +132,24 @@ public:
            auto it = m_lookup_table.find(k);
            if (it != m_lookup_table.end())
            {
-                return (i*m_root_p + it->second) % m_p;
+                Z log_b_arg = (i*m_root_p + it->second) % m_p;
+                // This computation of the modular exponentiation is laughably quick relative to computing the discrete log.
+                // Why not put an assert here for our peace of mind?
+                BOOST_ASSERT(arg == boost::multiprecision::powm(m_base, log_b_arg, m_p));
+                return log_b_arg;
            }
            ami = (ami*m_inv_base_pow_m) % m_p;
            k = k * ami % m_p;
        }
        // never should get here . . .
+        BOOST_ASSERT(false);
+        // Suppress compiler warnings.
        return -1;
    }

 private:
    Z m_p;
+    Z m_base;
    Z m_root_p;
    Z m_inv_base_pow_m;
    std::unordered_map<Z, Z> m_lookup_table;