-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new function mp_sqrtmod_prime #33
Comments
Cool, care to write a bit in the BN user manual and/or the tommath text? |
+1 for user manual & tommath text |
To be fair I wasn't volunteering to do that work :-) (at least I won't be getting involved anytime soon beyond just chipping in my two cents). Should be easy to add to the BN manual and for the tommath book I would just add it towards the end near the discussion about Jacobi. |
Oh, I was pointing to @karel-m :) |
Phew, dodged work. +1 dexterity. |
I'm always trying to follow the approach 'the person who had the fun part to do the implementation, then please also takes the bad part and writes documentation' ;) |
Ya I played that role for 5+ years. I don't mind documentation/etc but I'm not in a place to contribute commits to OSS just yet and my 2 year old at home won't let me do it in my spare time :-) That being said at the very least make sure to update the BN manual since as an SDK that's more important. |
I just don't merge PR's that introduce major features but miss documentation. |
Good lad. And yes, it would be good to see this ported to TFM for completeness. |
Ad creating pull request see #34 By doc update you mean a patch for |
Here is some basic doc: Modular square rootFunction The implementation is split for two different cases:
The function does not check the primality of parameter |
On Apr 18, 2015, at 1:39 PM, karel-m notifications@github.com wrote:
This last bothers me. Given that many/most prime numbers are only probabilistically prime, what are the downside problems caused by the number not actually being a prime? True, done right, the odds are small this would be a problem, but wouldn't it make sense to understand the risks of a bad answer? ...or somehow check the answer? ??? |
The thing is that neither Handbook of Applied Cryptography algorithm 3.36 nor Tonelli-Shanks algorithm work for composite In fact I have not tested what exactly happens when |
On Apr 18, 2015, at 2:15 PM, karel-m notifications@github.com wrote:
I need to get closer to this problem, but what about just squaring and comparing the answer? |
Do we have to do anything about this? |
I just realized that this is related to #31 ... @czurnieden what do you think as you created #31 ? does the jacobi issue somehow influence proper functioning of this function? |
I thought it was already resolved? It's two lines: one to check for 0/1 and return the proper result "1" and the other one in the docs to remark the lack of support for negative numerators with the only problem: legacy. I would do it myself but my version has gone quite off over the last year when I wasn't able to keep it up-to-date regularly. I think I'll follow Randall Munroe's advice he gave in http://xkcd.com/1597/ ;-) But a bit more serious: After careful consumption of a large can of coffee and a much smaller copy of Cohen's "Algebraic Number Theory" the answer is: No, it won't make much trouble. If I understand it correct, the composites that cause the largest trouble are perfect powers k^n (with k,n in N+ and n>1)and which are quite expensive to test for because you need to do it brute force (there's a slightly faster algorithm listed in Cohen for p^n and p prime) and check for every prime up to log_2(k). N-th integer root is O(log n) as is exponentiation and we could take the table in If you want to do it you should place the code (an implementation is in I would just put a note in the docs to highlight the fact that the result cannot be trusted 100% if the primality of the input cannot be guaranteed. @sjaeckel Yes, the documentation of my stuff is a work in progress. Although a very slow progress but it goes forward. |
Is this function "ready" and just needs enhancements for edge cases or is it considered defective? |
Should be ready AFAIK. |
With that then let's close this issue. |
Hi,
it would be nice to have mp_sqrtmod_prime function - it is necessary for handling compressed ECC keys as mentioned in this issue libtom/libtomcrypt#34
here is my suggestion (I'll send it as pull request if you find it worth considering):
The text was updated successfully, but these errors were encountered: