| |
 |
|
|
Science Forum Index » Cryptography Forum » power detection?
Page 2 of 2 Goto page Previous 1, 2
|
| Author |
Message |
| Tom St Denis |
 Posted: Sat Jan 03, 2004 10:45 pm |
|
|
|
Guest
|
"Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7x4qvcmmf8.fsf@ruckus.brouhaha.com...
Quote: "Tom St Denis" <tomstdenis@iahu.ca> writes:
Problem is root finding is O(n^3) time and there are log2(n)/ln(log2(n))
prime exponents to test. So for n ~ 2^1024 there are 148 primes to
test....
Even with a decently optimized root finder [the one in LTM could be
written
slightly better] it's still going to take a while.
Unless I miss something, you need to test bases, not exponents.
What's to optimize? If you have some 1024 bit N and you want to know
if it's a power of 137, just compute y=ln(N)/ln(137) with floating
point arithmetic, and if y is near enough to being an integer, check
whether 137**round_to_nearest_int(y)==N. If y isn't very close to
an integer, you don't even need to bother with the exact integer test.
I'm trying todo this in LTM. I can't assume a float support exists.
Tom |
|
|
| Back to top |
|
| Paul Rubin |
| Posted: Sat Jan 03, 2004 10:58 pm |
|
|
|
Guest
|
"Tom St Denis" <tomstdenis@iahu.ca> writes:
Quote: I'm trying todo this in LTM. I can't assume a float support exists.
Just approximate it then. A simple 3 or 4 bit table lookup and a
little bit of interpolation should be fine. See "Numerical Recipes"
by Teukolsky et al for fancier ways to do approximations like that.
Don't obsess your mind on that cryptography stuff, get outside and do
some real programming now and then  . |
|
|
| Back to top |
|
| Paul Rubin |
| Posted: Sat Jan 03, 2004 10:58 pm |
|
|
|
Guest
|
"Tom St Denis" <tomstdenis@iahu.ca> writes:
Quote: I'm trying todo this in LTM. I can't assume a float support exists.
Just approximate it then. A simple 3 or 4 bit table lookup and a
little bit of interpolation should be fine. See "Numerical Recipes"
by Teukolsky et al for fancier ways to do approximations like that.
Don't obsess your mind on that cryptography stuff, get outside and do
some real programming now and then . |
|
|
| Back to top |
|
| Tom St Denis |
| Posted: Sat Jan 03, 2004 11:04 pm |
|
|
|
Guest
|
"Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7xoetkl60g.fsf@ruckus.brouhaha.com...
Quote: "Tom St Denis" <tomstdenis@iahu.ca> writes:
I'm trying todo this in LTM. I can't assume a float support exists.
Just approximate it then. A simple 3 or 4 bit table lookup and a
little bit of interpolation should be fine. See "Numerical Recipes"
by Teukolsky et al for fancier ways to do approximations like that.
Don't obsess your mind on that cryptography stuff, get outside and do
some real programming now and then .
Technically I could use a fixed point representation for ln(x) for x < some
constant [like 6500 or so is around the 256th prime]. So I use 32-bits as a
fraction. The trick now is to find ln(x) with at least 32-bits of
resolution. I think your method is a tad too simple since your "y" may be
off by a few value [we are dealing with huge numbers here].
You have given me somethng to think of. Gotta deal the time though [still
got ltp hacking todo plus I start school in a day].
Tom |
|
|
| Back to top |
|
| Tom St Denis |
| Posted: Sat Jan 03, 2004 11:04 pm |
|
|
|
Guest
|
"Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7xoetkl60g.fsf@ruckus.brouhaha.com...
Quote: "Tom St Denis" <tomstdenis@iahu.ca> writes:
I'm trying todo this in LTM. I can't assume a float support exists.
Just approximate it then. A simple 3 or 4 bit table lookup and a
little bit of interpolation should be fine. See "Numerical Recipes"
by Teukolsky et al for fancier ways to do approximations like that.
Don't obsess your mind on that cryptography stuff, get outside and do
some real programming now and then .
Technically I could use a fixed point representation for ln(x) for x < some
constant [like 6500 or so is around the 256th prime]. So I use 32-bits as a
fraction. The trick now is to find ln(x) with at least 32-bits of
resolution. I think your method is a tad too simple since your "y" may be
off by a few value [we are dealing with huge numbers here].
You have given me somethng to think of. Gotta deal the time though [still
got ltp hacking todo plus I start school in a day].
Tom |
|
|
| Back to top |
|
| Paul Rubin |
| Posted: Sat Jan 03, 2004 11:20 pm |
|
|
|
Guest
|
"Tom St Denis" <tomstdenis@iahu.ca> writes:
Quote: Technically I could use a fixed point representation for ln(x) for x < some
constant [like 6500 or so is around the 256th prime]. So I use 32-bits as a
fraction. The trick now is to find ln(x) with at least 32-bits of
resolution. I think your method is a tad too simple since your "y" may be
off by a few value [we are dealing with huge numbers here].
You don't need the whole 32 bits. Just get 4 or 5 bits with a lookup
table and another few bits with a simple interpolation based on the
table. If the result is far enough from away from an integer, you're
done, just like if a pseudoprimality test comes up saying a number is
composite. If the log is close to an integer, N might or might not be
a perfect power, so you do an exact test to find out for sure.
The point is if you trust your log approximation to (say) 8 bits, that
means you only have to do the exact test < 1% of the time, giving you
a big speedup over doing it all the time. If you want to optimize
this, you have to do some precise analysis of the error bounds in the
log calculation. However, even doing it sloppily (as long as your
error estimate is always too large rather than too small) just means
you do a few more exact tests than you really need to, which is fine. |
|
|
| Back to top |
|
| Paul Rubin |
| Posted: Sat Jan 03, 2004 11:20 pm |
|
|
|
Guest
|
"Tom St Denis" <tomstdenis@iahu.ca> writes:
Quote: Technically I could use a fixed point representation for ln(x) for x < some
constant [like 6500 or so is around the 256th prime]. So I use 32-bits as a
fraction. The trick now is to find ln(x) with at least 32-bits of
resolution. I think your method is a tad too simple since your "y" may be
off by a few value [we are dealing with huge numbers here].
You don't need the whole 32 bits. Just get 4 or 5 bits with a lookup
table and another few bits with a simple interpolation based on the
table. If the result is far enough from away from an integer, you're
done, just like if a pseudoprimality test comes up saying a number is
composite. If the log is close to an integer, N might or might not be
a perfect power, so you do an exact test to find out for sure.
The point is if you trust your log approximation to (say) 8 bits, that
means you only have to do the exact test < 1% of the time, giving you
a big speedup over doing it all the time. If you want to optimize
this, you have to do some precise analysis of the error bounds in the
log calculation. However, even doing it sloppily (as long as your
error estimate is always too large rather than too small) just means
you do a few more exact tests than you really need to, which is fine. |
|
|
| Back to top |
|
| Michael Wiener |
| Posted: Sun Jan 04, 2004 9:58 am |
|
|
|
Guest
|
Hint:
If the number is odd, exponents above log_3(n) are ruled out; otherwise the
number of 2s that factor out severely restricts the possible exponents.
If 0 mod p, for any small prime p, number of p factors restricts possible
exponents; otherwise a range of larger exponents gets eliminated.
If 2 mod 3, exponent cannot be even.
If not 1 or 4 mod 5, exponent cannot be even.
If not 1 or 6 mod 7, then exponent cannot be a multiple of 3.
If not 1 or 10 mod 11, then exponent cannot be a multiple of 5.
The optimal approach depends on the probability distribution for choosing n.
If n is chosen randomly, then an approach based on generalizing the simple
facts above can be quite efficient.
Michael Wiener
"Tom St Denis" <tomstdenis@iahu.ca> wrote in message
news:aaIJb.117164$INs.113473@twister01.bloor.is.net.cable.rogers.com...
Quote: I tried some citeseering but couldn't find anything..
Any references on detecting whether an integer is a prime power?
Obviously
there is the brute force solution (e.g. try roots from 2 to log_2(n)) but
that could get slow...
Thanks,
Tom
|
|
|
| Back to top |
|
| Michael Amling |
| Posted: Sun Jan 04, 2004 3:54 pm |
|
|
|
Guest
|
Paul Rubin wrote:
Quote: "Tom St Denis" <tomstdenis@iahu.ca> writes:
Problem is root finding is O(n^3) time and there are log2(n)/ln(log2(n))
prime exponents to test. So for n ~ 2^1024 there are 148 primes to test....
Even with a decently optimized root finder [the one in LTM could be written
slightly better] it's still going to take a while.
Unless I miss something, you need to test bases, not exponents.
What's to optimize? If you have some 1024 bit N and you want to know
if it's a power of 137, just compute y=ln(N)/ln(137) with floating
point arithmetic, and if y is near enough to being an integer, check
whether 137**round_to_nearest_int(y)==N. If y isn't very close to
an integer, you don't even need to bother with the exact integer test.
Sorry, I don't quite follow this. How does it generalize? You repeat
the above calculation with 137 replaced by ... what?
--Mike Amling |
|
|
| Back to top |
|
| Paul Rubin |
| Posted: Sun Jan 04, 2004 5:53 pm |
|
|
|
Guest
|
Michael Amling <nospam@nospam.com> writes:
Quote: slightly better] it's still going to take a while.
Unless I miss something, you need to test bases, not exponents.
What's to optimize? If you have some 1024 bit N and you want to know
if it's a power of 137, just compute y=ln(N)/ln(137) with floating
point arithmetic, and if y is near enough to being an integer, check
whether 137**round_to_nearest_int(y)==N. If y isn't very close to
an integer, you don't even need to bother with the exact integer test.
Sorry, I don't quite follow this. How does it generalize? You
repeat the above calculation with 137 replaced by ... what?
Oh right. Doh. I got it backwards. If you have N what you want to
know is whether it's the 137th power of something, which takes a
slower test. Thanks. I'm not sleeping enough these days, sigh. |
|
|
| Back to top |
|
| Phil Carmody |
| Posted: Sun Jan 04, 2004 7:40 pm |
|
|
|
Guest
|
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
Quote: "Tom St Denis" <tomstdenis@iahu.ca> writes:
Problem is root finding is O(n^3) time and there are log2(n)/ln(log2(n))
prime exponents to test. So for n ~ 2^1024 there are 148 primes to test....
Even with a decently optimized root finder [the one in LTM could be written
slightly better] it's still going to take a while.
Unless I miss something, you need to test bases, not exponents.
What's to optimize? If you have some 1024 bit N and you want to know
if it's a power of 137, just compute y=ln(N)/ln(137) with floating
point arithmetic, and if y is near enough to being an integer, check
whether 137**round_to_nearest_int(y)==N.
How about whether 137**round(y) == N (mod 2^16)? No bignum maths
required unless that says yes, in which case you do the full
calculation.
Quote: If y isn't very close to
an integer, you don't even need to bother with the exact integer test.
Yup, throw out as many candidates as possible with the quickest test
as soon as possible.
Tom - an approximate log can be done using CORDIC in purely integer
operations. However, CORDIC can sometimes require some quite large
lookup tables. If you can't find anything on google, then ask again
here or mail me, and I'll see if I can remember how to do logs that
way. (Been a decade since I last did anything with CORDIC, but
fortunately log is the absolute easiest of the functions to do.)
Phil
--
Unpatched IE vulnerability: DNSError folder disclosure
Description: Gaining access to local security zones
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0306/52.html |
|
|
| Back to top |
|
| Phil Carmody |
| Posted: Sun Jan 04, 2004 8:32 pm |
|
|
|
Guest
|
"Tom St Denis" <tomstdenis@iahu.ca> writes:
Quote: "Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7xoetkl60g.fsf@ruckus.brouhaha.com...
"Tom St Denis" <tomstdenis@iahu.ca> writes:
I'm trying todo this in LTM. I can't assume a float support exists.
Just approximate it then. A simple 3 or 4 bit table lookup and a
little bit of interpolation should be fine. See "Numerical Recipes"
by Teukolsky et al for fancier ways to do approximations like that.
Don't obsess your mind on that cryptography stuff, get outside and do
some real programming now and then .
Technically I could use a fixed point representation for ln(x) for x < some
constant [like 6500 or so is around the 256th prime]. So I use 32-bits as a
fraction. The trick now is to find ln(x) with at least 32-bits of
resolution.
For the problem in hand, you only need to calculate as many bits as are
required to know that the final answer is not an integer.
50% of the time, you'll not need to go beyond 3 bits, I'm sure.
Phil
--
Unpatched IE vulnerability: Web Archive buffer overflow
Description: Possible automated code execution.
Reference: http://msgs.securepoint.com/cgi-bin/get/bugtraq0303/107.html |
|
|
| Back to top |
|
| Marcel Martin |
| Posted: Sun Jan 04, 2004 11:09 pm |
|
|
|
Guest
|
Phil Carmody a écrit :
Quote:
"Tom St Denis" <tomstdenis@iahu.ca> writes:
"Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7xoetkl60g.fsf@ruckus.brouhaha.com...
"Tom St Denis" <tomstdenis@iahu.ca> writes:
I'm trying todo this in LTM. I can't assume a float support exists.
Just approximate it then. A simple 3 or 4 bit table lookup and a
little bit of interpolation should be fine. See "Numerical Recipes"
by Teukolsky et al for fancier ways to do approximations like that.
Don't obsess your mind on that cryptography stuff, get outside and do
some real programming now and then .
Technically I could use a fixed point representation for ln(x) for x < some
constant [like 6500 or so is around the 256th prime]. So I use 32-bits as a
fraction. The trick now is to find ln(x) with at least 32-bits of
resolution.
For the problem in hand, you only need to calculate as many bits as are
required to know that the final answer is not an integer.
50% of the time, you'll not need to go beyond 3 bits, I'm sure.
Phil,
I don't quite understand. What do you want to approximate with 3 bits?
mm
--
http://www.ellipsa.net/
mm@ellipsa.no.sp.am.net ( suppress no.sp.am. ) |
|
|
| Back to top |
|
| Phil Carmody |
| Posted: Mon Jan 05, 2004 10:44 pm |
|
|
|
Guest
|
Marcel Martin <mm@ellipsa.no.sp.am.net> writes:
Quote: For the problem in hand, you only need to calculate as many bits as are
required to know that the final answer is not an integer.
50% of the time, you'll not need to go beyond 3 bits, I'm sure.
Phil,
I don't quite understand. What do you want to approximate with 3 bits?
The wrong value. We were diverted down a 'is log(x) an integer'-like path,
which we don't want to take for the problem really in hand.
Best ignored now.
(If using CORDIC, then you can work out an approximation to log(x) such that
the maximum value you can be away from the final answer is just larger than
the most recent adjustement you made, but less than twice it. So you can't
always stop at 0.10... as it might become 0.11111..., which might well be
an integer. You'd need to go to 0.100 or 0.101 to be sure that it would never
reach 0.11111.... It's possible to go from a 2-bit approcimation 0.10... to
a 3 bit approximation 0.110... , you see.)
Phil
--
Unpatched IE vulnerability: NavigateAndFind protocol history
Description: cross-domain scripting, cookie/data/identity theft,
command execution
Reference: http://safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
Exploit: http://safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-MyPage.HTM |
|
|
| Back to top |
|
| |
Page 2 of 2 Goto page Previous 1, 2
All times are GMT - 5 Hours
The time now is Sun Jul 06, 2008 5:22 pm
|
|
