MATH
Login Or Sign up

Fast GCD algorithm

215 Views Asked by At

I'm trying to implement the extended Lehmer algorithm (search for GCD and Bezout coefficients) from the book "Handbook of Elliptic and Hyperelliptic Curve Cryptography".

Here is the link.

It seems to me that there is an error in this algorithm, here is an example:

For example, take numbers:
x = 0x3 3333 3333 3333 3333
N = 0xA AAAA AAAA AAAA AAAA
Platform is x64, so l = 64

A = 0xA AAAA AAAA AAAA AAAA, B = 0x3 3333 3333 3333 3333, Ua = 0, Ub = 1 

A^ = 0xAAAA AAAA AAAA AAAA, B^ = 0x3333 3333 3333 3333, alpha = 1, beta = 0, alpha' = 0, beta' = 1
B^ != 0, so q <- [A^/B^] = 3, T <- A^ mod B^ = 0x1111 1111 1111 1111
T >= 2^(l/2), so q' <- [B^/T] = 3, T' <- B^ mod T = 0
T' < 2^(l/2), so break;
beta == 0, so alpha = 0, beta = 1, alpha' = 1, beta' = -[A/B] = -3
return {alpha, beta, alpha', beta'} = {0,1,1,-3}

[A] = [alpha  beta ]*[A] = [0  1][0xA AAAA AAAA AAAA AAAA] = [0x3 3333 3333 3333 3333]
[B]   [alpha' beta'] [B]   [1 -3][0x3 3333 3333 3333 3333]   [0x1 1111 1111 1111 1111]

[Ua] = [alpha  beta ]*[Ua] = [0  1][0] = [1 ]
[Ub]   [alpha' beta'] [Ub]   [1 -3][1]   [-3]

A = 0x3 3333 3333 3333 3333, B = 0x1 1111 1111 1111 1111, Ua = 1, Ub = -3
A^ = 0xCCCC CCCC CCCC CCCC, B^ = 0x4444 4444 4444 4444, alpha = 1, beta = 0, alpha' = 0, beta' = 1
B^ != 0, so q <- [A^/B^] = 3, T <- A^ mod B^ = 0
T' < 2^(l/2), so
beta == 0, so alpha = 0, beta = 1, alpha' = 1, beta' = -[A/B] = -3
return {alpha, beta, alpha', beta'} = {0,1,1,-3}

[A] = [alpha  beta ]*[A] = [0  1][0x3 3333 3333 3333 3333] = [0x1 1111 1111 1111 1111]
[B]   [alpha' beta'] [B]   [1 -3][0x1 1111 1111 1111 1111]   [0]

[Ua] = [alpha  beta ]*[Ua] = [0  1][ 1] = [-3]
[Ub]   [alpha' beta'] [Ub]   [1 -3][-3]   [10]

A = 0x1 1111 1111 1111 1111, B = 0, Ua = -3, Ub = 10
Next step we must compute (u, v, d) by Algorithm 10.42
with arguments A and B, but B is zero and algorithm 10.42
crushes at line 3
  q <- [A/B]
In description to algorithm 10.42 says: 
INPUT: Two POSITIVE integers,
but it called with B = 0 in algorithm 10.45.

Problem is that at the end of the algorithm (the last 3 lines of my calculations) there is a division by zero occurs.

My question is the following:

1) Is the error really in the book, or I'm mistaken in my calculations?
2) If there is an error in the book, what needs to be changed in the algorithm to make it work?

number-theory algorithms cryptography
Original Q&A

Related Questions in NUMBER-THEORY

Related Questions in ALGORITHMS

Related Questions in CRYPTOGRAPHY

Trending Questions

Popular # Hahtags

second-order-logic numerical-methods puzzle logic probability number-theory winding-number real-analysis integration calculus complex-analysis sequences-and-series proof-writing set-theory functions homotopy-theory elementary-number-theory ordinary-differential-equations circles derivatives game-theory definite-integrals elementary-set-theory limits multivariable-calculus geometry algebraic-number-theory proof-verification partial-derivative algebra-precalculus

Popular Questions

Copyright © 2021 JogjaFile Inc.