Java 理解Miller-Rabin实现
我正在学习Miller-Rabin,我正在看下面的算法实现 我觉得我对算法有一个很好的理解,但是实现不是很容易理解,主要是因为缺少文档。如果有人能够浏览代码并解释我们在每一步都在做什么以及为什么这样做,这将非常有帮助。参考算法将非常有帮助Java 理解Miller-Rabin实现,java,algorithm,cryptography,Java,Algorithm,Cryptography,我正在学习Miller-Rabin,我正在看下面的算法实现 我觉得我对算法有一个很好的理解,但是实现不是很容易理解,主要是因为缺少文档。如果有人能够浏览代码并解释我们在每一步都在做什么以及为什么这样做,这将非常有帮助。参考算法将非常有帮助 Algorithm: Input: n > 3, an odd integer to be tested for primality; Input: k, a parameter that determines the accuracy of the
Algorithm:
Input: n > 3, an odd integer to be tested for primality;
Input: k, a parameter that determines the accuracy of the test
Output: composite if n is composite, otherwise probably prime
write n − 1 as 2s·d with d odd by factoring powers of 2 from n − 1
LOOP: repeat k times:
pick a randomly in the range [2, n − 2]
x ← a^d mod n
if x = 1 or x = n − 1 then do next LOOP
for r = 1 .. s − 1
x ← x^2 mod n
if x = 1 then return composite
if x = n − 1 then do next LOOP
return composite
return probably prime
import java.math.BigInteger;
import java.util.Random;
public class MillerRabin {
private static final BigInteger ZERO = BigInteger.ZERO;
private static final BigInteger ONE = BigInteger.ONE;
private static final BigInteger TWO = new BigInteger("2");
private static final BigInteger THREE = new BigInteger("3");
public static boolean isProbablePrime(BigInteger n, int k) {
if (n.compareTo(THREE) < 0)
return true;
int s = 0;
BigInteger d = n.subtract(ONE); // n-1
while (d.mod(TWO).equals(ZERO)) { //?
s++; //?
d = d.divide(TWO); //?
}
for (int i = 0; i < k; i++) { //LOOP: repeat k times
BigInteger a = uniformRandom(TWO, n.subtract(ONE)); //?
BigInteger x = a.modPow(d, n); //x = a^d mod n
if (x.equals(ONE) || x.equals(n.subtract(ONE))) // if x=1 or x = n-1, then do next LOOP
continue;
int r = 1;
for (; r < s; r++) { // for r = 1..s-1
x = x.modPow(TWO, n); //x = x ^ 2 mod n
if (x.equals(ONE)) //if x = 1, return false (composite
return false;
if (x.equals(n.subtract(ONE))) //if x= n-1, look at the next a
break;
}
if (r == s) // None of the steps made x equal n-1.
return false; //we've exhausted all of our a values, probably composite
}
return true; //probably prime
}
//this method is just to generate a random int
private static BigInteger uniformRandom(BigInteger bottom, BigInteger top) {
Random rnd = new Random();
BigInteger res;
do {
res = new BigInteger(top.bitLength(), rnd);
} while (res.compareTo(bottom) < 0 || res.compareTo(top) > 0);
return res;
}
import java.math.biginger;
导入java.util.Random;
公共类MillerRabin{
私有静态final biginger ZERO=biginger.ZERO;
私有静态final biginger ONE=biginger.ONE;
私有静态最终BigInteger 2=新的BigInteger(“2”);
私有静态最终BigInteger三=新的BigInteger(“3”);
公共静态布尔值isProbablePrime(BigInteger n,int k){
如果(n.与(三)相比<0)
返回true;
int s=0;
BigInteger d=n.减法(一);//n-1
而(d.mod(TWO).equals(ZERO)){/?
s++;/?
d=d.除以(二);/?
}
对于(int i=0;i0);
返回res;
}
while (d.mod(TWO).equals(ZERO)) { //?
s++; //?
d = d.divide(TWO); //?
}
write n − 1 as 2^s·d with d odd by factoring powers of 2 from n − 1
dsdsn-1BigInteger a = uniformRandom(TWO, n.subtract(ONE)); //?
pick a randomly in the range [2, n − 2]
你对代码的哪一部分有特别的问题?你理解伪代码吗?尝试将每一行伪代码与对应的代码行进行匹配。Hi@rossum感谢你的回复和建议,帮助你完成代码并匹配伪代码。我在不理解的行上添加了带有问号的注释。WRT the random pick,Schneier建议总是从2开始,因为这最有可能导致复合材料被拒绝。在第一次通过后,从[3..n-2]中随机选择。它应该会产生轻微的加速。此外,k参数表示确定性中的4次幂,因此对于通过组合作为素数的概率小于1/2^128的情况,选择k=64。@rossum对于错误概率,每次迭代的1/4是已经证明的。对于大量的经验数据,该测试比p中的测试要好得多实践。但当然,我们不能确定。。。