I am trying to decrypt a RSA message using the Chinese Remainder Theorem:
p = random_prime(2^512-1, False, 2^511)
q = random_prime(2^512-1, False, 2^511)
n = p * q
phi = (p - 1) * (q - 1)
m = 235432543543345
e = 65537
bezout = xgcd(e, phi)
d = Integer(mod(bezout[1], phi))
c = 0
m_decrypted = 0
def encrypt_rsa():
global c
c = mod(m ^ e, n)
print 'c = ', c
def decrypt_rsa_crt():
global m_decrypted
c1 = p * inverse_mod(p % q, q)
c2 = q * inverse_mod(q % p, p)
n1 = ((c % p) ^ (d % (p - 1))) % p
n2 = ((c % q) ^ (d % (q - 1))) % q
m_decrypted = (n1 * c1 + n2 * c2) % n
encrypt_rsa()
decrypt_rsa_crt()
print 'm_decrypted = ', m_decrypted
However I'm getting this error:
Error in lines 40-40
Traceback (most recent call last):
File "/projects/sage/sage-6.9/local/lib/python2.7/site-packages/smc_sagews/sage_server.py", line 905, in execute
exec compile(block+'\n', '', 'single') in namespace, locals
File "", line 1, in <module>
File "", line 15, in decrypt_rsa_crt
File "sage/structure/element.pyx", line 1700, in sage.structure.element.RingElement.__add__ (/projects/sage/sage-6.9/src/build/cythonized/sage/structure/element.c:16570)
return coercion_model.bin_op(left, right, add)
File "sage/structure/coerce.pyx", line 1070, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (/projects/sage/sage-6.9/src/build/cythonized/sage/structure/coerce.c:9739)
raise TypeError(arith_error_message(x,y,op))
TypeError: unsupported operand parent(s) for '+': 'Ring of integers modulo 13171665913556629928579831399279531345454405227507363358767433731944129138880990155192020899186190552971738190528920869626603617749599336864307309151600773' and 'Ring of integers modulo 7040259687366349269925712273121165166901616380486072254231627613746850969231618371638459623994615760442997840722561781585598181676625437161073288718538017'
The line of the error is the m_decrypted = (n1 * c1 + n2 * c2) % n line. I'm not sure what I'm doing wrong here and how to fix it?
inverse_mod puts things in the ring of integers modulo q or p, in your code. But there is no canonical way to add c1 and c2 since they are in different rings of integers, as the error message indicates. I guess you may want to try to get those to be integers mod n instead, or even better to get just one of the integers.
Related
I am trying to code Horner’s Method for Polynomial Evaluation but for some reason its not working for me and I'm not sure where I am getting it wrong.
These are the data I have:
nodes = [-2, -1, 1]
x = 2
c (coefficients) = [-3, 3, -1]
The code I have so far is:
function y = horner(x, nodes, c)
n = length(c);
y = c(1);
for i = 2:n
y = y * ((x - nodes(i - 1)) + c(i));
end
end
I am supposed to end up with a polynomial such as (−1)·(x+2)(x+1)+3·(x+2)−3·1 and if x =2 then I am supposed to get -3. But for some reason I don't know where I am going wrong.
Edit:
So I changed my code. I think it works but I am not sure:
function y = horner(x, nodes, c)
n = length(c);
y = c(n);
for k = n-1:-1:1
y = c(k) + y * (x - nodes((n - k) + 1));
end
end
This works:
function y = horner(x, nodes, c)
n = length(c);
y = 0;
for i = 1:n % We iterate over `c`
tmp = c(i);
for j = 1:i-1 % We iterate over the relevant elements of `nodes`
tmp *= x - nodes(j); % We multiply `c(i) * (x - nodes(1)) * (x -nodes(2)) * (x- nodes(3)) * ... * (x - nodes(i -1))
end
y += tmp; % We added each product to y
end
% Here `y` is as following:
% c(1) + c(2) * (x - nodes(1)) + c(3) * (x - nodes(1)) * (x - nodes(2)) + ... + c(n) * (x - nodes(1)) * ... * (x - nodes(n - 1))
end
(I'm sorry this isn't python but I don't know python)
In the case where we didn't have nodes, horner's method works like this:
p = c[n]
for i=n-1 .. 1
p = x*p + c[i]
for example for a quadratic (with coeffs a,b,c) this is
p = x*(x*a+b)+c
Note that if your language supports fma
fma(x,y,x) = x*y+z
then horner's method can be written
p = c[n]
for i=n-1 .. 1
p = fma( x, p, c[i])
When you do have nodes, the change is simple:
p = c[n]
for i=n-1 .. 1
p = (x-nodes[i])*p + c[i]
Or, using fma
p = c[n]
for i=n-1 .. 1
p = fma( (x-nodes[i]), p, c[i])
For the quadratic above this leads to
p = (x-nodes[1]*((x-nodes[2])*a+b)+c
I have an octave/Matlab function like this.
function [z] = baseline_als(y, lam, p, niter)
L = size(y);
D = sparse(diff(eye(L), 2));
w = ones(L);
for i = 1:niter
W = sparse.spdiags(w, 0, L, L); %error comes here
Z = W + lam * dot(D,transpose(D));
% z = spsolve(Z, w*y);
z= Z\(w*y);
w = p * (y > z) + (1-p) * (y < z);
end % End of For loop
end % End of function
I am calling this like this (in other file),
z = baseline_als(X,1000,0.00001,20)
plot(z)
Where X is 1D vector.
I have referred documentation from here. But could not figure out this error. How can I solve this?
I am completing an assignment for a class. We were to follow a flow chart to find the values for the trap rule code. I believe the problem is with my main code.
I am not sure if there is a problem with my function code or my main code, any help would be appreciated.
when I run the section, it display the function as the answer
The following is my mainscript code:
f = #(x) (4*sin (x)) / (exp(2*x)) ;
trap_haskell(f , 0 , 3 , 7)
The rest is my trapezoidal rule code
function [f] = trap_haskell(f, a, b, n)
x = a ;
h = (b - a) / n ;
s = f (a) ;
for k=1:1:n-1
x = x + h ;
s = s + 2 * f(x) ;
end
s = s + f(b) ;
I = (b - a) * s / (2 * n) ;
end
You're returning f as the output argument of trap_haskell which is the input function into trap_haskell itself. The variable I in your code actually stores the integral so it's simply a matter of changing the output variable of the function definition to return the integral instead:
%// ------ Change here
%// |
%// V
function [I] = trap_haskell(f, a, b, n)
I've implemented Pollard's Rho for logarithms using Sage, as the following program stored in pollardrho.py.
def pollardrho(g, h, G):
k, m = 1, 0
t = g**k * h**m
i, j = 1, 0
r = g**i * h**j
def step(t, k, m):
if lift(t) % 3 == 0:
return (t * g, k+1, m)
if lift(t) % 3 == 1:
return (t * h, k, m+1)
if lift(t) % 3 == 2:
return (t ** 2, 2*k, 2*m)
while True:
t, k, m = step(t, k, m)
r, i, j = step(*step(r, i, j))
if t == r:
print("Found a cycle")
print("g^%s h^%s == g^%s h^%s" % (k, m, i, j))
print("g^(%s - %s) == h^(%s - %s)" % (i, k, m, j))
l = g.multiplicative_order()
print("(%s - %s) / (%s - %s) %% %s" % (i, k, m, j, l))
return (i - k) / (m - j) % l # this is where everything goes wrong.
Running this with G = GF(1013), g = G(3), h = G(245) gives the following output:
sage: pollardrho(g, h, G)
Found a cycle
g^262 h^14 == g^16870 h^1006
g^(16870 - 262) == h^(14 - 1006)
(16870 - 262) / (14 - 1006) % 1012
995
However:
sage: (16870 - 262) / (14 - 1006) % 1012
375
Note that this is a completely different result!
If I check the types of i, j, k, m, they are all of type int...
It turns out that typing an integer in the sage shell gives a different result than doing the same inside a python program that uses Sage libraries:
sage: type(1234)
<type 'sage.rings.integer.Integer'>
This isn't the same as the <type 'int'> I got inside of my own program!
Using k, m = Integer(1), Integer(0) solved my problem and I now get the correct discrete log.
To elaborate on Thom's answer, in a .py file you can't use the various preparsing things that Sage does - in particular, ints are ints. Importing from sage.rings.integer.Integer (or from sage.all) in your file could work, or (and I recommend this) just making your file .sage extension instead of .py is the easiest, and least likely to run into other subtle differences.
for i=0:255
m(i+1)=sum((0:i)'.*p(1:i+1)); end
What is happening can anyone explain. p is an array of size 256 elements same as m.
p = (0:255)';
m = zeros(1,256);
for i=0:255
m(i+1)=sum((0:i)'.*p(1:i+1));
end
m[i+1] contains the scalar product of [0,1,2,..,i] with (p[1],...,p[i+1])
You can write it as :
p = (0:255);
m = zeros(1,256);
for i=0:255
m(i+1)=sum((0:i).*p(1:i+1));
end
Or:
p = (0:255);
m = zeros(1,256);
for i=0:255
m(i+1)=(0:i)*p(1:i+1)';
end
In case you don't recall, that is the definition of scalar product
Whatever the p is, you can calculate m by:
dm = (0 : length(p) - 1)' .* p(:); % process as column vector
m = cumsum(dm);
Hint: write the formula for m[n], then for m[n+1], then subtract to get the formula:
m[n+1] - m[n] = (n - 1) * p[n]
and this is dm.