I've implemented Pollard's Rho for logarithms using Sage, as the following program stored in pollardrho.py.
def pollardrho(g, h, G):
k, m = 1, 0
t = g**k * h**m
i, j = 1, 0
r = g**i * h**j
def step(t, k, m):
if lift(t) % 3 == 0:
return (t * g, k+1, m)
if lift(t) % 3 == 1:
return (t * h, k, m+1)
if lift(t) % 3 == 2:
return (t ** 2, 2*k, 2*m)
while True:
t, k, m = step(t, k, m)
r, i, j = step(*step(r, i, j))
if t == r:
print("Found a cycle")
print("g^%s h^%s == g^%s h^%s" % (k, m, i, j))
print("g^(%s - %s) == h^(%s - %s)" % (i, k, m, j))
l = g.multiplicative_order()
print("(%s - %s) / (%s - %s) %% %s" % (i, k, m, j, l))
return (i - k) / (m - j) % l # this is where everything goes wrong.
Running this with G = GF(1013), g = G(3), h = G(245) gives the following output:
sage: pollardrho(g, h, G)
Found a cycle
g^262 h^14 == g^16870 h^1006
g^(16870 - 262) == h^(14 - 1006)
(16870 - 262) / (14 - 1006) % 1012
995
However:
sage: (16870 - 262) / (14 - 1006) % 1012
375
Note that this is a completely different result!
If I check the types of i, j, k, m, they are all of type int...
It turns out that typing an integer in the sage shell gives a different result than doing the same inside a python program that uses Sage libraries:
sage: type(1234)
<type 'sage.rings.integer.Integer'>
This isn't the same as the <type 'int'> I got inside of my own program!
Using k, m = Integer(1), Integer(0) solved my problem and I now get the correct discrete log.
To elaborate on Thom's answer, in a .py file you can't use the various preparsing things that Sage does - in particular, ints are ints. Importing from sage.rings.integer.Integer (or from sage.all) in your file could work, or (and I recommend this) just making your file .sage extension instead of .py is the easiest, and least likely to run into other subtle differences.
Related
I have a 3D matrix X of size a x b x c.
I want to create a 3D matrix Y in MATLAB as follows:
X = rand(10, 10, 5);
[a, b, c] = size(X);
for i = 1 : c
for j = 1 : a
for k = 1 : b
if j<a && k<b
Y(j, k, i) = X(j+1, k, i) + X(j, k+1, i).^4;
else
Y(j, k, i) = X(a, b, i) + X(a, b, i).^4;
end
end
end
end
How can I do that by avoiding using a lot of for loops? In other words, how can I rewrite the above code in a faster way without using a lot of loops?
Indexing Arrays/Matrices
Below I added a portion to your script that creates an array Z that is identical to array Y by using indexing that covers the equivalent indices and element-wise operations that are indicated by the dot . preceding the operation. Operations such as multiplication * and division / can be specified element-wise as .* and ./ respectively. Addition and subtraction act in the element-wise fashion and do not need the dot .. I also added an if-statement to check that the arrays are the same and that the for-loops and indexing methods give equivalent results. Indexing using end refers to the last index in the corresponding/respective dimension.
Snippet:
Y = zeros(a,b,c);
Y(1:end-1,1:end-1,:) = X(2:end,1:end-1,:) + X(1: end-1, 2:end,:).^4;
Y(end,1:end,:) = repmat(X(a,b,:) + X(a,b,:).^4,1,b,1);
Y(1:end,end,:) = repmat(X(a,b,:) + X(a,b,:).^4,a,1,1);
Full Script: Including Both Methods and Checking
X = rand(10, 10, 5);
[a, b, c] = size(X);
%Initialed for alternative result%
Z = zeros(a,b,c);
%Looping method%
for i = 1 : c
for j = 1 : a
for k = 1 : b
if j < a && k < b
Y(j, k, i) = X(j+1, k, i) + X(j, k+1, i).^4;
else
Y(j, k, i) = X(a, b, i) + X(a, b, i).^4;
end
end
end
end
%Indexing and element-wise method%
Z(1:end-1,1:end-1,:) = X(2:end,1:end-1,:) + X(1: end-1, 2:end,:).^4;
Z(end,1:end,:) = repmat(X(a,b,:) + X(a,b,:).^4,1,b,1);
Z(1:end,end,:) = repmat(X(a,b,:) + X(a,b,:).^4,a,1,1);
%Checking if results match%
if(Z == Y)
fprintf("Matched result\n");
end
Ran using MATLAB R2019b
I am trying to decrypt a RSA message using the Chinese Remainder Theorem:
p = random_prime(2^512-1, False, 2^511)
q = random_prime(2^512-1, False, 2^511)
n = p * q
phi = (p - 1) * (q - 1)
m = 235432543543345
e = 65537
bezout = xgcd(e, phi)
d = Integer(mod(bezout[1], phi))
c = 0
m_decrypted = 0
def encrypt_rsa():
global c
c = mod(m ^ e, n)
print 'c = ', c
def decrypt_rsa_crt():
global m_decrypted
c1 = p * inverse_mod(p % q, q)
c2 = q * inverse_mod(q % p, p)
n1 = ((c % p) ^ (d % (p - 1))) % p
n2 = ((c % q) ^ (d % (q - 1))) % q
m_decrypted = (n1 * c1 + n2 * c2) % n
encrypt_rsa()
decrypt_rsa_crt()
print 'm_decrypted = ', m_decrypted
However I'm getting this error:
Error in lines 40-40
Traceback (most recent call last):
File "/projects/sage/sage-6.9/local/lib/python2.7/site-packages/smc_sagews/sage_server.py", line 905, in execute
exec compile(block+'\n', '', 'single') in namespace, locals
File "", line 1, in <module>
File "", line 15, in decrypt_rsa_crt
File "sage/structure/element.pyx", line 1700, in sage.structure.element.RingElement.__add__ (/projects/sage/sage-6.9/src/build/cythonized/sage/structure/element.c:16570)
return coercion_model.bin_op(left, right, add)
File "sage/structure/coerce.pyx", line 1070, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (/projects/sage/sage-6.9/src/build/cythonized/sage/structure/coerce.c:9739)
raise TypeError(arith_error_message(x,y,op))
TypeError: unsupported operand parent(s) for '+': 'Ring of integers modulo 13171665913556629928579831399279531345454405227507363358767433731944129138880990155192020899186190552971738190528920869626603617749599336864307309151600773' and 'Ring of integers modulo 7040259687366349269925712273121165166901616380486072254231627613746850969231618371638459623994615760442997840722561781585598181676625437161073288718538017'
The line of the error is the m_decrypted = (n1 * c1 + n2 * c2) % n line. I'm not sure what I'm doing wrong here and how to fix it?
inverse_mod puts things in the ring of integers modulo q or p, in your code. But there is no canonical way to add c1 and c2 since they are in different rings of integers, as the error message indicates. I guess you may want to try to get those to be integers mod n instead, or even better to get just one of the integers.
Suppose I have a m-by-n-by-p matrix "A", each indices stores a real number, now I want to create another matrix "B" and B(i, j, k) = f(A(i, j, k), i, j, k, otherVars), is there a faster way to do it in matlab rather than looping through all the elements? (notice the function requires the index number (i, j, k))
An example is as follows(The actual function f could be more complex):
A = rand(3, 4, 5);
B = zeros(size(A));
C = 10;
for x = 1:size(A, 1)
for y = 1:size(A, 2)
for z = 1:size(A, 3)
B(x, y, z) = A(x,y,z) + x - y * z + C;
end
end
end
I've tried creating a cell "B", and
B{i, j, k} = [A(i, j, k), i, j, k];
I then applied cellfun() to do the parallel computing, but it's even slower than a for-loop over each elements in A.
In my real implementation, function f is much more complex than B = A + X - Y.*Z + C; it takes four scaler values and I don't want to modify it since it's a function written in an external package. Any suggestions?
Vectorize it by building an ndgrid of the appropriate values:
[X,Y,Z] = ndgrid(1:size(A,1), 1:size(A,2), 1:size(A,3));
B = A + X - Y.*Z + C;
I want to calculate Fourier series for some function func.
I build this method:
function y = CalcFourier(accurate, func, a, b, val_x)
f = #(x) eval(func);
% calculate coefficients
a0 = (2 / (b - a)) * calcArea(func, a , b);
an = (2 / (b - a)) * calcArea(strcat(func, '*cos(2*n*pi*x / (b - a))'), a , b);
an = (2 / (b - a)) * calcArea(strcat(func, '*sin(2*n*pi*x / (b - a))'), a , b);
partial = 0;
an_f = #(n) an;
bn_f = #(n) bn;
for n = 1:accurate
partial = partial + an_f(n)* cos(2*n*pi*val_x / (b - a)) + bn_f(n) * sin(2*n*pi*val_x / (b - a));
end
y = (a0 / 2) + partial;
end
And this - to approximate the coefficient's:
function area = calcArea(func, a, b)
f = #(x) eval(func);
area = (a - b) * (f(a) - f(b)) / 2;
end
On line an = (2 / (b - a)) * calcArea(strcat(func, '*cos(2*n*pi*x / (b - a))'), a , b); I'm getting error:
??? Error using ==> eval
Undefined function or variable 'n'.
Error in ==> calcArea>#(x)eval(func) at 2
f = #(x) eval(func);
Error in ==> calcArea at 3
area = (a - b) * (f(a) - f(b)) / 2;
Error in ==> CalcFourier at 5
an = (2 / (b - a)) * calcArea(strcat(func,
'*cos(2*n*pi*x / (b - a))'), a , b);
>>
Is there any option to declate n as "some constant"? Thanks!
You try to use a variable called n in line 4 of your code. However at that time n is not defined yet, that only happens in the for loop. (Tip: Use dbstop if error at all times, that way you can spot the problem more easily).
Though I don't fully grasp what you are doing I believe you need something like this:
n=1 at the start of your CalcFourier function. Of course you can also choose to input n as a variable, or to move the corresponding line to a place where n is actually defined.
Furthermore you seem to use n in calcArea, but you don't try to pass it to the function at all.
All of this would be easier to find if you avoided the use of eval, perhaps you can try creating the function without it, and then matlab will more easily guide you to the problems in your code.
if the symbolic toolbox is available it can be used to declare symbolic variables , which can be treated as 'some variable' and substituted with a value later.
however a few changes should be made for it to be implemented, generally converting anonymous functions to symbolic functions and any function of n to symbolic functions. And finally the answer produced will need to be converted from a symbolic value to some more easy to handle value e.g. double
quickly implementing this to your code as follows;
function y = test(accurate, func, a, b, val_x)
syms n x % declare symbolic variables
%f = symfun(eval(func),x); commented out as not used
The two lines above show the declaration of symbolic variables and the syntax for creating a symbolic function
% calculate coefficients
a0 = symfun((2 / (b - a)) * calcArea(func, a , b),x);
an = symfun((2 / (b - a)) * calcArea(strcat(func, '*cos(2*n*pi*x / (b - a))'),...
... a , b),[x n]);
bn = symfun((2 / (b - a)) * calcArea(strcat(func, '*sin(2*n*pi*x / (b - a))'),...
... a , b),[x n]);
partial = 0;
the function definitions in in your code are combined into the lines above, note they functions are of x and n, the substitution of x_val is done later here...
for n = 1:accurate
partial = partial + an(val_x,n)* cos(2*n*pi*val_x / (b - a)) +...
... bn(val_x,n) * sin(2*n*pi*val_x / (b - a));
end
The for loop which now replaces the symbolic n with values and calls the symbolic functions with x_val and each n value
y = (a0 / 2) + partial;
y = double(y);
end
Finally the solution is calculated and then converted to double;
Disclaimer: I have not checked if this code generates the correct solution, however I hope it gives you enough information to understand what has been changed and why to carry out the process given in your code above, using the symbolic toolbox to address the issue...
I'm working on a function that takes a 1xn vector x as input and returns a nxn matrix L.
I'd like to speed things up by vectorizing the loops, but there's a catch that puzzles me: loop index b depends on loop index a. Any help would be appreciated.
x = x(:);
n = length(x);
L = zeros(n, n);
for a = 1 : n,
for b = 1 : a-1,
c = b+1 : a-1;
if all(x(c)' < x(b) + (x(a) - x(b)) * ((b - c)/(b-a))),
L(a,b) = 1;
end
end
end
From a quick test, it looks like you are doing something with the lower triangle only. You might be able to vectorize using ugly tricks like ind2sub and arrayfun similar to this
tril_lin_idx = find(tril(ones(n), -1));
[A, B] = ind2sub([n,n], tril_lin_idx);
C = arrayfun(#(a,b) b+1 : a-1, A, B, 'uniformoutput', false); %cell array
f = #(a,b,c) all(x(c{:})' < x(b) + (x(a) - x(b)) * ((b - c{:})/(b-a)));
L = zeros(n, n);
L(tril_lin_idx) = arrayfun(f, A, B, C);
I cannot test it, since I do not have x and I don't know the expected result. I normally like vectorized solutions, but this is maybe pushing it a bit too much :). I would stick to your explicit for-loop, which might be much clearer and which Matlab's JIT should be able to speed up easily. You could replace the if with L(a,b) = all(...).
Edit1
Updated version, to prevent wasting ~ n^3 space on C:
tril_lin_idx = find(tril(ones(n), -1));
[A, B] = ind2sub([n,n], tril_lin_idx);
c = #(a,b) b+1 : a-1;
f = #(a,b) all(x(c(a, b))' < x(b) + (x(a) - x(b)) * ((b - c(a, b))/(b-a)));
L = zeros(n, n);
L(tril_lin_idx) = arrayfun(f, A, B);
Edit2
Slight variant, which does not use ind2sub and which should be more easy to modify in case b would depend in a more complex way on a. I inlined c for speed, it seems that especially calling the function handles is expensive.
[A,B] = ndgrid(1:n);
v = B<A; % which elements to evaluate
f = #(a,b) all(x(b+1:a-1)' < x(b) + (x(a) - x(b)) * ((b - (b+1:a-1))/(b-a)));
L = false(n);
L(v) = arrayfun(f, A(v), B(v));
If I understand your problem correctly, L(a, b) == 1 if for any c with a < c < b, (c, x(c)) is “below” the line connecting (a, x(a)) and (b, x(b)), right?
It is not a vectorization, but I found the other approach. Rather than comparing all c with a < c < b for each new b, I saved the maximum slope from a to c in (a, b), and used it for (a, b + 1). (I tried with only one direction, but I think that using both directions is also possible.)
x = x(:);
n = length(x);
L = zeros(n);
for a = 1:(n - 1)
L(a, a + 1) = 1;
maxSlope = x(a + 1) - x(a);
for b = (a + 2):n
currSlope = (x(b) - x(a)) / (b - a);
if currSlope > maxSlope
maxSlope = currSlope;
L(a, b) = 1;
end
end
end
I don't know your data, but with some random data, the result is the same with original code (with transpose).
An esoteric answer: You could do the calculations for every a,b,c from 1:n, exclude the don't cares, and then do the all along the c dimension.
[a, b, c] = ndgrid(1:n, 1:n, 1:n);
La = x(c)' < x(b) + (x(a) - x(b)) .* ((b - c)./(b-a));
La(b >= a | c <= b | c >= a) = true;
L = all(La, 3);
Though the jit would probably do just fine with the for loops since they do very little.
Edit: still uses all of the memory, but with less maths
[A, B, C] = ndgrid(1:n, 1:n, 1:n);
valid = B < A & C > B & C < A;
a = A(valid); b = B(valid); c = C(valid);
La = true(size(A));
La(valid) = x(c)' < x(b) + (x(a) - x(b)) .* ((b - c)./(b-a));
L = all(La, 3);
Edit2: alternate last line to add the clause that c of no elements is true
L = all(La,3) | ~any(valid,3);