📄 11-09.html
字号:
<html><head><TITLE>APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C:Mathematical Background</TITLE>
<!-- BEGIN HEADER --><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><SCRIPT><!--function displayWindow(url, width, height) { var Win = window.open(url,"displayWindow",'width=' + width +',height=' + height + ',resizable=1,scrollbars=yes');}//--></SCRIPT></HEAD><body bgcolor="ffffff" link="#006666" alink="#006666" vlink="#006666"><P>
<CENTER><B>Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)</B>
<FONT SIZE="-2">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Bruce Schneier
<BR>
ISBN: 0471128457
<BR>
Publication Date: 01/01/96
</FONT></CENTER>
<P>
<!-- Empty Reference Subhead -->
<!--ISBN=0471128457//-->
<!--TITLE=APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C//-->
<!--AUTHOR=Bruce Schneier//-->
<!--PUBLISHER=Wiley Computer Publishing//-->
<!--CHAPTER=11//-->
<!--PAGES=252-254//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="11-08.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="11-10.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P><FONT SIZE="+1"><B><I>Jacobi Symbol</I></B></FONT></P>
<P>The <B>Jacobi symbol</B>, written J(<I>a,n</I>), is a generalization of the Legendre symbol to composite moduli; it is defined for any integer <I>a</I> and any odd integer <I>n.</I> The function shows up in primality testing. The Jacobi symbol is a function on the set of reduced residues of the divisors of <I>n</I> and can be calculated by several formulas [1412]. This is one method:</P>
<DL>
<DD>Definition 1: J(<I>a,n</I>) is only defined if <I>n</I> is odd.
<DD>Definition 2: J(0<I>,n</I>) = 0.
<DD>Definition 3: If <I>n</I> is prime, then the Jacobi symbol J(<I>a,n</I>) = 0 if <I>n</I> divides <I>a</I>.
<DD>Definition 4: If <I>n</I> is prime, then the Jacobi symbol J(<I>a,n</I>) = 1 if <I>a</I> is a quadratic residue modulo <I>n.</I>
<DD>Definition 5: If <I>n</I> is prime, then the Jacobi symbol J(<I>a,n</I>) = - 1 if <I>a</I> is a quadratic nonresidue modulo <I>n</I>.
<DD>Definition 6: If <I>n</I> is composite, then the Jacobi symbol J(<I>a,n</I>) = J(<I>a,p</I><SUB><SMALL>1</SMALL></SUB>) *...* J(<I>a,p<SUB><SMALL>m</I></SMALL></SUB>), where <I>p<SUB><SMALL>1</I></SMALL></SUB>...<I>p<SUB><SMALL>m</I></SMALL></SUB> is the prime factorization of <I>n</I>.
</DL>
<P>The following algorithm computes the Jacobi symbol recursively:
</P>
<DL>
<DD>Rule 1: J(1,<I>n</I>) = 1
<DD>Rule 2: J(<I>a*b,n</I>) = J(<I>a,n</I>)*J(<I>b,n</I>)
<DD>Rule 3: J(2,<I>n</I>) = 1 if (<I>n</I><SUP><SMALL>2</SMALL></SUP> - 1)/8 is even, and - 1 otherwise
<DD>Rule 4: J(<I>a,n</I>) = J((<I>a</I> mod <I>n</I>),<I>n</I>)
<DD>Rule 5: J(<I>a,b</I><SUB><SMALL>1</SMALL></SUB>*<I>b</I><SUB><SMALL>2</SMALL></SUB>) = J(<I>a,b</I><SUB><SMALL>1</SMALL></SUB>)*J(<I>a,b</I><SUB><SMALL>2</SMALL></SUB>)
<DD>Rule 6: If the greatest common divisor of <I>a</I> and <I>b</I> = 1, and <I>a</I> and <I>b</I> are odd:
<DD>Rule 6a: J(<I>a,b</I>) = J(<I>b,a</I>) if (<I>a</I> - 1)(<I>b</I> - 1)/4 is even
<DD>Rule 6b: J(<I>a,b</I>) = - J(<I>b,a</I>) if (<I>a-</I>1)(<I>b-</I>1)/4 is odd
</DL>
<P>Here is the algorithm in C:
</P>
<!-- CODE //-->
<PRE>
/* This algorithm computes the Jacobi symbol recursively */
int jacobi(int a, int b)
{
int g;
assert(odd(b));
if (a >= b) a %= b; /* by Rule 4 */
if (a == 0) return 0; /* by Definition 2 */
if (a == 1) return 1; /* by Rule 1 */
if (a < 0)
if (((b-1)/2 % 2 == 0)
return jacobi(-a,b);
else
return -jacobi(-a,b);
if (a % 2 == 0) /* a is even */
if (((b*b - 1)/8) % 2 == 0)
return +jacobi(a/2, b)
else
return -jacobi(a/2, b) /* by Rule 3 and Rule 2 */
g = gcd(a,b);
assert(odd(a)); /* this is guaranteed by the (a % 2 == 0)
test */
if (g == a) /* a exactly divides b */
return 0; /* by Rules 5 and 4, and Definition 2 */
else if (g != 1)
return jacobi(g,b) * jacobi(a/g, b); /* by Rule 2 */
else if (((a-1)*(b-1)/4) % 2 == 0)
return +jacobi(b,a); /* by Rule 6a */
else
return -jacobi(b,a); /* by Rule 6b */
}
</PRE>
<!-- END CODE //-->
<P>If <I>n</I> is known to be prime beforehand, simply compute <I>a<SUP><SMALL>((n-1)/2)</SMALL></SUP></I> mod <I>n</I> instead of running the previous algorithm; in this case J(<I>a,n</I>) is equivalent to the Legendre symbol.</P>
<P>The Jacobi symbol cannot be used to determine whether <I>a</I> is a quadratic residue mod <I>n</I> (unless <I>n</I> is prime, of course). Note that, if J(<I>a,n</I>) = 1 and <I>n</I> is composite, it is not necessarily true that <I>a</I> is a quadratic residue modulo <I>n</I>. For example:</P>
<DL>
<DD>J(7, 143) = J(7, 11)*J(7, 13) = (- 1)(- 1) = 1
</DL>
<P>However, there is no integer <I>x</I> such that <I>x<SUP><SMALL>2</SMALL></SUP></I> ≡ 7 (mod 143).</P>
<P><FONT SIZE="+1"><B><I>Blum Integers</I></B></FONT></P>
<P>If <I>p</I> and <I>q</I> are two primes, and both are congruent to 3 modulo 4, then <I>n</I> = <I>pq</I> is sometimes called a <B>Blum integer</B>. If <I>n</I> is a Blum integer, each quadratic residue has exactly four square roots, one of which is also a square; this is the principal square root. For example, the principal square root of 139 mod 437 is 24. The other three square roots are 185, 252, and 413.</P>
<P><FONT SIZE="+1"><B><I>Generators</I></B></FONT></P>
<P>If <I>p</I> is a prime, and <I>g</I> is less than <I>p</I>, then <I>g</I> is a <B>generator</B> mod <I>p</I> if</P>
<DL>
<DD>for each <I>b</I> from 1 to <I>p</I> - 1, there exists some <I>a</I> where <I>g<SUP><SMALL>a</SMALL></SUP></I> ≡ b (mod <I>p</I>).
</DL>
<P>Another way of saying this is that <I>g</I> is <B>primitive</B> with respect to <I>p.</I></P>
<P>For example, if <I>p</I> = 11, 2 is a generator mod 11:</P>
<DL>
<DD>2<SUP><SMALL>10</SMALL></SUP> = 1024 ≡ 1 (mod 11)
<DD>2<SUP><SMALL>1</SMALL></SUP> = 2 ≡ 2 (mod 11)
<DD>2<SUP><SMALL>8</SMALL></SUP> = 256 ≡ 3 (mod 11)
<DD>2<SUP><SMALL>2</SMALL></SUP> = 4 ≡ 4 (mod 11)
<DD>2<SUP><SMALL>4</SMALL></SUP> = 16 ≡ 5 (mod 11)
<DD>2<SUP><SMALL>9</SMALL></SUP> = 512 ≡ 6 (mod 11)
<DD>2<SUP><SMALL>7</SMALL></SUP> = 128 ≡ 7 (mod 11)
<DD>2<SUP><SMALL>3</SMALL></SUP> = 8 ≡ 8 (mod 11)
<DD>2<SUP><SMALL>6</SMALL></SUP> = 64 ≡ 9 (mod 11)
<DD>2<SUP><SMALL>5</SMALL></SUP> = 32 ≡ 10 (mod 11)
</DL>
<P>Every number from 1 to 10 can be expressed as 2a (mod <I>p</I>).</P>
<P>For <I>p</I> = 11, the generators are 2, 6, 7, and 8. The other numbers are not generators. For example, 3 is not a generator because there is no solution to</P>
<DL>
<DD>3<SUP><SMALL><I>a</I></SMALL></SUP> = 2 (mod 11)
</DL>
<P>In general, testing whether a given number is a generator is not an easy problem. It is easy, however, if you know the factorization of <I>p</I> - 1. Let <I>q<SUB><SMALL>1</SMALL></SUB></I>, <I>q<SUB><SMALL>2</SMALL></SUB>,...</I>, <I>q<SUB><SMALL>n</SMALL></SUB></I> be the distinct prime factors of <I>p</I> - 1. To test whether a number <I>g</I> is a generator mod <I>p</I>, calculate</P>
<DL>
<DD>g<SUP>(<I>p-</I> 1)/<I>q</I></SUP> mod <I>p</I>
</DL>
<P>for all values of <I>q</I> = <I>q</I><SUB><SMALL>1</SMALL></SUB>, <I>q<SUB><SMALL>2</SMALL></SUB>,...</I>, <I>q<SUB><SMALL>n</SMALL></SUB></I>.</P>
<P>If that number equals 1 for some value of <I>q</I>, then <I>g</I> is not a generator. If that value does not equal 1 for any values of <I>q</I>, then <I>g</I> is a generator.</P>
<P>For example, let <I>p</I> = 11. The prime factors of <I>p</I> - <I></I> 1 = 10 are 2 and 5. To test whether 2 is a generator:</P>
<DL>
<DD>2<SUP><SMALL>(11- 1)/5</SMALL></SUP> (mod 11) = 4
<DD>2<SUP><SMALL>(11- 1)/2</SMALL></SUP> (mod 11) = 10
</DL>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="11-08.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="11-10.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
[an error occurred while processing this directive]
</body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -