~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
symm/sha3.c: Attach the correct operations to the `shake256' cipher.
[catacomb]
/
math
/
strongprime.c
diff --git
a/math/strongprime.c
b/math/strongprime.c
index
5b13653
..
a12c0d0
100644
(file)
--- a/
math/strongprime.c
+++ b/
math/strongprime.c
@@
-121,7
+121,10
@@
mp *strongprime_setup(const char *name, mp *d, pfilt *f, unsigned nbits,
rabin_iters(nb), pgen_test, &rb)) == 0)
goto fail_t;
rabin_iters(nb), pgen_test, &rb)) == 0)
goto fail_t;
- /* --- Choose a suitable value for %$r = 2it + 1$% for some %$i$% --- */
+ /* --- Choose a suitable value for %$r = 2it + 1$% for some %$i$% --- *
+ *
+ * Then %$r \equiv 1 \pmod{t}$%, i.e., %$r - 1$% is a multiple of %$t$%.
+ */
rr = mp_lsl(rr, t, 1);
pfilt_create(&c.f, rr);
rr = mp_lsl(rr, t, 1);
pfilt_create(&c.f, rr);
@@
-137,7
+140,12
@@
mp *strongprime_setup(const char *name, mp *d, pfilt *f, unsigned nbits,
/* --- Select a suitable congruence class for %$p$% --- *
*
/* --- Select a suitable congruence class for %$p$% --- *
*
- * This computes %$p_0 = 2 s (s^{r - 2} \bmod r) - 1$%.
+ * This computes %$p_0 = 2 s (s^{-1} \bmod r) - 1$%. Then %$p_0 + 1$% is
+ * clearly a multiple of %$s$%, and
+ *
+ * %$p_0 - 1 \equiv 2 s s^{-1} - 2 \equiv 0 \pmod{r}$%
+ *
+ * is a multiple of %$r$%.
*/
rr = mp_modinv(rr, s, q);
*/
rr = mp_modinv(rr, s, q);