【日记】Montgomery Modular Inverse

最新推荐文章于 2024-10-24 09:17:40 发布

原创最新推荐文章于 2024-10-24 09:17:40 发布 · 249 阅读

CC 4.0 BY-SA版权

本文深入探讨了模逆元算法的实现细节，包括AlmMonInv函数，用于计算特定条件下a^-1*2^k(mod m)，以及MonModInverse函数，提供了一种高效求解模逆的方法。文章还涉及了Montgomery乘法原理，并通过具体算法展示了如何在计算机科学中解决模逆问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

(r, k) = AlmMonInv(a, m) = (a^-1)(2 ^k) (mod m)

/// <summary>
/// 返回{x, k}；x = <paramref name="value"/>−1 * 2^k (mod <paramref name="modulo"/>) 
/// if gcd(<paramref name="value"/>, <paramref name="modulo"/>) = 1 and <paramref name="modulo"/> is odd
/// </summary>
private static uint[] AlmMonInv(uint value, uint modulo)
{
    if (value >= modulo)
        throw new ArgumentOutOfRangeException("value should be less than modulo");

    uint u = modulo, v = value, r = 0, s = 1, k = 0;
    while (v > 0)
    {
        if (IsEven(u))
        {
            u >>= 1; s <<= 1;
        }
        else if (IsEven(v))
        {
            v >>= 1; r <<= 1;
        }
        else if (u > v)
        {
            u = (u - v) >> 1; r += s; s <<= 1;
        }
        else if (v >= u)
        {
            v = (v - u) >> 1; s += r; r <<= 1;
        }
        ++k;
    }

    if (r >= modulo) r -= modulo;

    return new uint[] { modulo - r, k };
}

设 z = AlmMonInv(a, m) = (a^-1)(2^k) (mod m)

因为MonPro(x, y, m, m') = (xy) R ^-1 (mod m) = (xy)(2^32)^-1 (mod m)

所以ModInverse(a, m) = MonPro(z, 2^32-k, m, m') = (a^-1)(2^k)(2^32-k)(2^-32) (mod m) = a^-1 (mod m)

/// <summary>
/// <paramref name = "value" />−1 (mod<paramref name="modulo"/>) 
/// </summary>
public static int MonModInverse(int value, int modulo)
{
    if (modulo <= 0)
        throw new ArgumentOutOfRangeException("modulo should be positive");

    if (modulo == 1) return 0;

    var mod = Mod(value, modulo);
    if (mod == 1) return 1;

    var gcd = MonGCD(1U << 31, (uint)modulo);
    var result = AlmMonInv((uint)mod, (uint)modulo);
    if (result[1] > 32)
    {
        result[0] = MonPro(result[0], 1U, (uint)modulo, gcd[1]);
        result[1] -= 32;
    }
    result[0] = MonPro(result[0], 1U << (32 - (int)result[1]), (uint)modulo, gcd[1]);
            
    return (int)result[0];
}


/// <summary>
/// <paramref name="value"/> (mod <paramref name="modulo"/>)
/// </summary>
public static int Mod(int value, int modulo)
{
    if (modulo <= 0)
        throw new ArgumentOutOfRangeException("modulo should be positive");

    var remainder = value % modulo;
    return remainder < 0 ? remainder + modulo : remainder;
}

/// <summary>
/// returns {R, K}，R*(2left) - K*right = 1.
/// left = 2 ^ n and right is odd
/// </summary>
public static uint[] MonGCD(uint left, uint right)
{
    var result = new uint[] { 1UL, 0UL };
    var s = left;
    var t = right;

    while (left > 0)
    {
        left >>= 1;
        result[1] >>= 1;

        if (IsEven(result[0]))
        {
            result[0] >>= 1;
        }
        else
        {
            result[0] = ((result[0] ^ t) >> 1) + (result[0] & t);//(result[0] + t) / 2
            result[1] += s;
        }
    }

    return result;
}


private static bool IsEven(uint n) => (n & 1) == 0;

注意：a^-1 (mod m) 只有在gcd(a, m) == 1时存在，本方法并没有检查a和m是否互素。并且本方法不能求解modulo为偶数时的模逆。

MonModPro 参考《Montgomery Moduluar Exponentiation》