Mercurial > dropbear
comparison bn.tex @ 190:d8254fc979e9 libtommath-orig LTM_0.35
Initial import of libtommath 0.35
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 06 May 2005 08:59:30 +0000 |
| parents | d29b64170cf0 |
| children |
comparison
equal
deleted
inserted
replaced
| 142:d29b64170cf0 | 190:d8254fc979e9 |
|---|---|
| 47 \def\gap{\vspace{0.5ex}} | 47 \def\gap{\vspace{0.5ex}} |
| 48 \makeindex | 48 \makeindex |
| 49 \begin{document} | 49 \begin{document} |
| 50 \frontmatter | 50 \frontmatter |
| 51 \pagestyle{empty} | 51 \pagestyle{empty} |
| 52 \title{LibTomMath User Manual \\ v0.32} | 52 \title{LibTomMath User Manual \\ v0.35} |
| 53 \author{Tom St Denis \\ [email protected]} | 53 \author{Tom St Denis \\ [email protected]} |
| 54 \maketitle | 54 \maketitle |
| 55 This text, the library and the accompanying textbook are all hereby placed in the public domain. This book has been | 55 This text, the library and the accompanying textbook are all hereby placed in the public domain. This book has been |
| 56 formatted for B5 [176x250] paper using the \LaTeX{} {\em book} macro package. | 56 formatted for B5 [176x250] paper using the \LaTeX{} {\em book} macro package. |
| 57 | 57 |
| 261 \newpage\begin{figure}[here] | 261 \newpage\begin{figure}[here] |
| 262 \begin{small} | 262 \begin{small} |
| 263 \begin{center} | 263 \begin{center} |
| 264 \begin{tabular}{|l|c|c|l|} | 264 \begin{tabular}{|l|c|c|l|} |
| 265 \hline \textbf{Criteria} & \textbf{Pro} & \textbf{Con} & \textbf{Notes} \\ | 265 \hline \textbf{Criteria} & \textbf{Pro} & \textbf{Con} & \textbf{Notes} \\ |
| 266 \hline Few lines of code per file & X & & GnuPG $ = 300.9$, LibTomMath $ = 76.04$ \\ | 266 \hline Few lines of code per file & X & & GnuPG $ = 300.9$, LibTomMath $ = 71.97$ \\ |
| 267 \hline Commented function prototypes & X && GnuPG function names are cryptic. \\ | 267 \hline Commented function prototypes & X && GnuPG function names are cryptic. \\ |
| 268 \hline Speed && X & LibTomMath is slower. \\ | 268 \hline Speed && X & LibTomMath is slower. \\ |
| 269 \hline Totally free & X & & GPL has unfavourable restrictions.\\ | 269 \hline Totally free & X & & GPL has unfavourable restrictions.\\ |
| 270 \hline Large function base & X & & GnuPG is barebones. \\ | 270 \hline Large function base & X & & GnuPG is barebones. \\ |
| 271 \hline Four modular reduction algorithms & X & & Faster modular exponentiation. \\ | 271 \hline Five modular reduction algorithms & X & & Faster modular exponentiation for a variety of moduli. \\ |
| 272 \hline Portable & X & & GnuPG requires configuration to build. \\ | 272 \hline Portable & X & & GnuPG requires configuration to build. \\ |
| 273 \hline | 273 \hline |
| 274 \end{tabular} | 274 \end{tabular} |
| 275 \end{center} | 275 \end{center} |
| 276 \end{small} | 276 \end{small} |
| 282 would require when working with large integers. | 282 would require when working with large integers. |
| 283 | 283 |
| 284 So it may feel tempting to just rip the math code out of GnuPG (or GnuMP where it was taken from originally) in your | 284 So it may feel tempting to just rip the math code out of GnuPG (or GnuMP where it was taken from originally) in your |
| 285 own application but I think there are reasons not to. While LibTomMath is slower than libraries such as GnuMP it is | 285 own application but I think there are reasons not to. While LibTomMath is slower than libraries such as GnuMP it is |
| 286 not normally significantly slower. On x86 machines the difference is normally a factor of two when performing modular | 286 not normally significantly slower. On x86 machines the difference is normally a factor of two when performing modular |
| 287 exponentiations. | 287 exponentiations. It depends largely on the processor, compiler and the moduli being used. |
| 288 | 288 |
| 289 Essentially the only time you wouldn't use LibTomMath is when blazing speed is the primary concern. | 289 Essentially the only time you wouldn't use LibTomMath is when blazing speed is the primary concern. However, |
| 290 on the other side of the coin LibTomMath offers you a totally free (public domain) well structured math library | |
| 291 that is very flexible, complete and performs well in resource contrained environments. Fast RSA for example can | |
| 292 be performed with as little as 8KB of ram for data (again depending on build options). | |
| 290 | 293 |
| 291 \chapter{Getting Started with LibTomMath} | 294 \chapter{Getting Started with LibTomMath} |
| 292 \section{Building Programs} | 295 \section{Building Programs} |
| 293 In order to use LibTomMath you must include ``tommath.h'' and link against the appropriate library file (typically | 296 In order to use LibTomMath you must include ``tommath.h'' and link against the appropriate library file (typically |
| 294 libtommath.a). There is no library initialization required and the entire library is thread safe. | 297 libtommath.a). There is no library initialization required and the entire library is thread safe. |
| 807 mp\_int structures. This is analogous to an absolute comparison. The function mp\_cmp\_mag() will compare two | 810 mp\_int structures. This is analogous to an absolute comparison. The function mp\_cmp\_mag() will compare two |
| 808 mp\_int variables based on their digits only. | 811 mp\_int variables based on their digits only. |
| 809 | 812 |
| 810 \index{mp\_cmp\_mag} | 813 \index{mp\_cmp\_mag} |
| 811 \begin{alltt} | 814 \begin{alltt} |
| 812 int mp_cmp(mp_int * a, mp_int * b); | 815 int mp_cmp_mag(mp_int * a, mp_int * b); |
| 813 \end{alltt} | 816 \end{alltt} |
| 814 This will compare $a$ to $b$ placing $a$ to the left of $b$. This function cannot fail and will return one of the | 817 This will compare $a$ to $b$ placing $a$ to the left of $b$. This function cannot fail and will return one of the |
| 815 three compare codes listed in figure \ref{fig:CMP}. | 818 three compare codes listed in figure \ref{fig:CMP}. |
| 816 | 819 |
| 817 \begin{small} \begin{alltt} | 820 \begin{small} \begin{alltt} |
| 1218 \begin{alltt} | 1221 \begin{alltt} |
| 1219 int mp_sqr (mp_int * a, mp_int * b); | 1222 int mp_sqr (mp_int * a, mp_int * b); |
| 1220 \end{alltt} | 1223 \end{alltt} |
| 1221 | 1224 |
| 1222 Will square $a$ and store it in $b$. Like the case of multiplication there are four different squaring | 1225 Will square $a$ and store it in $b$. Like the case of multiplication there are four different squaring |
| 1223 algorithms all which can be called from mp\_sqr(). It is ideal to use mp\_sqr over mp\_mul when squaring terms. | 1226 algorithms all which can be called from mp\_sqr(). It is ideal to use mp\_sqr over mp\_mul when squaring terms because |
| 1227 of the speed difference. | |
| 1224 | 1228 |
| 1225 \section{Tuning Polynomial Basis Routines} | 1229 \section{Tuning Polynomial Basis Routines} |
| 1226 | 1230 |
| 1227 Both of the Toom-Cook and Karatsuba multiplication algorithms are faster than the traditional $O(n^2)$ approach that | 1231 Both of the Toom-Cook and Karatsuba multiplication algorithms are faster than the traditional $O(n^2)$ approach that |
| 1228 the Comba and baseline algorithms use. At $O(n^{1.464973})$ and $O(n^{1.584962})$ running times respectfully they require | 1232 the Comba and baseline algorithms use. At $O(n^{1.464973})$ and $O(n^{1.584962})$ running times respectively they require |
| 1229 considerably less work. For example, a 10000-digit multiplication would take roughly 724,000 single precision | 1233 considerably less work. For example, a 10000-digit multiplication would take roughly 724,000 single precision |
| 1230 multiplications with Toom-Cook or 100,000,000 single precision multiplications with the standard Comba (a factor | 1234 multiplications with Toom-Cook or 100,000,000 single precision multiplications with the standard Comba (a factor |
| 1231 of 138). | 1235 of 138). |
| 1232 | 1236 |
| 1233 So why not always use Karatsuba or Toom-Cook? The simple answer is that they have so much overhead that they're not | 1237 So why not always use Karatsuba or Toom-Cook? The simple answer is that they have so much overhead that they're not |
| 1295 of $b$. This algorithm accepts an input $a$ of any range and is not limited by $0 \le a < b^2$. | 1299 of $b$. This algorithm accepts an input $a$ of any range and is not limited by $0 \le a < b^2$. |
| 1296 | 1300 |
| 1297 \section{Barrett Reduction} | 1301 \section{Barrett Reduction} |
| 1298 | 1302 |
| 1299 Barrett reduction is a generic optimized reduction algorithm that requires pre--computation to achieve | 1303 Barrett reduction is a generic optimized reduction algorithm that requires pre--computation to achieve |
| 1300 a decent speedup over straight division. First a $mu$ value must be precomputed with the following function. | 1304 a decent speedup over straight division. First a $\mu$ value must be precomputed with the following function. |
| 1301 | 1305 |
| 1302 \index{mp\_reduce\_setup} | 1306 \index{mp\_reduce\_setup} |
| 1303 \begin{alltt} | 1307 \begin{alltt} |
| 1304 int mp_reduce_setup(mp_int *a, mp_int *b); | 1308 int mp_reduce_setup(mp_int *a, mp_int *b); |
| 1305 \end{alltt} | 1309 \end{alltt} |
| 1306 | 1310 |
| 1307 Given a modulus in $b$ this produces the required $mu$ value in $a$. For any given modulus this only has to | 1311 Given a modulus in $b$ this produces the required $\mu$ value in $a$. For any given modulus this only has to |
| 1308 be computed once. Modular reduction can now be performed with the following. | 1312 be computed once. Modular reduction can now be performed with the following. |
| 1309 | 1313 |
| 1310 \index{mp\_reduce} | 1314 \index{mp\_reduce} |
| 1311 \begin{alltt} | 1315 \begin{alltt} |
| 1312 int mp_reduce(mp_int *a, mp_int *b, mp_int *c); | 1316 int mp_reduce(mp_int *a, mp_int *b, mp_int *c); |
| 1313 \end{alltt} | 1317 \end{alltt} |
| 1314 | 1318 |
| 1315 This will reduce $a$ in place modulo $b$ with the precomputed $mu$ value in $c$. $a$ must be in the range | 1319 This will reduce $a$ in place modulo $b$ with the precomputed $\mu$ value in $c$. $a$ must be in the range |
| 1316 $0 \le a < b^2$. | 1320 $0 \le a < b^2$. |
| 1317 | 1321 |
| 1318 \begin{alltt} | 1322 \begin{alltt} |
| 1319 int main(void) | 1323 int main(void) |
| 1320 \{ | 1324 \{ |
| 1576 will return $-2$. | 1580 will return $-2$. |
| 1577 | 1581 |
| 1578 This algorithm uses the ``Newton Approximation'' method and will converge on the correct root fairly quickly. Since | 1582 This algorithm uses the ``Newton Approximation'' method and will converge on the correct root fairly quickly. Since |
| 1579 the algorithm requires raising $a$ to the power of $b$ it is not ideal to attempt to find roots for large | 1583 the algorithm requires raising $a$ to the power of $b$ it is not ideal to attempt to find roots for large |
| 1580 values of $b$. If particularly large roots are required then a factor method could be used instead. For example, | 1584 values of $b$. If particularly large roots are required then a factor method could be used instead. For example, |
| 1581 $a^{1/16}$ is equivalent to $\left (a^{1/4} \right)^{1/4}$. | 1585 $a^{1/16}$ is equivalent to $\left (a^{1/4} \right)^{1/4}$ or simply |
| 1586 $\left ( \left ( \left ( a^{1/2} \right )^{1/2} \right )^{1/2} \right )^{1/2}$ | |
| 1582 | 1587 |
| 1583 \chapter{Prime Numbers} | 1588 \chapter{Prime Numbers} |
| 1584 \section{Trial Division} | 1589 \section{Trial Division} |
| 1585 \index{mp\_prime\_is\_divisible} | 1590 \index{mp\_prime\_is\_divisible} |
| 1586 \begin{alltt} | 1591 \begin{alltt} |