From: Christoph Fuerst <ch.fuerst@gmx.at>
Date: Thu, 20 Apr 2017 14:39:39 +0000 (+0200)
Subject: Update after second review Wolfgang
X-Git-Url: http://git.risc.jku.at/gitweb/?a=commitdiff_plain;h=1c583171052b937252aa94c592908b5de7ff2135;p=cfuerst%2Fformal-numbers.git

Update after second review Wolfgang
---

diff --git a/discrete_log.txt b/discrete_log.txt
index b66aa0c..13ad706 100644
--- a/discrete_log.txt
+++ b/discrete_log.txt
@@ -12,16 +12,22 @@ pred divides(m:prime,n:prime) â âp:prime. mâp = n;
 pred isPrime(m:prime) â m > 1 â§ ân:prime. n>1 â§ divides(n,m) â (n = m);
 pred isComposite(m:prime) â Â¬isPrime(m);
 
+theorem InverseExists() â âa:nat. âp:prime. isPrime(p) â§ 0 < a â§ a < p â
+                          âr:nat. 0 < r â§ r < p â§ (a*r)%p = 1;
+
 proc InvModP(a:â[K^2],p:prime): prime
    requires isPrime(p) â§
             0 < a â§ a < p;
-   ensures (a*result) % p = 1;
+   ensures 0 < result â§ result < p â§ 
+           (a*result) % p = 1;
 {
    var ainv:prime := 0;
    var i:prime;
    
    for i=1;i<p;i=i+1 do
+     invariant 0 < i â§ i â¤ p;
      invariant (ainv = 0) â (âj:prime. j < i â a*j % p â  1);
+     invariant (ainv â  0) â (0 < ainv â§ ainv < i â§ (a*ainv)%p = 1);     
      decreases p-i;
      if a*i % p = 1 then    // straight search
         ainv = i;           // algorithmic alternative: Euclidean algorithm   
@@ -63,8 +69,8 @@ proc DiscreteLog(p:prime,g:nat,a:nat): res
    A[0] := 1;  b[0] := a;
  
    for var i:nat=1;i<=m;i=i+1 do
-      invariant 0 â¤ A[i] â§ A[i] < p â§
-                0 < gim â§ gim < p;
+      invariant 0 â¤ A[i] â§ A[i] < p;
+      invariant 0 < gim â§ gim < p;
       decreases m+1-i;
    {
       A[i] = A[i-1]*g%p; // Baby-Step
@@ -91,3 +97,4 @@ proc DiscreteLog(p:prime,g:nat,a:nat): res
 }
 
 
+