From: Christoph Fuerst Date: Sun, 14 May 2017 08:14:43 +0000 (+0200) Subject: Added specifications of loop result X-Git-Url: http://git.risc.jku.at/gitweb/?a=commitdiff_plain;h=8adc253ac75658f9ed233337a91f4631f6ae1b57;p=cfuerst%2Fformal-numbers.git Added specifications of loop result --- diff --git a/discrete_log.txt b/discrete_log.txt index 410da66..5658ca6 100644 --- a/discrete_log.txt +++ b/discrete_log.txt @@ -125,12 +125,14 @@ proc DiscreteLog(p:prime,g:nat,a:nat): res ret = i*m + j; solFound = true; } + assert(solFound ⇒ ∃i:nat with i < m. ∃j:nat with j < m. ret = i*m +j); } b[i+1] = b[i]*gim % p; // Giant-Step + assert( (¬solFound) ⇒ (∀i2:nat with i2 < i. ∀j:nat with j < m. A[i2] ≠ b[j])); } - assert(solFound = true ∧ ∃r:nat with r < m. ∃s:nat with s < m. A[r] = b[s]); -//// overflow in result... assert(∃r:nat with r < m. ∃s:nat with s < m. A[r] = b[s] ∧ (g^(s*m)%p * (g^r%p) = a)); + assert(solFound = true ⇒ ∃r:nat with r < m. ∃s:nat with s < m. A[r] = b[s]); + assert(∃r:nat with r < m. ∃s:nat with s < m. A[r] = b[s] ∧ PowerMod(g,s*m+r,p)=a); // solFound = false should never be the case (see theorem DiscreteLogExists) return ret;