From: Christoph Fuerst <ch.fuerst@gmx.at>
Date: Sat, 8 Apr 2017 17:19:11 +0000 (+0200)
Subject: Corrected and finalized verification of Baby-Step Giant Step
X-Git-Url: http://git.risc.jku.at/gitweb/?a=commitdiff_plain;h=b96a057a696ab1f6936f0fde5748b230cf415b8e;p=cfuerst%2Fformal-numbers.git

Corrected and finalized verification of Baby-Step Giant Step
---

diff --git a/discrete_log.txt b/discrete_log.txt
index b4ce377..08e5964 100644
--- a/discrete_log.txt
+++ b/discrete_log.txt
@@ -11,6 +11,8 @@ pred divides(m:prime,n:prime) â âp:prime. mâp = n;
 
 pred isPrime(m:prime) â ân:prime. divides(n,m) â (n â¤ 1 â¨ n = m);
 
+pred isComposite(m:prime) â Â¬isPrime(m);
+
 proc InvModP(a:â[K^2],p:prime): prime
    requires p>1 â§ isPrime(p) â§
             0 < a â§ a < p;
@@ -29,7 +31,7 @@ proc InvModP(a:â[K^2],p:prime): prime
    return ainv;
 }
 
-proc integerroot(a:nat): nat
+proc IntegerRoot(a:nat): nat
    ensures result^2 â¤ a â§ a < (result+1)^2;
 {
    var x:nat = 0;
@@ -50,27 +52,27 @@ proc integerroot(a:nat): nat
 proc DiscreteLog(p:prime,g:nat,a:nat): res
    requires 1 < p â§ isPrime(p) â§ // p is a prime greater than 1
             1 < g â§ g < p â§ 
-            1 < a â§ Â¬divides(p,a) â§
             âb:nat. (0 < b â§ b < p-1) â (g^b % p â  1) â§  g^(p-1)%p = 1 â§ // g has order p-1
-            0 â¤ a â§ a < p; // a is in â¤/pâ¤
+            0 < a â§ a < p; // a is in â¤/pâ¤ - {0}
    ensures (g^result)%p = a;
 {
    var ret:res := 0;
-   var A:Array[20,nat]; // Q: Is it possible to dynamically allocate??
-   var b:Array[20,nat]; // Q: Is it possible to dynamically allocate??
-   var gim:prime := g;
-   var m:nat := integerroot(p-1)+2; // actually \lceil sqrt(p-1) \rceil // TODO
+   var m:nat := IntegerRoot(p-1)+1; 
+   var A:Array[20,nat]; // Q: Is it possible to dynamically allocate?? m would suffice
+   var b:Array[20,nat]; // Q: Is it possible to dynamically allocate?? m would suffice
+   var gim:prime := 1;
+
    
-   A = Array[20,nat](0); // Q: Is it possible to dynamically allocate??
-   b = Array[20,nat](0); // Q: Is it possible to dynamically allocate??  
+   A = Array[20,nat](0); // Q: Is it possible to dynamically allocate?? m would suffice
+   b = Array[20,nat](0); // Q: Is it possible to dynamically allocate??   m would suffice
    
    A[0] := 1;
    b[0] := a;
 
    var gi:prime = InvModP(g,p);
   
-   for var i:nat=1;i<m;i=i+1 do
-      decreases m-i;
+   for var i:nat=1;i<=m;i=i+1 do
+      decreases m+1-i;
    {
       A[i] = A[i-1]*g%p; // Baby-Step
       gim = gim*gi % p;
@@ -98,10 +100,3 @@ proc DiscreteLog(p:prime,g:nat,a:nat): res
    return ret;
 }
 
-proc main(): ()
-{
-   print DiscreteLog(11,2,10);
-}
-
-
-