qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-14 15:10:54 -07:00
Code Releases Activity
37d078ede3
go/src/crypto
History
Russ Cox 37d078ede3 math/big: add Baillie-PSW test to (*Int).ProbablyPrime 
After x.ProbablyPrime(n) passes the n Miller-Rabin rounds,
add a Baillie-PSW test before declaring x probably prime.

Although the provable error bounds are unchanged, the empirical
error bounds drop dramatically: there are no known inputs
for which Baillie-PSW gives the wrong answer. For example,
before this CL, big.NewInt(443*1327).ProbablyPrime(1) == true.
Now it is (correctly) false.

The new Baillie-PSW test is two pieces: an added Miller-Rabin
round with base 2, and a so-called extra strong Lucas test.
(See the references listed in prime.go for more details.)
The Lucas test takes about 3.5x as long as the Miller-Rabin round,
which is close to theoretical expectations.

name                              time/op
ProbablyPrime/Lucas             2.91ms ± 2%
ProbablyPrime/MillerRabinBase2   850µs ± 1%
ProbablyPrime/n=0               3.75ms ± 3%

The speed of prime testing for a prime input does get slower:

name                  old time/op  new time/op   delta
ProbablyPrime/n=1    849µs ± 1%   4521µs ± 1%  +432.31%   (p=0.000 n=10+9)
ProbablyPrime/n=5   4.31ms ± 3%   7.87ms ± 1%   +82.70%  (p=0.000 n=10+10)
ProbablyPrime/n=10  8.52ms ± 3%  12.28ms ± 1%   +44.11%  (p=0.000 n=10+10)
ProbablyPrime/n=20  16.9ms ± 2%   21.4ms ± 2%   +26.35%   (p=0.000 n=9+10)

However, because the Baillie-PSW test is only added when the old
ProbablyPrime(n) would return true, testing composites runs at
the same speed as before, except in the case where the result
would have been incorrect and is now correct.

In particular, the most important use of this code is for
generating random primes in crypto/rand. That use spends
essentially all its time testing composites, so it is not
slowed down by the new Baillie-PSW check:

name                  old time/op  new time/op   delta
Prime                104ms ±22%    111ms ±16%      ~     (p=0.165 n=10+10)

Thanks to Serhat Şevki Dinçer for CL 20170, which this CL builds on.

Fixes #13229.

Change-Id: Id26dde9b012c7637c85f2e96355d029b6382812a
Reviewed-on: https://go-review.googlesource.com/30770
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
2016-11-22 02:05:47 +00:00
..
aes crypto/{cipher,tls,internal/cryptohw}: prioritise AES-GCM when hardware support is present. 2016-11-07 20:01:18 +00:00
cipher crypto/{aes,cipher}: fix panic in CBC on s390x when src length is 0 2016-10-13 21:42:23 +00:00
des
dsa crypto/dsa: eliminate invalid PublicKey early 2016-04-05 17:41:47 +00:00
ecdsa crypto/ecdsa: correct code comment. 2016-10-02 19:38:37 +00:00
elliptic all: spell "marshal" and "unmarshal" consistently 2016-11-12 00:13:35 +00:00
hmac crypto/hmac: don't test for length equality in Equal. 2016-08-17 23:23:28 +00:00
internal/cipherhw crypto/{cipher,tls,internal/cryptohw}: prioritise AES-GCM when hardware support is present. 2016-11-07 20:01:18 +00:00
md5 crypto/md5, crypto/sha1, crypto/sha256: add examples for checksumming a file 2016-09-19 17:29:19 +00:00
rand math/big: add Baillie-PSW test to (*Int).ProbablyPrime 2016-11-22 02:05:47 +00:00
rc4 all: fix assembly vet issues 2016-08-25 18:52:31 +00:00
rsa crypto/rsa: clarify comment on maximum message length. 2016-09-22 03:06:25 +00:00
sha1 all: make copyright headers consistent with one space after period 2016-11-04 20:46:25 +00:00
sha256 all: make copyright headers consistent with one space after period 2016-11-04 20:46:25 +00:00
sha512 crypto/sha512: improve performance for sha512.block on ppc64le 2016-10-31 19:13:52 +00:00
subtle
tls crypto/tls: reject zero-length SCTs. 2016-11-17 20:53:01 +00:00
x509 all: spell "marshal" and "unmarshal" consistently 2016-11-12 00:13:35 +00:00
crypto.go