ansaurus

Question

Answer 1

+20 A:

It looks like your Func_4() function calculates G^X mod P. What you're asking for is a solution to the discrete logarithm problem, but no efficient algorithm is known.

Greg Hewgill 2009-04-24 04:40:17

However, if the poster does solve this problem, I've got this RSA system I'm trying to break...

Stefan Kendall 2009-04-24 05:05:15

the "mod" is the problem. You won't break this ever. 5 mod 2 has the same result as 7 mod 2 and 9 mod 4 and so on. You can't determine the input based on the output. There is an infinity of input combinations that result in the desired output. Go to sleep.

Andrei Rinea 2009-04-24 21:09:36

Exactly. You're not supposed to get X. You're supposed to check whether the client *knew* the correct x by sending it different G and P, and check if their results agree with yours. But at no point is x supposed to be transmitted.

Tim Lin 2009-04-29 15:20:35

Answer 2

+2 A:

It looks like i = (g**x) mod p. That means there may be more than one x

Doug Currie 2009-04-24 04:40:48

Yeah,X = X << 1 ,everytime you step the loop.Does that mean its impossible?

John 2009-04-24 04:45:32

Not impossible, just that there are multiple answers (and not due to the << but due to the %). Is this fast enough for you?...x=0; do { if (Func_4(P,x,G)==I) then return x; x++; } while (x!=0);

Doug Currie 2009-04-24 14:54:32

Answer 3

+5 A:

well,

working through this by hand for:

P=5, X=0b0000 1110, G=7

P=5, X=0b0001 1110, G=7

P=5, X=0b0011 1110, G=7

P=5, X=0b0111 1110, G=7

etc, i think you see the pattern

all have the same return value for result (4)...

therefore any attempt to reverse this to get a value for X would have multiple possible values for X..

depending what you actually need out of this thing, this may not really matter...

whats the context of this thing?

2009-04-24 05:29:54

Answer 4

+4 A:

Since the modulo operator is in play, you can tell immediately that the function is not bijective: for a fixed P and G, different x's may return the same result.

But the function is bijective for a limited domain of x. Just like atan, asin, sqrt, .... produce a whole set of values, when you limit the domain, you can pick the correct one.

At first sight, what the function does, for a very large P, is,

The product of G^(2i*x[i]), where x[i] is the i'th bit of x (starting with bit 0 as least significant).

This means that given a large P (larger than Prod(G²ⁱ), for x=0x1111...111), you can reverse the function. It also seems that the function was designed not to be reversible for smaller P's.

xtofl 2009-04-24 08:30:08

Answer 5

A:

I seriously think you're abusing this algorithm. From your description, and from looking at the algorithm, it's pretty clear that this is designed to go forward only. Think of it as computing a checksum of X using keys P and G.

Tim Lin 2009-04-27 23:52:57

Answer 6

+1 A:

pseduo algorithm

R = pow(G,X) mod P

ie) there exists one Q which is R + P * Q = pow (G,X)

In reverse, Check Y for all Q from 0 to UINT32((MAXUINT32-R)/P),

Y = log ( R + P * Q ) / log (G)

and if the value Y does not have fractions, then they are the Set of multiple "X" answers to your problem.

Assume X1 is the first X value which does not have fractions and X2 is the second X Value which does not have fractions. Then Set of all X can be given in the equation X(S) = X1 + (X2-X1) * S where S=0 to UINT32( (MAXUINT32-X1) / (X2-X1) ).

That is due to if 1= Pow(G,T) mod P and then Pow(G,X+T) mod P = Pow(G,X) mod P * Pow(G,T) mod P which is also Pow(G,X) mod P. Hence X, X+T, X+2T, X+3T... all will have same values..

lakshmanaraj 2009-04-29 11:55:02

ansaurus

tags:

views:

answers:

Reverse that Math function

related questions