Problem with gmp_randinit_set

Sun Feb 19 08:21:59 UTC 2017

"Marco Bodrato" <bodrato at mail.dm.unipi.it> writes:

> replace 31 with (64-31), I mean:
>
>   rp[SIZE - 1] = cy + (hi & (((mp_limb_t)1<<(64-31)) - 1))
>     + mpn_add_1 (rp, rp, SIZE - 1, (hi >> (64-31)) * K);
>
> and it will work.

Cool, thanks!

> E.g. with GMP_NUMB_BITS == 32 we shall rshift-then-addmul_1... but with
> two versions we shall cover all cases GMP_NUMB_BITS >= 15.

You're right the 32-bit case is less straightforward. One could use the
same folding as the 64-bit case, but with a 2-limb constant,

  B^624 = 10011 B + B/2 (mod p)

But shifting, as you suggest, might be simpler, using

  2 B^623 = 20023 (mod p)

and it generalizes to other limb sizes too.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.