Problem with gmp_randinit_set

Pedro Gimeno gmpdevel at
Sun Feb 19 22:53:19 UTC 2017

Marco Bodrato wrote, On 2017-02-19 20:41:

> The problem is that Niels' code, mine, and the current mpz code... do all
> "reduce" modulo (2^19937-20023) obtaining some non-canonical
> representation.
> If we "do not want to generate different sequences than earlier GMP", we
> will have to mimic current behaviour, even in the corner cases...
> Is it worth doing?

It's all or nothing. If the modular exponentiation is to be used for backwards compatibility, then the behaviour in corner cases should not vary. If backwards compatibility is ditched, then using a cryptographic function (like xxtea in the patch I sent) is more desirable.

Backwards compatibility includes calculating the seed modulo 2^19937-20027, adding 2, and then calculating the modular power of the result modulo M=2^19937-20023. That excludes 0, 1, M-1 and M-2 as possible inputs. What corner cases may be of concern?

> I mean, for GMP 7, we might forget the seed->sequence backward
> compatibility...

The current seeding code was about twice slower than the xxtea version when I tried back then. Not sure if things have changed significantly since.

More information about the gmp-devel mailing list