Merge GH #2478 Avoid long loop in modular square root with certain composite modulus

author: Jack Lloyd <[email protected]> 2020-11-09 08:40:55 -0500
committer: Jack Lloyd <[email protected]> 2020-11-09 08:40:55 -0500
commit: 74634c035c3cfad29f30313fb92c6a4464a86204 (patch)
tree: 24ec9368ea4a52cb2bb3f5ef7f39f35815658b94 /src/lib
parent: fd195c41ea86397da5ec2e9bedc858be012e062b (diff)
parent: ea28fa55ec56960f1764c6a5d93cbb7d7b922dfc (diff)
1 files changed, 17 insertions, 4 deletions
diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp
index a735bd15b..77856f978 100644
--- a/src/lib/math/numbertheory/numthry.cpp
+++ b/src/lib/math/numbertheory/numthry.cpp
@@ -75,10 +75,23 @@ BigInt ressol(const BigInt& a, const BigInt& p)
    if(n == 1)
       return r;
 
-   // find random non quadratic residue z
-   BigInt z = 2;
-   while(jacobi(z, p) == 1) // while z quadratic residue
-      ++z;
+   // find random quadratic nonresidue z
+   word z = 2;
+   for(;;)
+      {
+      if(jacobi(z, p) == -1) // found one
+         break;
+
+      z += 1; // try next z
+
+      /*
+      * The expected number of tests to find a non-residue modulo a
+      * prime is 2. If we have not found one after 256 then almost
+      * certainly we have been given a non-prime p.
+      */
+      if(z >= 256)
+         return -BigInt(1);
+      }
 
    BigInt c = power_mod(z, (q << 1) + 1, p);
author	Jack Lloyd <[email protected]>	2020-11-09 08:40:55 -0500
committer	Jack Lloyd <[email protected]>	2020-11-09 08:40:55 -0500
commit	74634c035c3cfad29f30313fb92c6a4464a86204 (patch)
tree	24ec9368ea4a52cb2bb3f5ef7f39f35815658b94 /src/lib
parent	fd195c41ea86397da5ec2e9bedc858be012e062b (diff)
parent	ea28fa55ec56960f1764c6a5d93cbb7d7b922dfc (diff)