A*X MOD (2^N)-1 的逆
给定一个函数 y = f(A,X):
unsigned long F(unsigned long A, unsigned long x) {
return ((unsigned long long)A*X)%4294967295;
}
如何找到反函数 x = g(A,y) 使得 x = g(A, f(A,x)) 对于所有“x”值?
如果 f() 对于“x”的所有值都不是可逆的,那么最接近逆的是什么?
(F 是一个过时的 PRNG,我试图理解如何反转这样一个函数)。
- 已更新
如果 A 与 (2^N)-1 互质,则 g(A,Y) 就是 f(A-1, y)。
如果 A 不是相对素数,则 y 的范围受到限制...... 如果限制在这个范围内,g(·)还存在吗?
Given a function y = f(A,X):
unsigned long F(unsigned long A, unsigned long x) {
return ((unsigned long long)A*X)%4294967295;
}
How would I find the inverse function x = g(A,y) such that x = g(A, f(A,x)) for all values of 'x'?
If f() isn't invertible for all values of 'x', what's the closest to an inverse?
(F is an obsolete PRNG, and I'm trying to understand how one inverts such a function).
- Updated
If A is relatively prime to (2^N)-1, then g(A,Y) is just f(A-1, y).
If A isn't relatively prime, then the range of y is constrained...
Does g( ) still exist if restricted to that range?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您需要扩展欧几里得算法。 这给出了 R 和 S,
如果 gcd 为 1,则 R 是 A 的乘法逆元。那么逆函数就
可以了,这里是 G = Gcd(A , 2^N-1) 不是 1。在这种情况下,
如果 y 由函数 f 计算,则 y 可被 G 整除。因此我们可以将上面的方程除以 G 并得到模 (2^N-1) 的方程/G。 因此解决方案集是
You need the Extended Euclidean algorithm. This gives you R and S such that
If the gcd is 1 then R is the multiplicative inverse of A. Then the inverse function is
Ok, here is an update for the case where the G = Gcd(A, 2^N-1) is not 1. In that case
If y was computed by the function f then y is divisible by G. Hence we can divide the equation above by G and get an equation modulo (2^N-1)/G. Thus the set of solutions is
解决方案在此处给出(http://en.wikipedia.org/wiki/Linear_congruence_theorem),并演示了如何使用扩展欧几里得算法来找到解决方案。
模函数通常没有反函数,但有时您可以找到一组映射到给定 y 的 x。
The solution is given here (http://en.wikipedia.org/wiki/Linear_congruence_theorem), and includes a demonstration of how the extended Euclidean algorithm is used to find the solutions.
The modulus function in general does not have an inverse function, but you can sometimes find a set of x's that map to the given y.
Accipitridae、Glenn 和 Jeff Moser 在他们之间找到了答案,但值得多解释一下为什么不是每个数字在 mod 4294967295 下都有逆元。原因是 4294967295 不是素数;它不是质数。 它是五个因素的乘积:3 x 5 x 17 x 257 x 65537。一个数字x 在 mod m 当且仅当 x 和 m 是 互质,因此任何作为这些因子的倍数的数字都不能在您的函数中存在逆函数。
这就是为什么为此类 PRNG 选择的模数通常是素数的原因。
Accipitridae, Glenn, and Jeff Moser have the answer between them, but it's worth explaining a little more why not every number has an inverse under mod 4294967295. The reason is that 4294967295 is not a prime number; it is the product of five factors: 3 x 5 x 17 x 257 x 65537. A number x has a mutiplicative inverse under mod m if and only if x and m are coprime, so any number that is a multiple of those factors cannot have an inverse in your function.
This is why the modulus chosen for such PRNGs is usually prime.
您需要计算
A mod ((2^N) - 1)的倒数,但在给定模数的情况下,您可能并不总是有倒数。 请参阅有关 Wolfram Alpha 的内容。请注意,
A = 12343 有逆元 (A^-1 = 876879007 mod 4294967295),
但 12345 没有逆元。
因此,如果 A 与 (2^n)-1 互质,那么您可以轻松地使用扩展欧几里得算法创建反函数,其中
g(A,y) = F(A^-1, y),否则你就不走运了。
更新:针对您更新的问题,您仍然无法在限制范围内获得唯一的逆。 即使您使用 CookieOfFortune 的强力解决方案,您也会遇到类似
G(12345, F(12345, 4294967294)) == 286331152 != 4294967294的问题。You need to compute the inverse of
A mod ((2^N) - 1), but you might not always have an inverse given your modulus. See this on Wolfram Alpha.Note that
A = 12343 has an inverse (A^-1 = 876879007 mod 4294967295)
but 12345 does not have an inverse.
Thus, if A is relatively prime with (2^n)-1, then you can easily create an inverse function using the Extended Euclidean Algorithm where
g(A,y) = F(A^-1, y),otherwise you're out of luck.
UPDATE: In response to your updated question, you still can't get a unique inverse in the restricted range. Even if you use CookieOfFortune's brute force solution, you'll have problems like
G(12345, F(12345, 4294967294)) == 286331152 != 4294967294.呃...这是一个可行的方法:
Eh... here's one that will work: