Linux迷+Python粉 - 欧几里得//blog.pythonwood.com/2017-12-17T23:00:00+08:00RSA原理:欧几里德算法与奥数内容辗转相除法——挑战PythonTip2017-12-17T23:00:00+08:002017-12-17T23:00:00+08:00pythonwoodtag:blog.pythonwood.com,2017-12-17:/2017/12/RSA原理:欧几里德算法与奥数内容辗转相除法——挑战PythonTip/<p><a href="http://www.pythontip.com" title="PythonTip">PythonTip</a> 里未攻克的题目,如<a href="http://www.pythontip.com/coding/code_oj_case/46" title="RSA密码方程"><span class="caps">RSA</span>密码方程</a>,如今积累工作经验之后从新挑战,仍然失败未成功了。把过程记录分享下。</p> <h3 id="_1">描述:<a class="headerlink" href="#_1" title="Permanent link">&para;</a></h3> <p>在<span class="caps">RSA</span>密码体系中,欧几里得算法是加密或解密运算的重要组成部分。它的基本运算过程就是解 (x*a) % n = 1 这种方程。 其中 …</p><p><a href="http://www.pythontip.com" title="PythonTip">PythonTip</a> 里未攻克的题目,如<a href="http://www.pythontip.com/coding/code_oj_case/46" title="RSA密码方程"><span class="caps">RSA</span>密码方程</a>,如今积累工作经验之后从新挑战,仍然失败未成功了。把过程记录分享下。</p> <h3 id="_1">描述:<a class="headerlink" href="#_1" title="Permanent link">&para;</a></h3> <p>在<span class="caps">RSA</span>密码体系中,欧几里得算法是加密或解密运算的重要组成部分。它的基本运算过程就是解 (x*a) % n = 1 这种方程。 其中,x,a,n皆为正整数。现在给你a和n的值(1 &lt; a,n &lt; 140000000),请你求出最小的满足方程的正整数解x(保证有解). 如:a = 1001, n =&nbsp;3837,则输出23。</p> <h3 id="_2">分析:<a class="headerlink" href="#_2" title="Permanent link">&para;</a></h3> <p>没头绪,在讨论里看时恍然,用到小学奥术内容辗转相除法(求最大公约数)了。如果 <code>(x*a) % n = 1</code> 变成 <code>(x*a) % n = 0</code> , 那x*a就是a和n公倍数了。如果这是小学奥数题,就先用辗转相除法得最大公约数,而最小公倍数用两数积除以最大公约数得出来。&nbsp;rsa的原理数学基础欧几里得算法和小学奥数有着这样的联系,发现这点让我觉得不可思议又略有惊叹。看来学小学奥数有用,至少是可以为算法编程做准备的,学到了最朴素的数论。</p> <h4 id="_3">辗转相除法(朴素欧几里得算法,中国余数定理,韩信点兵)<a class="headerlink" href="#_3" title="Permanent link">&para;</a></h4> <p>(引用自 <a href="https://xuanwo.org/2015/03/11/number-theory-gcd/," title="数论——欧几里得算法">数论——欧几里得算法</a>)</p> <p>欧几里得算法,又名辗转相除法,是求最大公约数的算法。两个整数的最大公约数是能够同时整除它们的最大的正整数。辗转相除法基于如下原理:两个整数的最大公约数等于其中较小的数和两数的差的最大公约数。例如,252和105的最大公约数是21(252 = 21 × 12;105 = 21 × 5);因为252 − 105 =&nbsp;147,所以147和105的最大公约数也是21。在这个过程中,较大的数缩小了,所以继续进行同样的计算可以不断缩小这两个数直至其中一个变成零。这时,所剩下的还没有变成零的数就是两数的最大公约数。 </p> <p><img alt="辗转相除法演示图.gif" src="//blog.pythonwood.com/uploads/2017/挑战PythonTip,辗转相除法演示图.gif"></p> <h4 id="_4">题目语义转化<a class="headerlink" href="#_4" title="Permanent link">&para;</a></h4> <p>求这样一个数x*a,能被a整除,被n整除余1。 </p> <p>这就很形似 <em>有一个数除以3余2,除以5余3,除以7余4,除以9余5.这个数至少是?</em> 被称为<a href="https://zh.wikipedia.org/wiki/中国余数定理," title="中国余数定理">中国余数定理</a></p> <h4 id="_5">扩展欧几里德算法<a class="headerlink" href="#_5" title="Permanent link">&para;</a></h4> <p>基本算法:对于不完全为 0 的非负整数 a,b,gcd(a,b)表示 a,b 的最大公约数,必然存在整数对 x,y ,使得&nbsp;gcd(a,b)=ax+by。</p> <p>证明:设&nbsp;a&gt;b。</p> <p>1,显然当 b=0,gcd(a,b)=a。此时&nbsp;x=1,y=0;</p> <p>2,ab!=0&nbsp;时</p> <p>设&nbsp;ax1+by1=gcd(a,b);</p> <p>bx2+(a mod b)y2=gcd(b,a mod&nbsp;b);</p> <p>根据朴素的欧几里德原理有 gcd(a,b)=gcd(b,a mod&nbsp;b);</p> <p>则:ax1+by1=bx2+(a mod&nbsp;b)y2;</p> <p>即:ax1+by1=bx2+(a-(a/b)<em>b)y2=ay2+bx2-(a/b)</em>by2;</p> <p>根据恒等定理得:x1=y2;&nbsp;y1=x2-(a/b)*y2;</p> <p>这样我们就得到了求解 x1,y1 的方法:x1,y1 的值基于&nbsp;x2,y2.</p> <p>上面的思想是以递归定义的,因为 gcd 不断的递归求解一定会有个时候&nbsp;b=0,所以递归可以结束。</p> <p>&hellip;</p> <p>同余方程 ax≡b (mod n)对于未知数 x 有解,当且仅当 gcd(a,n) | b。且方程有解时,方程有 gcd(a,n)&nbsp;个解。</p> <p>求解方程 ax≡b (mod n) 相当于求解方程 ax+ ny= b, (x,&nbsp;y为整数)</p> <h3 id="_6">我的一个另类编程解法(融合了辗转相除法思想)。<a class="headerlink" href="#_6" title="Permanent link">&para;</a></h3> <h4 id="_7">算法描述<a class="headerlink" href="#_7" title="Permanent link">&para;</a></h4> <p>(x*a) % n = 1 对应 方程 ax - ny = 1&nbsp;的整数解 </p> <p>(a,n必定互质。如不互质可提取公因子,公因子*X=1,与X为整数矛盾)</p> <p>化简降解方程分两情况:</p> <ol> <li>a&gt;=n 时 变形为方程 (a mod n)x - n(y-[a/n]x) = 1&nbsp;有整数解 </li> <li>a&lt;n 时 变形为方程 a(x-[n/a]a) - (n mod a)y = 1&nbsp;有整数解</li> </ol> <p>无论那一种都变回 ax - ny = 1&nbsp;的形式。所以重复化简,因a,n互质,最后会到达a,n其一是1的情况。</p> <h4 id="971">例子说明: 求能被9整除,被7除余1的最小数<a class="headerlink" href="#971" title="Permanent link">&para;</a></h4> <ol> <li>9x=1(mod7) 对应方程 9x - 7y = 1&nbsp;的整数解</li> <li>变形有2x - 7(y-x) = 1 然后令 x_1=x, y_1=y-x 得方程 2x_1 - 7y_1 =&nbsp;1 </li> <li>变形有2(x_1-3y_1) - y_1 = 1 然后令 x_2=x_1-3y_1, y_2=y_1 得方程 2x_2 - y_2 = 1 显然有解 x_2=1&nbsp;y_2=1 </li> <li>好了,往上一步一步回溯得最初的x,y值 (x_2,y_2), (x_1,y_1), (x,y)&nbsp;分别为(1,1),(4,1),(4,5)</li> <li>9x = (9<em>4 mod 9</em>7) = 36&nbsp;答:求能被9整除,被7除余1的数是36</li> </ol> <p>python语言是弱递归化语言,&nbsp;python之父说递归都可以转成循环。所以我用递归后,转循环了。</p> <h3 id="python">Python代码:<a class="headerlink" href="#python" title="Permanent link">&para;</a></h3> <div class="highlight"><pre><span></span><span class="c1">################################################################################</span> <span class="c1"># print &quot;F: 答案错误 循环解法&quot;</span> <span class="c1">################################################################################</span> <span class="s s-Atom">def</span> <span class="nf">gcd</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">)</span><span class="s s-Atom">:</span> <span class="s s-Atom">#</span> <span class="s s-Atom">辗转相除求最大公约数</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span> <span class="o">&lt;</span> <span class="nn">n</span><span class="p">:</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="o">=</span> <span class="s s-Atom">n</span><span class="p">,</span><span class="s s-Atom">a</span> <span class="s s-Atom">while</span> <span class="s s-Atom">n</span> <span class="p">!</span><span class="o">=</span> <span class="mi">0</span><span class="s s-Atom">:</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="o">=</span> <span class="s s-Atom">n</span><span class="p">,</span><span class="s s-Atom">a</span><span class="c1">%n</span> <span class="s s-Atom">return</span> <span class="s s-Atom">a</span> <span class="s s-Atom">def</span> <span class="nf">exgcd</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span> <span class="s s-Atom">n</span><span class="p">)</span><span class="s s-Atom">:</span> <span class="s s-Atom">#</span> <span class="s s-Atom">ax</span><span class="o">=</span><span class="mi">1</span><span class="p">(</span><span class="o">mod</span> <span class="s s-Atom">n</span><span class="p">)</span> <span class="s s-Atom">即</span> <span class="s s-Atom">ax</span><span class="o">-</span><span class="s s-Atom">ny</span><span class="o">=</span><span class="mi">1</span> <span class="s s-Atom">求x</span><span class="p">,</span><span class="s s-Atom">y</span> <span class="s s-Atom">#</span> <span class="s s-Atom">print</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="s s-Atom">if</span> <span class="nf">gcd</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">)</span> <span class="p">!</span><span class="o">=</span> <span class="mi">1</span><span class="s s-Atom">:</span> <span class="s s-Atom">raise</span> <span class="nv">Exception</span><span class="p">(</span><span class="s s-Atom">&#39;fei hu zhi&#39;</span><span class="p">)</span> <span class="s s-Atom">#</span> <span class="s s-Atom">先检查是否互质</span> <span class="s s-Atom">l</span> <span class="o">=</span> <span class="p">[]</span> <span class="s s-Atom">while</span> <span class="s s-Atom">a</span><span class="p">!</span><span class="o">=</span><span class="mi">1</span> <span class="s s-Atom">and</span> <span class="s s-Atom">n</span><span class="p">!</span><span class="o">=</span><span class="mi">1</span><span class="s s-Atom">:</span> <span class="s s-Atom">#</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n总会有个先到1,触底条件就是1</span> <span class="s s-Atom">l</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">))</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span><span class="o">&gt;</span><span class="nn">n</span><span class="p">:</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="o">=</span> <span class="s s-Atom">a</span><span class="c1">%n,n</span> <span class="nn">else</span><span class="p">:</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="o">=</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="c1">%a</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span><span class="o">==</span><span class="mi">1</span><span class="s s-Atom">:</span> <span class="s s-Atom">p</span> <span class="o">=</span> <span class="p">(</span><span class="s s-Atom">n</span><span class="o">+</span><span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="s s-Atom">elif</span> <span class="s s-Atom">n</span><span class="o">==</span><span class="mi">1</span><span class="s s-Atom">:</span> <span class="s s-Atom">p</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="s s-Atom">a</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="s s-Atom">for</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="s s-Atom">in</span> <span class="s s-Atom">l</span><span class="p">[</span><span class="s s-Atom">::-</span><span class="mi">1</span><span class="p">]</span><span class="s s-Atom">:</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span><span class="o">&gt;</span><span class="nn">n</span><span class="p">:</span> <span class="s s-Atom">p</span> <span class="o">=</span> <span class="p">(</span><span class="s s-Atom">p</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c1">% n, (a//n*p[0]+p[1]) % a) # 这个值也是解,但没有最简:return (p[0], a//n*p[0]+p[1])</span> <span class="nn">else</span><span class="p">:</span> <span class="s s-Atom">p</span> <span class="o">=</span> <span class="p">((</span><span class="s s-Atom">p</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">+</span><span class="s s-Atom">n</span><span class="o">//</span><span class="s s-Atom">a</span><span class="o">*</span><span class="s s-Atom">p</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="c1">% n, p[1] % a) # 这个值也是解,但没有最简:return (p[0]+n//a*p[1], p[1])</span> <span class="s s-Atom">return</span> <span class="s s-Atom">p</span> <span class="s s-Atom">print</span> <span class="nf">exgcd</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">)</span> <span class="c1">################################################################################</span> <span class="c1"># print &quot;F: 答案错误 递归解法&quot;</span> <span class="c1">################################################################################</span> <span class="s s-Atom">def</span> <span class="nf">gcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">)</span><span class="s s-Atom">:</span> <span class="s s-Atom">#</span> <span class="s s-Atom">辗转相除求最大公约数</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span> <span class="o">*</span> <span class="s s-Atom">n</span> <span class="o">==</span> <span class="mi">0</span><span class="s s-Atom">:</span> <span class="s s-Atom">return</span> <span class="s s-Atom">a</span><span class="o">+</span><span class="s s-Atom">n</span> <span class="s s-Atom">return</span> <span class="nf">gcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="c1">%n,n) if a&gt;=n else gcd_r(a,n%a)</span> <span class="c1"># print gcd(a,n)</span> <span class="s s-Atom">def</span> <span class="nf">exgcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span> <span class="s s-Atom">n</span><span class="p">)</span><span class="s s-Atom">:</span> <span class="s s-Atom">#</span> <span class="s s-Atom">ax</span><span class="o">=</span><span class="mi">1</span><span class="p">(</span><span class="o">mod</span> <span class="s s-Atom">n</span><span class="p">)</span> <span class="s s-Atom">即</span> <span class="s s-Atom">ax</span><span class="o">-</span><span class="s s-Atom">ny</span><span class="o">=</span><span class="mi">1</span> <span class="s s-Atom">求x</span><span class="p">,</span><span class="s s-Atom">y</span> <span class="s s-Atom">#</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n总会有个先到1,触底条件就是1</span> <span class="s s-Atom">#</span> <span class="s s-Atom">print</span> <span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span> <span class="s s-Atom">if</span> <span class="nf">gcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">)</span> <span class="p">!</span><span class="o">=</span> <span class="mi">1</span><span class="s s-Atom">:</span> <span class="s s-Atom">raise</span> <span class="nv">Exception</span><span class="p">(</span><span class="s s-Atom">&#39;fei hu zhi&#39;</span><span class="p">)</span> <span class="s s-Atom">#</span> <span class="s s-Atom">先检查是否互质</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span><span class="o">==</span><span class="mi">1</span><span class="s s-Atom">:</span> <span class="nf">return</span> <span class="p">(</span><span class="s s-Atom">n</span><span class="o">+</span><span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="s s-Atom">if</span> <span class="s s-Atom">n</span><span class="o">==</span><span class="mi">1</span><span class="s s-Atom">:</span> <span class="nf">return</span> <span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="s s-Atom">a</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="s s-Atom">if</span> <span class="s s-Atom">a</span><span class="o">&gt;</span><span class="nn">n</span><span class="p">:</span> <span class="s s-Atom">p</span> <span class="o">=</span> <span class="nf">exgcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="c1">%n, n)</span> <span class="nf">return</span> <span class="p">(</span><span class="s s-Atom">p</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c1">% n, (a//n*p[0]+p[1]) % a) # 这个值也是解,但没有最简:return (p[0], a//n*p[0]+p[1])</span> <span class="nn">else</span><span class="p">:</span> <span class="s s-Atom">p</span> <span class="o">=</span> <span class="nf">exgcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span> <span class="s s-Atom">n</span><span class="c1">%a) </span> <span class="nf">return</span> <span class="p">((</span><span class="s s-Atom">p</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">+</span><span class="s s-Atom">n</span><span class="o">//</span><span class="s s-Atom">a</span><span class="o">*</span><span class="s s-Atom">p</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="c1">% n, p[1] % a) # 这个值也是解,但没有最简:return (p[0]+n//a*p[1], p[1])</span> <span class="s s-Atom">print</span> <span class="nf">exgcd_r</span><span class="p">(</span><span class="s s-Atom">a</span><span class="p">,</span><span class="s s-Atom">n</span><span class="p">)</span> </pre></div> <p>小学初中就知道数论,数论真有魅力,非常漂亮。</p> <h3 id="_8">参考<a class="headerlink" href="#_8" title="Permanent link">&para;</a></h3> <p>数论——欧几里得算法&nbsp;https://xuanwo.org/2015/03/11/number-theory-gcd/</p> <p>欧几里德与扩展欧几里德算法&nbsp;http://www.cnblogs.com/frog112111/archive/2012/08/19/2646012.html</p> <p>欧几里得算法(辗转相除法)&nbsp;https://my.oschina.net/u/1780798/blog/646739</p> <p>https://zhidao.baidu.com/question/406531667.html?qbl=relate_question_3</p>