Number theory with congruence (Baby step Giant Step + expand BSGS)

What is called derivation equation? To solve such a problem is to say plainly:

A^x=b (mod C) to find the minimum x value.

Baby Step giant Step algorithm

Title Condition: C is prime ( in fact, A and C coprime can. Why? In the BSGS algorithm is required a^m in the%c condition of the inverse element, if a, C is not coprime there is no inverse element. )

If X has a solution, then 0<=x<c, why?

We can recall the Euler theorem:

For cases where C is a prime number, φ (c) =c-1

So since we know A^0=1,a^φ (c) =1 (under the conditions of%c). Then 0~φ (c) must be a cyclic section (not necessarily the smallest). Since it is%c, then B must be a number between 0 and c-1. In the worst case, the remainder of the 0<=x<c (c) of a is different, and there must be an X to satisfy the condition. According to the drawer principle, if an X value in x greater than C satisfies the condition, then there must be a smaller x value before it satisfies the condition.

The algorithm for BSGS is this:

First Take m=sqrt (c) up to rounding up. (Why take sqrt (c)?) I am not very understanding, is for the efficiency of the algorithm balance. ）

Then the 0 to M of a is preprocessed first.

A^x=b (%c)
Set x=i*m+j;
That is: I is x/m,j for x%m.
a^ (i*m+j) =b;
b * (a^ (-m)) ^i = A^j (%c)

First enumerate J, save the right side (Hash or normal array, the next two points to find)
Enumeration I, if the value on the left has ever been stored (b * (a^ (-m)) ^i = a^j), then x=i*m+j.

a^ (-M):(is the inverse of a^m)

There are two ways of doing this:

method One: According to Euler theorem

Set A=a^m, then A^φ (c) ==1 (%c)

a^ (φ (c)-1) *a==1 (%c)

The inverse of a is now available to a^ (φ (c)-1).

Keep pushing down, according to C is prime, φ (c) =c-1

Then the inverse of A is a^ (c-2)

method Two: equivalent to the solution A^m*x-c*y=1, according to the expansion of Euclid to derive x is the inverse.

BSGS is mainly to pay attention to the details, attention to the weight (the remainder of the same as long as the smaller one).

Expand Bsgs

If A and C do not coprime, then what should be done?

In fact, you just need to add a small piece of code.

First, we know:

A%c=b, then is a-c*x=b, if D=GCD (A,c), and b%d==0, then (A/D)% (C/D) =B/D is established.

Then we will continue to take out a and C numerator from the a^x when a and C still have a common factor of not one. Process if the b%d! =0, then no solution.

LL d=1%c; LL g=0, D;  while (  (D=GCD (a,c)   )  ! =1  )                {if(b%d)return -1  ;        B/=d; c/=D;        G+ +;D =d* (A/d)%C;}

View Code

Finally our equation becomes k*a^ (x-g) = = B ' (%c ')

Using BSGS to extract X and G is the answer.

Number theory with congruence (Baby step Giant Step + expand BSGS)