Uniforming algorthms, mostly.

Craete a uniform style for pseudocode, and constraining it all over the book.

book/dixon.tex

@@ -60,12 +60,13 @@ This way the complexity of generating a new $x$ is dominated by
 has been satisfied, we have to select a subset of those $x$ so that their
 product can be seen as a square. Consider an \emph{exponent vector}
 $v_i = (\alpha_0, \alpha_1, \ldots, \alpha_r)$ associated with each $x_i$, where
-\begin{align*}
-  a_j = \begin{cases}
+\begin{align}
+  \label{eq:dixon:alphas}
+  \alpha_j = \begin{cases}
     1 \quad \text{if $p_j$ divides $x_i$ to an odd power} \\
     0 \quad \text{otherwise}
-    \end{cases}
-\end{align*}
+  \end{cases}
+\end{align}
 for each $1 \leq j \leq r $. There is no need to restrict ourselves for positive
 values of $x^2 -N$, so we are going to use $\alpha_0$ to indicate the sign. This
 benefit has a neglegible cost: we have to add the non-prime $-1$ to our factor
@@ -142,15 +143,15 @@ and storing dependencies into a \emph{history matrix} $\mathcal{H}$.
 \begin{algorithm}
   \caption{Reduction Procedure  \label{alg:dixon:kernel}}
   \begin{algorithmic}[1]
-    \Procedure{Ker}{$\mathcal{M}$}
-    \State $\mathcal{H} \gets \texttt{Id}(f)$
-    \Comment The initial $\mathcal{H}$ is the identity matrix
+    \Function{Ker}{$\mathcal{M}$}
+    \State $\mathcal{H} \gets \texttt{Id}(f \times f)$
+    \Comment the initial $\mathcal{H}$ is the identity matrix
 
-    \For{$j = r \ldots 0$}
-    \Comment Reduce
-      \For{$i=0 \ldots f$}
+    \For{$j = r \strong{ downto } 0$}
+    \Comment reduce
+      \For{$i=0 \strong{ to } f$}
         \If{$\mathcal{M}_{i, j} = 1$}
-          \For{$i' = i \ldots f$}
+          \For{$i' = i \strong{ to } f$}
             \If{$\mathcal{M}_{i', k} = 1$}
               \State $\mathcal{M}_{i'} = \mathcal{M}_i \xor \mathcal{M}_{i'}$
               \State $\mathcal{H}_{i'} = \mathcal{H}_i \xor \mathcal{H}_{i'}$
@@ -161,11 +162,13 @@ and storing dependencies into a \emph{history matrix} $\mathcal{H}$.
       \EndFor
     \EndFor
 
-    \For{$i = 0 \ldots f$}
-    \Comment Yield linear dependencies
-      \If{$\mathcal{M}_i = (0, \ldots, 0)$} \strong{yield} $H_i$ \EndIf
+    \For{$i = 0 \strong{ to } f$}
+    \Comment yield linear dependencies
+      \If{$\mathcal{M}_i = (0, \ldots, 0)$}
+        \strong{yield} $\{\mu  \mid \mathcal{H}_{i,\mu} = 1\}$
+      \EndIf
     \EndFor
-    \EndProcedure
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}
 
@@ -176,25 +179,27 @@ Before gluing all toghether, we need one last building brick necessary for
 Dixon's factorization algorithm: a \texttt{smooth}($x$) function. In our
 specific case, we need a function that, given as input a number $x$, returns the
 empty set $\emptyset$ if $x^2 -N$ is not $\factorBase$-smooth. Otherwise,
-returns the pair $\angular{y, v}$ where $y = \dsqrt{x^2 - N}$ and
-$v = (\alpha_0, \ldots, \alpha_r)$ that we described in section
-\ref{sec:dixon:history}. Once we have established $\factorBase$, its
+returns a vector $v = (\alpha_0, \ldots, \alpha_r)$ such that each $\alpha_j$ is
+defined just as in \ref{eq:dixon:alphas}. Once we have established $\factorBase$, its
 implementation is fairly straightforward:
 
 \begin{algorithm}
   \caption{Discovering Smoothness}
   \begin{algorithmic}[1]
+    \Require $\factorBase$, the factor base
     \Procedure{smooth}{$x$}
-      \State $y, r \gets x^2 -N$
-      \State $v \gets (\alpha_0 = 0, \ldots, \alpha_r = 0)$
+      \State $v \gets (\alpha_0 = 0, \ldots, \alpha_{|\factorBase|} = 0)$
 
-      \For{$i = 0 \ldots |\factorBase|$}
+      \If{$x < 0$} $\alpha_0 \gets 1$ \EndIf
+      \For{$i = 1 \strong{ to } |\factorBase|$}
         \If{$\factorBase_i \nmid x$} \strong{continue} \EndIf
         \State $x \gets x// \factorBase_i$
         \State $\alpha_i \gets \alpha_i \xor 1$
       \EndFor
-      \If{$x = 1$} \State \Return $y, v$
-      \Else \State \Return $y, \emptyset$
+      \If{$x = 1$}
+        \State \Return $v$
+      \Else
+        \State \Return \strong{nil}
       \EndIf
     \EndProcedure
   \end{algorithmic}
@@ -209,28 +214,32 @@ $e^{\sqrt{\ln N \ln \ln N}}$.
 
 \begin{algorithm}
   \caption{Dixon}
-  \begin{algorithmic}
+  \begin{algorithmic}[1]
+    \Require $\factorBase$, the factor base
+    \Function{dixon}{ }
     \State $i \gets 0$
     \State $r \gets |\factorBase| + 5$
     \Comment finding linearity requires redundance
     \While{$i < r$}
-    \Comment Search for suitable pairs
-    \State $x_i \gets \{0, \ldots N\}$
-    \State $y_i, v_i \gets \texttt{smooth}(x_i)$
+    \Comment search for suitable pairs
+    \State $x_i \getsRandom \{0, \ldots N\}$
+    \State $y_i \gets x_i^2 - N$
+    \State $v_i \gets \texttt{smooth}(y_i)$
     \If{$v_i \neq \emptyset$} $i++$ \EndIf
   \EndWhile
   \State $\mathcal{M} \gets \texttt{matrix}(v_0, \ldots, v_f)$
   \For{$\angular{\lambda_0, \ldots, \lambda_k}
-    \text{ in } \texttt{ker}(\mathcal{M})$}
-  \Comment{Get relations}
-    \State $x \gets \prod_\lambda x_\lambda \pmod{N}$
-    \State $y \gets \dsqrt{\prod_\lambda y_\lambda \pmod{N}}$
+    \strong{ in } \texttt{ker}(\mathcal{M})$}
+  \Comment get relations
+    \State $x \gets \prod\limits_{\mu \in \lambda} x_\mu \pmod{N}$
+    \State $y, r \gets \dsqrt{\prod\limits_{\mu \in \lambda} y_\mu \pmod{N}}$
     \If{$\gcd(x+y, N) > 1$}
       \State $p \gets \gcd(x+y, N)$
       \State $q \gets \gcd(x-y, N)$
       \State \Return $p, q$
     \EndIf
   \EndFor
+  \EndFunction
   \end{algorithmic}
 \end{algorithm}
 

book/fermat.tex

@@ -53,7 +53,7 @@ below here to better clarify the limits of this algorithm.
 
 At each iteration, the $i-$th state is hold by the pair $\angular{x, x^2}$.\\
 The later step, described by $\angular{x+1, (x+1)^2}$ can be computed efficiently
-considering the square of a binomial: $\angular{x+1, (x^2) + (x \ll 1) + 1}$.
+considering the square of a binomial: $\angular{x+1, x^2 + 2x + 1}$.
 The upper-bound, instead, is reached when
 $ \Delta = p - q  = x + y - x + y = 2y > 2^{-100}\sqrt{N}$.
 
@@ -64,14 +64,16 @@ aforementioned.
 \begin{algorithm}[H]
   \caption{Fermat Factorization \label{alg:fermat}}
   \begin{algorithmic}[1]
+    \Function{fermat}{ }
     \State $x \gets \floor{\sqrt{N}}$
-    \State $x^2 \gets xx$
+    \State $x' \gets x \cdot x$
 
     \Repeat
+    \State $x' \gets x' + 2x + 1$
     \State $x \gets x+1$
-    \State $x^2 \gets x^2 + x \ll 1 + 1$
-    \State $y, rest \gets \dsqrt{x^2 - N}$
-    \Until{ $rest \neq 0 \land y < \frac{\sqrt{N}}{2^{101}}$ }
+    \State $y, rest \gets \dsqrt{x' - N}$
+    \Until{ $rest \neq 0 \strong{ and } y < \frac{\sqrt{N}}{2^{101}}$ }
+    \Comment i.e., \ref{eq:fermat_problem} holds?
 
     \If{ $rest = 0$ }
     \State $p \gets x+y$
@@ -80,6 +82,7 @@ aforementioned.
     \Else
     \State \Return \textbf{nil}
     \EndIf
+    \EndFunction
     \end{algorithmic}
 \end{algorithm}
 

book/math_prequisites.tex

@@ -68,15 +68,13 @@ protocol, \openssl implemented it with the following signature:
 The computation proceeds under the well-known Euclidean algorithm, specifically
 the binary variant developed by Josef Stein in 1961 \cite{AOCPv2}. This variant
 exploits some interesting properties of $gcd(a, b)$:
-\begin{itemize}
+\begin{enumerate}[(a)]
   \setlength{\itemsep}{1pt}
-  \setlength{\parskip}{0pt}
-  \setlength{\parsep}{0pt}
   \item if $a,\ b$ are even, then $gcd(a, b) = 2gcd(a/2, b/2)$;
   \item if $a$ is even and $b$ is odd, then $gcd(a, b) = gcd(a/2, b)$;
   \item  $gcd(a, b) = gcd(a-b, b)$, as in the standard Euclid algorithm;
   \item the sum of two odd numbers is always even.
-\end{itemize}
+\end{enumerate}
 
 % Donald Knuth, TAOCP, "a binary method", p. 388 VOL 2
 Both \cite{AOCPv2} and \cite{MITalg} analyze the running time of the
@@ -92,17 +90,21 @@ Anyway, both show that algorithm ~\ref{alg:gcd} belongs to the class
     \While{$b \neq 0$}
       \If{$a$ is odd}
         \If{$b$ is odd}
+          \Comment by property (c) and (d)
           \State $a \gets (a-b) \gg 1$
         \Else
+          \Comment by property (b)
           \State $b \gets b \gg 1$
         \EndIf
         \If{$a < b$} $a, b \gets b, a$ \EndIf
 
       \Else
         \If{$b$ is odd}
+        \Comment by property (b)
           \State $a \gets a \gg 1$
           \If{$a < b$} $a, b \gets b, a$ \EndIf
         \Else
+        \Comment by property (a)
           \State $k \gets k+1$
           \State $a, b \gets a \gg 1, b \gg 1$
         \EndIf
@@ -155,19 +157,22 @@ for completeness' sake, we report in table
   \caption{Square Root: Bombelli's algorithm}
   \label{alg:sqrt:bombelli}
   \begin{algorithmic}[1]
-    \Procedure{sqrt}{$n$}
+    \Function{sqrt}{$n$}
 
-    \State $i, g \gets 0, \{\}$
+    \State $i \gets 0; \quad g \gets \{\}$
     \While{$n > 0$}
+    \Comment take pairs of digits and store them in $g$
       \State $g_i \gets n \pmod{100}$
       \State $n \gets n // 100$
-      \State $i++$
+      \State $i \gets i + 1$
     \EndWhile
 
-    \State $x, r \gets 0, 0$
-    \For{$j \in \;  [i-1..0]$}
+    \State $x \gets 0; \quad r \gets 0$
+    \For{$j =  i-1 \strong{ downto } 0$}
       \State $r = 100r + g_i$
-      \For{$d \in \; [0, 9]$}
+      \Comment take next pair
+      \For{$d = 0 \strong{ to } 9$}
+      \Comment find gratest multiplier $d$
         \State $y' \gets d(20x + d)$
         \If{$y' > r$}  \textbf{break}
         \Else  \ \ $y \gets y'$
@@ -175,11 +180,12 @@ for completeness' sake, we report in table
       \EndFor
       \State $r \gets r - y$
       \State $x \gets 10x + d - 1$
+      \Comment $d$ is the next digit
     \EndFor
 
     \State \Return $x, r$
 
-    \EndProcedure
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}
 
@@ -193,7 +199,7 @@ multiplications. This means that the complexity of this solutions belongs to
   found the pair $\angular{x, r}$ such that $(x+r)^2=a$, where $x$ is the mantissa,
   while $r$ is the decimal part. For our purpose this change is irrelevant: we
   just need to be able to distinguish perfect squares, and thus assert that $r$
-  is nonzero.
+  is zero.
 \end{remark}
 
 \paragraph{Dijkstra's Algorithm \label{par:preq:sqrt:dijkstra}} can be found in
@@ -224,44 +230,54 @@ $d = (b-a) \idiv 2$.
   \caption{Square Root: an intuitive, na\"ive implementation}
   \label{alg:sqrt:dijkstra_naif}
   \begin{algorithmic}[1]
-    \State $a, b \gets 0, n+1$
+    \Function{sqrt}{$n$}
+    \State $a \gets 0; \quad b \gets n+1$
     \While{$a+1 \neq b$}
       \State $d \gets (b-a) \idiv 2$
-      \If{$(a+d)^2 \leq n$}
-         $a \gets a+d$
-      \ElsIf{$(b-d)^2 > n$}
-         $b \gets b-d$
+      \If{$(a+d)^2 \leq n$} $a \gets a+d$
+      \Comment increment left bound
+      \ElsIf{$(b-d)^2 > n$} $b \gets b-d$
+      \Comment increment right bound
       \EndIf
     \EndWhile
-    \State \Return a
+    \State \Return $a, a^2-n$
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}
-
 % heh, there's not much to explain here, that's almost the same in Dijkstra's
 % book, excluding the inspirative familiar portrait that led to the insight of
 % this change of varaibles.
 Now optimization proceeds with the following change of variables:
-$c = b-a$,
-$p = ac$,
-$q = c^2$,
-$r = n-a^2$;
-For any further details and explainations, the reference is still
-\cite{Dijkstra:adop}.
+\begin{enumerate}[a)]
+  \setlength{\itemsep}{1pt}
+  \setlength{\parskip}{0pt}
+  \setlength{\parsep}{0pt}
+\item $c = b-a$,
+\item $p = ac$,
+\item $q = c^2$,
+\item $r = n-a^2$;
+\end{enumerate}
+resulting in algorithm \ref{alg:sqrt:dijkstra}.
+For any further details, the reference is still \cite{Dijkstra:adop}.
 
 \begin{algorithm}[H]
   \caption{Square Root: final version}
   \label{alg:sqrt:dijkstra}
   \begin{algorithmic}[1]
-    \State $p, q, r \gets 0, 1, n$
-    \While{$q \leq n$} $q \gets q \gg 2$ \EndWhile
+    \Function{sqrt}{$n$}
+    \State $p \gets 0; \quad q \gets 1; \quad r \gets n$
+    \While{$q \leq n$} $q \gets q \ll 2$ \EndWhile
     \While{$q \neq 1$}
-      \State $q \gets q \ll 2$
+      \State $q \gets q \gg 2$
       \State $h \gets p+q$
       \State $p \gets q \ll 1$
       \State $h \gets 2p + q$
-      \If{$r \geq h$} $p, r \gets p+q, r-h$ \EndIf
+      \If{$r \geq h$}
+        \State $p \gets p+q$
+        \State $r \gets r-h$ \EndIf
     \EndWhile
-    \State \Return p
+    \State \Return $p, r$
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}
 

book/pollardrho.tex

@@ -179,15 +179,17 @@ and respectively updating them via $x \gets f(x)$ and $y \gets f(f(y))$.
 \begin{algorithm}
   \caption{Pollard's $\rho$ factorization}
   \begin{algorithmic}[1]
+    \Function{rho}{ }
     \State $x \getsRandom \naturalN$
     \State $y \gets x$
     \State $g \gets 1$
     \While{$g = 1$}
       \State $x \gets x^2 + 1 \pmod{N}$
-      \State $y \gets y^4 + y^2 \ll 1 + 2 \pmod{N}$
+      \State $y \gets y^4 + 2y^2 + 2 \pmod{N}$
       \State $g \gets gcd(x, y)$
     \EndWhile
     \Return $g$
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}
 
@@ -206,36 +208,44 @@ adopts this trick together with Brent's cycle-finding variant:
 \begin{algorithm}
   \caption{Pollard-Brent's factorization \label{alg:pollardrho}}
   \begin{algorithmic}[1]
+    \Function{rho}{ }
     \State $s \gets 100$
     \Comment steps to check for $\gcd$
     \State $i \gets 1; \quad j' \gets j \gets 1$
-    \Comment indices for our $x$s
+    \Comment step and period counters
     \State $x' \gets x \getsRandom \naturalN$
-    \Comment The $x_i$ discussed above
-    \State $y' \gets y \getsRandom x^2 + 1$
-    \Comment The $x_j$ discussed above
+    \Comment the $x_i$ discussed above
+    \State $y' \gets y \gets x^2 + 1$
+    \Comment the $x_j$ discussed above
     \State $k \gets 0; \quad q \gets \abs{x-y}$
     \While{$g = 1$}
       \State $x \gets y$ \Comment $x_i = 2^k$
-      \State $j \gets 3 \cdot 2^{(k++)} + 1$
-      \While{$j++ \leq 2^k$}
+      \State $j \gets 3 \cdot 2^{k} + 1$
+      \State $k \gets k+1$
+      \While{$j \leq 2^k$}
+        \State $j \gets j+1; \quad i \gets i+1$
+        \Comment increment step and period counters
         \State $y \gets y^2 + 1 \pmod{N}$
         \State $q \gets q \cdot \abs{x - y}$
-        \If{$i++ \mid s$} \Comment Time to compute $\gcd$?
+        \If{$ i \mid s$} \Comment time to compute $\gcd$?
           \State $g \gets \gcd(q, N)$
-          \If{$g > 1$} \Return g \EndIf
-          \If{$g = 0$}
-            \Comment Too far: fall back to latest epoch
+          \If{$g = N$}
+            \Comment too far: fall back to latest epoch
             \State $s \gets 1; \quad  g \gets 1$
             \State $j \gets j'; \quad x \gets x'; \quad y \gets y'$
-          \Else
-            \Comment Save current state
+          \ElsIf{$g = 1$}
+            \Comment save current state
             \State $x' \gets x; \quad y' \gets y$
             \State $j' \gets j$
+          \Else
+            \State $p \gets g$
+            \State $q \gets N//p$
+            \State \Return $p, q$
           \EndIf
         \EndIf
       \EndWhile
     \EndWhile
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}
 

book/ssl_prequisites.tex

@@ -129,7 +129,7 @@ communication and the server will eventually skip the key agreement phase since
 %% XXX. check the use of verb happened
 it has happened recently.\footnote{``recently'' is not well-defined in
   the standard - it is suggested an upper limit of 24-hours lifetime, but the
-  only constraint is that both client and server shall agree on it.}\\
+  only constraint is that both client and server agree on it.}\\
 A new session-id identifier gets built via a challenge-response mechanism: the
 client issues a challenge, the server chooses a connection-id and presents it
 with its certificate. The client verifies the server's identity, and then

book/wiener.tex

@@ -162,22 +162,24 @@ convergent, we provide an algorithm for attacking the RSA cipher via Wiener:
   \caption{Wiener's Attack}
   \label{alg:wiener}
   \begin{algorithmic}[1]
+    \Function{wiener}{ }
     \State $f \gets  \texttt{cf\_init}(e, N)$
-    \State $i \gets \ceil{\log N}$
-    \While{$i-- > 0$}
-    \State $k, d \gets \texttt{cf\_next}(f)$
-    \If{$k \nmid ed-1$} \strong{continue} \EndIf
-    \State $\eulerphi{N} \gets (ed - 1)\ //\ k$
-    \If{$\eulerphi{N}$ is odd} \strong{continue} \EndIf
+    \For{$\ceil{\log N} \text{ times }$}
+      \State $k, d \gets \texttt{cf\_next}(f)$
+      \If{$k \nmid ed-1$} \strong{continue} \EndIf
+      \State $\eulerphi{N} \gets (ed - 1)\ //\ k$
+      \If{$\eulerphi{N}$ is odd} \strong{continue} \EndIf
 %% XXX. it could be that calling 'b' b/2 and 'delta' sqrt(delta/4) is
 %% misleading.
-    \State $b \gets (N - \eulerphi{N} + 1) \gg 1$
-    \State $\Delta, r \gets \dsqrt{b^2 - N}$
-    \If{$r \neq 0$} \strong{continue} \EndIf
-    \State $p, q \gets b \pm \Delta$
-    \State \strong{break}
-    \EndWhile
+      \State $b \gets (N - \eulerphi{N} + 1) \gg 1$
+      \State $\Delta, r \gets \dsqrt{b^2 - N}$
+      \If{$r \neq 0$} \strong{continue} \EndIf
+      \State $p \gets b + \Delta$
+      \State $q \gets b - \Delta$
+      \State \strong{break}
+    \EndFor
     \State \Return p, q
+    \EndFunction
   \end{algorithmic}
 \end{algorithm}