// This performs the GCD of the product of all previous moduli with the current one. // This uses around double the memory (minus quite a lot of overhead), and identifies // problematic input in O(n) time, but has to do another O(n) scan for each collision // to figure get the private key back. // If there are no collisions, this algorithm isn't parallel at all. // If we get a GCD that is the same as the modulus, we do a manual scan for either colliding Q or identical moduli // If we get a GCD lower than the modulus, we have one private key, then do a manual scan for others. func MulAccumGCD(moduli []*gmp.Int, collisions chan<- Collision) { accum := gmp.NewInt(1) gcd := new(gmp.Int) var wg sync.WaitGroup for i, modulus := range moduli { gcd.GCD(nil, nil, accum, modulus) if gcd.BitLen() != 1 { wg.Add(1) if gcd.Cmp(modulus) == 0 { go findGCD(&wg, moduli, i, collisions) continue } else { go findDivisors(&wg, moduli, i, gcd, collisions) gcd = new(gmp.Int) } } accum.Mul(accum, modulus) } wg.Wait() close(collisions) }