y = 1;
z = x;
while (e != 0) {
if (e odd) {
y = y * z;
}
z = z * z;
e = e div 2;
}
We introduce a counter to make the proof eaiser. The counter does not affect on the computation:
y = 1;
z = x;
i = 0;
while (e != 0) {
if (e odd) {
y = y * z;
}
z = z * z;
e = e div 2;
i = i + 1;
}
The loop invariants are:
z = x2i
and
xe0 = y * ze
Where e0 is the original input value in the
variable e. (There's no need to make the distinction for
x since it is not changed.)
We show that the invariants are true before the loop starts, i.e.,
Next, we assume that the invariants are true immediately after the
while test, and show that the body of the loop preserves the
invariant. Let e = 2e'+b, where b is a bit.
znew = z * z = x2i * x2i
= x(2i + 2i)
= x(2 * 2i)
= x(2i+1)
and since
inew = i + 1
znew = x(2inew)
so the z invariant holds.
Similarly we check the y invariant.
Mobile code is not much different, except in scale: typically the instruction set is much larger: native code or JVM byte codes. There are security differences -- with RPCs the very complex instructions are interpreted (much as system calls are interpreted instructions) and the interpretation ensures that access controls are enforced. With native code or JVM, the enforcement mechanisms differ: there is no enforcement for native code aside from that from the security kernel (and possibly other techniques such as SFI), and in the case of JVM a fixed security mechanism (Java's security model and byte code semantics) is used, as opposed to the typical roll-your-own security mechanism that are used in RPCs. (Secure RPC mechanisms exist, but are not widely used.)
bsy+cse227w02@cs.ucsd.edu, last updated
email bsy.