// Returns in gens a generating set for Zm* /<p>, and in ords the
// order of these generators. Return value is the order of p in Zm*.
long findGenerators(vector<long>& gens, vector<long>& ords, long m, long p)
{
gens.clear();
ords.clear();
// Compute the generators for (Z/mZ)^*
vector<long> classes(m);
vector<long> orders(m);
for (long i=0; i<m; i++) { // initially each element in its own class
if (GCD(i,m)!=1) classes[i] = 0; // i is not in (Z/mZ)^*
else classes[i] = i;
}
// Start building a representation of (Z/mZ)^*, first use the generator p
conjClasses(classes,p % m,m); // merge classes that have a factor of p
// The order of p is the size of the equivalence class of 1
#if 0
long ordP = std::count(classes.begin(), classes.end(), 1);
// count(from,to,val) returns # of elements in (from,to) with value=val
#else
long ordP = 0;
for (long i = 0; i < lsize(classes); i++)
if (classes[i] == 1) ordP++;
#endif
// Compute orders in (Z/mZ)^*/<p> while comparing to (Z/mZ)^*
while (true) {
compOrder(orders,classes,true,m);
// if the orders of i in Zm* /<p> and Zm* are not the same, then
// order[i] contains the order in Zm* /<p> with negative sign
long idx = argmax(orders, >AbsVal); // find the element with largest order
long largest = orders[idx];
if (abs(largest) == 1) break; // Trivial group, we are done
// store generator with same order as in (Z/mZ)^*
gens.push_back(idx);
ords.push_back(largest);
conjClasses(classes,idx,m); // merge classes that have a factor of idx
}
return ordP;
}
// Generate the representation of Z_m^* for a given odd integer m
// and plaintext base p
PAlgebra::PAlgebra(unsigned long mm, unsigned long pp)
{
m = mm;
p = pp;
assert( (m&1) == 1 );
assert( ProbPrime(p) );
// replaced by Mahdi after a conversation with Shai
// assert( m > p && (m % p) != 0 ); // original line
assert( (m % p) != 0 );
// end of replace by Mahdi
assert( m < NTL_SP_BOUND );
// Compute the generators for (Z/mZ)^*
vector<unsigned long> classes(m);
vector<long> orders(m);
unsigned long i;
for (i=0; i<m; i++) { // initially each element in its own class
if (GCD(i,m)!=1)
classes[i] = 0; // i is not in (Z/mZ)^*
else
classes[i] = i;
}
// Start building a representation of (Z/mZ)^*, first use the generator p
conjClasses(classes,p,m); // merge classes that have a factor of 2
// The order of p is the size of the equivalence class of 1
ordP = (unsigned long) count (classes.begin(), classes.end(), 1);
// Compute orders in (Z/mZ)^*/<p> while comparing to (Z/mZ)^*
long idx, largest;
while (true) {
compOrder(orders,classes,true,m);
idx = argmax(orders); // find the element with largest order
largest = orders[idx];
if (largest <= 0) break; // stop comparing to order in (Z/mZ)^*
// store generator with same order as in (Z/mZ)^*
gens.push_back(idx);
ords.push_back(largest);
conjClasses(classes,idx,m); // merge classes that have a factor of idx
}
// Compute orders in (Z/mZ)^*/<p> without comparing to (Z/mZ)^*
while (true) {
compOrder(orders,classes,false,m);
idx = argmax(orders); // find the element with largest order
largest = orders[idx];
if (largest <= 0) break; // we have the trivial group, we are done
// store generator with different order than (Z/mZ)^*
gens.push_back(idx);
ords.push_back(-largest); // store with negative sign
conjClasses(classes,idx,m); // merge classes that have a factor of idx
}
nSlots = qGrpOrd();
phiM = ordP * nSlots;
// Allocate space for the various arrays
T.resize(nSlots);
dLogT.resize(nSlots*gens.size());
Tidx.assign(m,-1); // allocate m slots, initialize them to -1
zmsIdx.assign(m,-1); // allocate m slots, initialize them to -1
for (i=idx=0; i<m; i++) if (GCD(i,m)==1) zmsIdx[i] = idx++;
// Now fill the Tidx and dLogT translation tables. We identify an element
// t\in T with its representation t = \prod_{i=0}^n gi^{ei} mod m (where
// the gi's are the generators in gens[]) , represent t by the vector of
// exponents *in reverse order* (en,...,e1,e0), and order these vectors
// in lexicographic order.
// buffer is initialized to all-zero, which represents 1=\prod_i gi^0
vector<unsigned long> buffer(gens.size()); // temporaty holds exponents
i = idx = 0;
do {
unsigned long t = exponentiate(buffer);
for (unsigned long j=0; j<buffer.size(); j++) dLogT[idx++] = buffer[j];
T[i] = t; // The i'th element in T it t
Tidx[t] = i++; // the index of t in T is i
// increment buffer by one (in lexigoraphic order)
} while (nextExpVector(buffer)); // until we cover all the group
PhimX = Cyclotomic(m); // compute and store Phi_m(X)
// initialize prods array
long ndims = gens.size();
prods.resize(ndims+1);
prods[ndims] = 1;
for (long j = ndims-1; j >= 0; j--) {
prods[j] = OrderOf(j) * prods[j+1];
}
}