int main()
{ /* program to find a trap-door prime */
BOOL found;
int i,spins;
long seed;
big pp[NPRIMES],q,p,t;
FILE *fp;
mirsys(50,0);
for (i=0;i<NPRIMES;i++) pp[i]=mirvar(0);
q=mirvar(0);
t=mirvar(0);
p=mirvar(0);
printf("Enter 9 digit seed= ");
scanf("%ld",&seed);
getchar();
irand(seed);
printf("Enter 4 digit seed= ");
scanf("%d",&spins);
getchar();
for (i=0;i<spins;i++) brand();
convert(2,pp[0]);
do
{ /* find prime p = 2.pp[1].pp[2]....+1 */
convert(2,p);
for (i=1;i<NPRIMES-1;i++)
{ /* generate all but last prime */
bigdig(i+6,10,q);
nxprime(q,pp[i]);
multiply(p,pp[i],p);
}
do
{ /* find last prime component such that p is prime */
nxprime(q,q);
copy(q,pp[NPRIMES-1]);
multiply(p,pp[NPRIMES-1],t);
incr(t,1,t);
} while(!isprime(t));
copy(t,p);
found=TRUE;
for (i=0;i<NPRIMES;i++)
{ /* check that PROOT is a primitive root */
decr(p,1,q);
divide(q,pp[i],q);
powltr(PROOT,q,p,t);
if (size(t)==1)
{
found=FALSE;
break;
}
}
} while (!found);
fp=fopen("prime.dat","wt");
fprintf(fp,"%d\n",NPRIMES);
for (i=0;i<NPRIMES;i++) cotnum(pp[i],fp);
fclose(fp);
printf("prime= \n");
cotnum(p,stdout);
return 0;
}
int main()
{
FILE *fp;
big e,n,a,b,x,y,r;
epoint *g;
ebrick binst;
int i,d,ndig,nb,best,time,store,base,bits;
miracl *mip=mirsys(50,0);
n=mirvar(0);
e=mirvar(0);
a=mirvar(0);
b=mirvar(0);
x=mirvar(0);
y=mirvar(0);
r=mirvar(0);
fp=fopen("common.ecs","r");
fscanf(fp,"%d\n",&bits);
mip->IOBASE=16;
cinnum(n,fp);
cinnum(a,fp);
cinnum(b,fp);
cinnum(r,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
printf("modulus is %d bits in length\n",logb2(n));
printf("Enter size of exponent in bits = ");
scanf("%d",&nb);
getchar();
ebrick_init(&binst,x,y,a,b,n,nb);
printf("%d big numbers have been precomputed and stored\n",binst.store);
bigdig(nb,2,e); /* random exponent */
printf("naive method\n");
ecurve_init(a,b,n,MR_PROJECTIVE);
g=epoint_init();
epoint_set(x,y,0,g);
ecurve_mult(e,g,g);
epoint_get(g,x,y);
cotnum(x,stdout);
cotnum(y,stdout);
printf("Brickel et al method\n");
mul_brick(&binst,e,x,y);
ebrick_end(&binst);
cotnum(x,stdout);
cotnum(y,stdout);
return 0;
}
int main()
{
FILE *fp;
big e,n,g,a;
brick binst;
int window,nb,bits;
miracl *mip=mirsys(100,0);
n=mirvar(0);
e=mirvar(0);
a=mirvar(0);
g=mirvar(0);
fp=fopen("common.dss","rt");
fscanf(fp,"%d\n",&bits);
mip->IOBASE=16;
cinnum(n,fp);
cinnum(g,fp);
cinnum(g,fp);
mip->IOBASE=10;
printf("modulus is %d bits in length\n",logb2(n));
printf("Enter size of exponent in bits = ");
scanf("%d",&nb);
getchar();
printf("Enter window size in bits (1-10)= ");
scanf("%d",&window);
getchar();
if (!brick_init(&binst,g,n,window,nb))
{
printf("Failed to initialize\n");
return 0;
}
printf("%d big numbers have been precomputed and stored\n",(1<<window));
bigbits(nb,e); /* random exponent */
printf("naive method\n");
powmod(g,e,n,a);
cotnum(a,stdout);
printf("Comb method\n");
pow_brick(&binst,e,a);
brick_end(&binst);
cotnum(a,stdout);
return 0;
}
int main()
{ /* solve set of linear equations */
int i,j,n;
miracl *mip=mirsys(20,MAXBASE);
do
{
printf("Order of Hilbert matrix H= ");
scanf("%d",&n);
getchar();
} while (n<2 || n>49);
for (i=0;i<n;i++)
{
AA[i][n]=mirvar(0);
bb[i]=mirvar(1);
for (j=0;j<n;j++)
{
AA[i][j]=mirvar(0);
fconv(1,i+j+1,AA[i][j]);
}
}
if (gauss(AA,bb,n))
{
printf("\nSolution is\n");
for (i=0;i<n;i++)
{
printf("x[%d] = ",i+1);
cotnum(bb[i],stdout);
}
if (mip->EXACT) printf("Result is exact!\n");
}
else printf("H is singular!\n");
return 0;
}
int main()
{ /* Brents example program */
flash x,pi;
miracl *mip=mirsys(-35,0);
x=mirvar(0);
pi=mirvar(0);
mip->RPOINT=ON;
printf("Calculating pi..\n");
fpi(pi);
cotnum(pi,stdout); /* output pi */
printf("Calculating exp(pi*(163/9)^0.5)\n");
fconv(163,9,x);
froot(x,2,x);
fmul(x,pi,x);
fexp(x,x);
cotnum(x,stdout);
printf("Calculating exp(pi*(163)^0.5)\n");
fpower(x,3,x);
cotnum(x,stdout);
return 0;
}
int main()
{
FILE *fp;
int m,a,b,c;
big e,a2,a6,x,y,r;
epoint *g;
ebrick2 binst;
int i,d,ndig,nb,best,time,store,base;
miracl *mip=mirsys(50,0);
e=mirvar(0);
a2=mirvar(0);
a6=mirvar(0);
x=mirvar(0);
y=mirvar(0);
r=mirvar(0);
fp=fopen("common2.ecs","r");
fscanf(fp,"%d\n",&m);
mip->IOBASE=16;
cinnum(a2,fp);
cinnum(a6,fp);
cinnum(r,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
printf("modulus is %d bits in length\n",m);
printf("Enter size of exponent in bits = ");
scanf("%d",&nb);
getchar();
ebrick2_init(&binst,x,y,a2,a6,m,a,b,c,nb);
printf("%d big numbers have been precomputed and stored\n",binst.store);
bigdig(nb,2,e); /* random exponent */
printf("naive method\n");
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE);
g=epoint2_init();
epoint2_set(x,y,0,g);
ecurve2_mult(e,g,g);
epoint2_get(g,x,y);
cotnum(x,stdout);
cotnum(y,stdout);
zero(x); zero(y);
printf("Brickel et al method\n");
mul2_brick(&binst,e,x,y);
ebrick2_end(&binst);
cotnum(x,stdout);
cotnum(y,stdout);
return 0;
}
int main()
{
int ia,ib;
time_t seed;
epoint *g,*ea,*eb;
big a,b,p,q,n,p1,q1,phi,pa,pb,key,e,d,dp,dq,t,m,c,x,y,k,inv;
big primes[2],pm[2];
big_chinese ch;
miracl *mip;
#ifndef MR_NOFULLWIDTH
mip=mirsys(500,0);
#else
mip=mirsys(500,MAXBASE);
#endif
a=mirvar(0);
b=mirvar(0);
p=mirvar(0);
q=mirvar(0);
n=mirvar(0);
p1=mirvar(0);
q1=mirvar(0);
phi=mirvar(0);
pa=mirvar(0);
pb=mirvar(0);
key=mirvar(0);
e=mirvar(0);
d=mirvar(0);
dp=mirvar(0);
dq=mirvar(0);
t=mirvar(0);
m=mirvar(0);
c=mirvar(0);
pm[0]=mirvar(0);
pm[1]=mirvar(0);
x=mirvar(0);
y=mirvar(0);
k=mirvar(0);
inv=mirvar(0);
time(&seed);
irand((unsigned long)seed); /* change parameter for different values */
printf("First Diffie-Hellman Key exchange .... \n");
cinstr(p,primetext);
/* offline calculations could be done quicker using Comb method
- See brick.c. Note use of "truncated exponent" of 160 bits -
could be output of hash function SHA (see mrshs.c) */
printf("\nAlice's offline calculation\n");
bigbits(160,a);
/* 3 generates the sub-group of prime order (p-1)/2 */
powltr(3,a,p,pa);
printf("Bob's offline calculation\n");
bigbits(160,b);
powltr(3,b,p,pb);
printf("Alice calculates Key=\n");
powmod(pb,a,p,key);
cotnum(key,stdout);
printf("Bob calculates Key=\n");
powmod(pa,b,p,key);
cotnum(key,stdout);
printf("Alice and Bob's keys should be the same!\n");
/*
Now Elliptic Curve version of the above.
Curve is y^2=x^3+Ax+B mod p, where A=-3, B and p as above
"Primitive root" is the point (x,y) above, which is of large prime order q.
In this case actually
q=FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
*/
printf("\nLets try that again using elliptic curves .... \n");
convert(-3,a);
mip->IOBASE=16;
cinstr(b,ecb);
cinstr(p,ecp);
ecurve_init(a,b,p,MR_BEST); /* Use PROJECTIVE if possible, else AFFINE coordinates */
g=epoint_init();
cinstr(x,ecx);
cinstr(y,ecy);
mip->IOBASE=10;
epoint_set(x,y,0,g);
ea=epoint_init();
eb=epoint_init();
epoint_copy(g,ea);
epoint_copy(g,eb);
printf("Alice's offline calculation\n");
bigbits(160,a);
ecurve_mult(a,ea,ea);
ia=epoint_get(ea,pa,pa); /* <ia,pa> is compressed form of public key */
printf("Bob's offline calculation\n");
bigbits(160,b);
ecurve_mult(b,eb,eb);
ib=epoint_get(eb,pb,pb); /* <ib,pb> is compressed form of public key */
printf("Alice calculates Key=\n");
epoint_set(pb,pb,ib,eb); /* decompress eb */
ecurve_mult(a,eb,eb);
epoint_get(eb,key,key);
cotnum(key,stdout);
printf("Bob calculates Key=\n");
epoint_set(pa,pa,ia,ea); /* decompress ea */
ecurve_mult(b,ea,ea);
epoint_get(ea,key,key);
cotnum(key,stdout);
printf("Alice and Bob's keys should be the same! (but much smaller)\n");
epoint_free(g);
epoint_free(ea);
epoint_free(eb);
/* El Gamal's Method */
printf("\nTesting El Gamal's public key method\n");
cinstr(p,primetext);
bigbits(160,x); /* x<p */
powltr(3,x,p,y); /* y=3^x mod p*/
decr(p,1,p1);
mip->IOBASE=128;
cinstr(m,text);
mip->IOBASE=10;
do
{
bigbits(160,k);
} while (egcd(k,p1,t)!=1);
powltr(3,k,p,a); /* a=3^k mod p */
powmod(y,k,p,b);
mad(b,m,m,p,p,b); /* b=m*y^k mod p */
printf("Ciphertext= \n");
cotnum(a,stdout);
cotnum(b,stdout);
zero(m); /* proof of pudding... */
subtract(p1,x,t);
powmod(a,t,p,m);
mad(m,b,b,p,p,m); /* m=b/a^x mod p */
printf("Plaintext= \n");
mip->IOBASE=128;
cotnum(m,stdout);
mip->IOBASE=10;
/* RSA. Generate primes p & q. Use e=65537, and find d=1/e mod (p-1)(q-1) */
printf("\nNow generating 512-bit random primes p and q\n");
do
{
bigbits(512,p);
if (subdivisible(p,2)) incr(p,1,p);
while (!isprime(p)) incr(p,2,p);
bigbits(512,q);
if (subdivisible(q,2)) incr(q,1,q);
while (!isprime(q)) incr(q,2,q);
multiply(p,q,n); /* n=p.q */
lgconv(65537L,e);
decr(p,1,p1);
decr(q,1,q1);
multiply(p1,q1,phi); /* phi =(p-1)*(q-1) */
} while (xgcd(e,phi,d,d,t)!=1);
cotnum(p,stdout);
cotnum(q,stdout);
printf("n = p.q = \n");
cotnum(n,stdout);
/* set up for chinese remainder thereom */
/* primes[0]=p;
primes[1]=q;
crt_init(&ch,2,primes);
*/
/* use simple CRT as only two primes */
xgcd(p,q,inv,inv,inv); /* 1/p mod q */
copy(d,dp);
copy(d,dq);
divide(dp,p1,p1); /* dp=d mod p-1 */
divide(dq,q1,q1); /* dq=d mod q-1 */
mip->IOBASE=128;
cinstr(m,text);
mip->IOBASE=10;
printf("Encrypting test string\n");
powmod(m,e,n,c);
printf("Ciphertext= \n");
cotnum(c,stdout);
zero(m);
printf("Decrypting test string\n");
powmod(c,dp,p,pm[0]); /* get result mod p */
powmod(c,dq,q,pm[1]); /* get result mod q */
subtract(pm[1],pm[0],pm[1]); /* poor man's CRT */
mad(inv,pm[1],inv,q,q,m);
multiply(m,p,m);
add(m,pm[0],m);
/* crt(&ch,pm,m); combine them using CRT */
printf("Plaintext= \n");
mip->IOBASE=128;
cotnum(m,stdout);
/* crt_end(&ch); */
return 0;
}
int main()
{
FILE *fp;
char ifname[13],ofname[13];
big p,q,g,x,r,s,k,hash;
long seed;
int bits;
miracl *mip;
/* get public data */
fp=fopen("common.dss","r");
if (fp==NULL)
{
printf("file common.dss does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&bits);
mip=mirsys(3+bits/MIRACL,0);
p=mirvar(0);
q=mirvar(0);
g=mirvar(0);
x=mirvar(0);
r=mirvar(0);
s=mirvar(0);
k=mirvar(0);
hash=mirvar(0);
mip->IOBASE=16;
cinnum(p,fp);
cinnum(q,fp);
cinnum(g,fp);
mip->IOBASE=10;
fclose(fp);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
/* calculate r - this can be done offline,
and hence amortized to almost nothing */
bigrand(q,k);
powmod(g,k,p,r); /* see brick.c for method to speed this up */
divide(r,q,q);
/* get private key of signer */
fp=fopen("private.dss","r");
if (fp==NULL)
{
printf("file private.dss does not exist\n");
return 0;
}
cinnum(x,fp);
fclose(fp);
/* calculate message digest */
printf("file to be signed = ");
gets(ifname);
strcpy(ofname,ifname);
strip(ofname);
strcat(ofname,".dss");
if ((fp=fopen(ifname,"rb"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
hashing(fp,hash);
fclose(fp);
/* calculate s */
xgcd(k,q,k,k,k);
mad(x,r,hash,q,q,s);
mad(s,k,k,q,q,s);
fp=fopen(ofname,"w");
cotnum(r,fp);
cotnum(s,fp);
fclose(fp);
mirexit();
return 0;
}
int main()
{
FILE *fp;
int m,a,b,c,cf;
miracl *mip;
char ifname[13],ofname[13];
big a2,a6,q,x,y,d,r,s,k,hash;
epoint *g;
long seed;
/* get public data */
fp=fopen("common2.ecs","r");
if (fp==NULL)
{
printf("file common2.ecs does not exist\n");
return 0;
}
fscanf(fp,"%d\n",&m);
mip=mirsys(3+m/MIRACL,0);
a2=mirvar(0);
a6=mirvar(0);
q=mirvar(0);
x=mirvar(0);
y=mirvar(0);
d=mirvar(0);
r=mirvar(0);
s=mirvar(0);
k=mirvar(0);
hash=mirvar(0);
mip->IOBASE=16;
cinnum(a2,fp); /* curve parameters */
cinnum(a6,fp); /* curve parameters */
cinnum(q,fp); /* order of (x,y) */
cinnum(x,fp); /* (x,y) point on curve of order q */
cinnum(y,fp);
mip->IOBASE=10;
fscanf(fp,"%d\n",&a);
fscanf(fp,"%d\n",&b);
fscanf(fp,"%d\n",&c);
fclose(fp);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
ecurve2_init(m,a,b,c,a2,a6,FALSE,MR_PROJECTIVE); /* initialise curve */
g=epoint2_init();
epoint2_set(x,y,0,g); /* set point of order q */
/* calculate r - this can be done offline,
and hence amortized to almost nothing */
bigrand(q,k);
ecurve2_mult(k,g,g); /* see ebrick2.c for method to speed this up */
epoint2_get(g,r,r);
divide(r,q,q);
/* get private key of signer */
fp=fopen("private.ecs","r");
if (fp==NULL)
{
printf("file private.ecs does not exist\n");
return 0;
}
cinnum(d,fp);
fclose(fp);
/* calculate message digest */
printf("file to be signed = ");
gets(ifname);
strcpy(ofname,ifname);
strip(ofname);
strcat(ofname,".ecs");
if ((fp=fopen(ifname,"rb"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
hashing(fp,hash);
fclose(fp);
/* calculate s */
xgcd(k,q,k,k,k);
mad(d,r,hash,q,q,s);
mad(s,k,k,q,q,s);
fp=fopen(ofname,"w");
cotnum(r,fp);
cotnum(s,fp);
fclose(fp);
return 0;
}
int main()
{
int i;
FILE *fp;
big K,rid,id,w,a,b,n,q1;
miracl *mip=mirsys(200,256);
for (i=0;i<NPRIMES;i++)
{
pp[i]=mirvar(0);
rem[i]=mirvar(0);
}
w=mirvar(0);
n=mirvar(0);
a=mirvar(0);
b=mirvar(0);
p=mirvar(0);
p1=mirvar(0);
q1=mirvar(0);
K=mirvar(0);
lim1=mirvar(0);
lim2=mirvar(0);
id=mirvar(0);
rid=mirvar(0);
order=mirvar(0);
printf("Enter ID= ");
innum(rid,stdin);
getprime("trap1.dat");
copy(p,n);
getprime("trap2.dat");
multiply(n,p,n);
printf("\ncomposite =\n");
cotnum(n,stdout);
premult(rid,256,id);
while (jack(id,n)!=1)
{ /* bad identity - id=256*rid+i */
printf("No Discrete Log. for this ID -- incrementing\n");
incr(id,1,id);
}
getprime("trap1.dat");
copy(p1,q1);
pollard(id,b);
getprime("trap2.dat");
pollard(id,a);
xgcd(p1,q1,K,K,K);
subtract(b,a,w);
mad(w,K,w,q1,q1,w);
if(size(w)<0) add_r(w,q1,w);
subdiv(w,2,w);
multiply(w,p1,w);
add_r(w,a,w);
fp=fopen("secret.dat","w");
otnum(rid,fp);
cotnum(w,fp);
cotnum(n,fp);
fclose(fp);
printf("\nDiscrete log (secret key) \n");
cotnum(w,stdout);
powltr(PROOT,w,n,id);
subdiv(id,256,id);
otstr(id,mip->IOBUFF);
printf("Check Identity= %s\n",mip->IOBUFF);
return 0;
}
int SM9_standard_key_encap(unsigned char hid[], unsigned char *IDB, unsigned char rand[],
unsigned char Ppub[], unsigned char C[], unsigned char K[], int Klen)
{
big h, x, y, r;
epoint *Ppube, *QB, *Cipher;
unsigned char *Z = NULL;
int Zlen, buf, i, num = 0;
zzn12 g, w;
//initiate
h = mirvar(0);
r = mirvar(0);
x = mirvar(0);
y = mirvar(0);
QB = epoint_init();
Ppube = epoint_init();
Cipher = epoint_init();
zzn12_init(&g);
zzn12_init(&w);
bytes_to_big(BNLEN, Ppub, x);
bytes_to_big(BNLEN, Ppub + BNLEN, y);
epoint_set(x, y, 0, Ppube);
//----------Step1:calculate QB=[H1(IDB||hid,N)]P1+Ppube----------
Zlen = strlen(IDB) + 1;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
memcpy(Z, IDB, strlen(IDB));
memcpy(Z + strlen(IDB), hid, 1);
buf = SM9_standard_h1(Z, Zlen, N, h);
free(Z);
if(buf)
return buf;
printf("\n************************ H1(IDB||hid,N) ************************\n");
cotnum(h, stdout);
ecurve_mult(h, P1, QB);
ecurve_add(Ppube, QB);
printf("\n*******************QB:=[H1(IDB||hid,N)]P1+Ppube*****************\n");
epoint_get(QB, x, y);
cotnum(x, stdout);
cotnum(y, stdout);
//-------------------- Step2:randnom -------------------
bytes_to_big(BNLEN, rand, r);
printf("\n***********************randnum r: ******************************\n");
cotnum(r, stdout);
//----------------Step3:C=[r]QB------------------------
ecurve_mult(r, QB, Cipher);
epoint_get(Cipher, x, y);
printf("\n*********************** C=[r]QB: ******************************\n");
cotnum(x, stdout);
cotnum(y, stdout);
big_to_bytes(BNLEN, x, C, 1);
big_to_bytes(BNLEN, y, C + BNLEN, 1);
//----------------Step4:g=e(Ppube,P2)------------------------
if(!ecap(P2, Ppube, para_t, X, &g))
return SM9_MY_ECAP_12A_ERR;
//test if a ZZn12 element is of order q
if(!member(g, para_t, X))
return SM9_MEMBER_ERR;
printf("\n***********************g=e(Ppube,P2):****************************\n");
zzn12_ElementPrint(g);
//----------------Step5:w=g^r------------------------
w = zzn12_pow(g, r);
printf("\n************************* w=g^r:*********************************\n");
zzn12_ElementPrint(w);
//----------------Step6:K=KDF(C||w||IDB,klen)------------------------
Zlen = strlen(IDB) + BNLEN * 14;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
memcpy(Z + BNLEN * 14, IDB, strlen(IDB));
SM3_kdf(Z, Zlen, Klen, K);
free(Z);
//----------------test if K equals 0------------------------
printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
for(i = 0; i < Klen; i++)
{
if(K[i] == 0)
num += 1;
printf("%02x", K[i]);
}
if(num == Klen)
return SM9_ERR_K1_ZERO;
return 0;
}
int main()
{ /* factoring program using Williams (p+1) method */
int k,phase,m,nt,iv,pos,btch;
long i,p,pa,interval;
big b,q,n,fp,fvw,fd,fn,t;
static big fu[1+MULT/2];
static BOOL cp[1+MULT/2];
mip=mirsys(30,0);
b=mirvar(0);
q=mirvar(0);
n=mirvar(0);
t=mirvar(0);
fp=mirvar(0);
fvw=mirvar(0);
fd=mirvar(0);
fn=mirvar(0);
gprime(LIMIT1);
for (m=1;m<=MULT/2;m+=2)
if (igcd(MULT,m)==1)
{
fu[m]=mirvar(0);
cp[m]=TRUE;
}
else cp[m]=FALSE;
printf("input number to be factored\n");
cinnum(n,stdin);
if (isprime(n))
{
printf("this number is prime!\n");
return 0;
}
for (nt=0,k=3;k<10;k++)
{ /* try more than once for p+1 condition (may be p-1) */
convert(k,b); /* try b=3,4,5.. */
convert((k*k-4),t);
if (egcd(t,n,t)!=1) continue; /* check (b*b-4,n)!=0 */
nt++;
phase=1;
p=0;
btch=50;
i=0;
printf("phase 1 - trying all primes less than %d\n",LIMIT1);
printf("prime= %8ld",p);
forever
{ /* main loop */
if (phase==1)
{ /* looking for all factors of p+1 < LIMIT1 */
p=mip->PRIMES[i];
if (mip->PRIMES[i+1]==0)
{ /* now change gear */
phase=2;
printf("\nphase 2 - trying last prime less than %ld\n"
,LIMIT2);
printf("prime= %8ld",p);
copy(b,fu[1]);
copy(b,fp);
mad(b,b,b,n,n,fd);
decr(fd,2,fd);
negify(b,t);
mad(fd,b,t,n,n,fn);
for (m=5;m<=MULT/2;m+=2)
{ /* store fu[m] = Vm(b) */
negify(fp,t);
mad(fn,fd,t,n,n,t);
copy(fn,fp);
copy(t,fn);
if (!cp[m]) continue;
copy(t,fu[m]);
}
convert(MULT,t);
lucas(b,t,n,fp,fd);
iv=(int)(p/MULT);
if (p%MULT>MULT/2) iv++;
interval=(long)iv*MULT;
p=interval+1;
convert(iv,t);
lucas(fd,t,n,fp,fvw);
negify(fp,fp);
subtract(fvw,fu[p%MULT],q);
marks(interval);
btch*=100;
i++;
continue;
}
pa=p;
while ((LIMIT1/p) > pa) pa*=p;
convert((int)pa,t);
lucas(b,t,n,fp,q);
copy(q,b);
decr(q,2,q);
}
else
{ /* phase 2 - looking for last large prime factor of (p+1) */
p+=2;
pos=(int)(p%MULT);
if (pos>MULT/2)
{ /* increment giant step */
iv++;
interval=(long)iv*MULT;
p=interval+1;
marks(interval);
pos=1;
copy(fvw,t);
mad(fvw,fd,fp,n,n,fvw);
negify(t,fp);
}
if (!cp[pos]) continue;
/* if neither interval+/-pos is prime, don't bother */
if (!plus[pos] && !minus[pos]) continue;
subtract(fvw,fu[pos],t);
mad(q,t,t,n,n,q); /* batching gcds */
}
if (i++%btch==0)
{ /* try for a solution */
printf("\b\b\b\b\b\b\b\b%8ld",p);
fflush(stdout);
egcd(q,n,t);
if (size(t)==1)
{
if (p>LIMIT2) break;
else continue;
}
if (compare(t,n)==0)
{
printf("\ndegenerate case");
break;
}
printf("\nfactors are\n");
if (isprime(t)) printf("prime factor ");
else printf("composite factor ");
cotnum(t,stdout);
divide(n,t,n);
if (isprime(n)) printf("prime factor ");
else printf("composite factor ");
cotnum(n,stdout);
return 0;
}
}
if (nt>=NTRYS) break;
printf("\ntrying again\n");
}
printf("\nfailed to factor\n");
return 0;
}
int main()
{ /* Pollard's lambda algorithm for finding discrete logs *
* which are known to be less than a certain limit LIMIT */
big x,n,t,trap,table[32];
int i,j,m;
long dm,dn,s,distance[32];
miracl *mip=mirsys(50,0);
x=mirvar(0);
n=mirvar(0);
t=mirvar(0);
trap=mirvar(0);
for (s=1L,m=1;;m++)
{ /* find table size */
distance[m-1]=s;
s*=2;
if ((2*s/m)>(LEAPS/4)) break;
}
mip->IOBASE=60; /* get large modulus */
cinstr(n,modulus);
mip->IOBASE=10;
printf("solve discrete logarithm problem - using Pollard's kangaroos\n");
printf("finds x in y=%d^x mod n, given y, for fixed n and small x\n",ALPHA);
printf("known to be less than %ld\n",LIMIT);
printf("n= ");
cotnum(n,stdout);
for (i=0;i<m;i++)
{ /* create table */
lgconv(distance[i],t);
table[i]=mirvar(0);
powltr(ALPHA,t,n,table[i]);
}
lgconv(LIMIT,t);
powltr(ALPHA,t,n,x);
printf("setting trap .... \n");
for (dn=0L,j=0;j<LEAPS;j++)
{ /* set traps beyond LIMIT using tame kangaroo */
i=subdiv(x,m,t); /* random function */
mad(x,table[i],x,n,n,x);
dn+=distance[i];
}
printf("trap set!\n");
copy(x,trap);
forever
{ /* ready to solve */
printf("Enter x= ");
cinnum(x,stdin);
if (size(x)<=0) break;
powltr(ALPHA,x,n,t);
printf("y= ");
cotnum(t,stdout);
copy(t,x);
for (dm=0L;;)
{ /* unlease wild kangaroo - boing - boing ... */
i=subdiv(x,m,t);
mad(x,table[i],x,n,n,x);
dm+=distance[i];
if (compare(x,trap)==0 || dm>LIMIT+dn) break;
}
if (dm>LIMIT+dn)
{ /* trap stepped over */
printf("trap failed\n");
continue;
}
printf("Gotcha!\n");
printf("Discrete log of y= %ld\n",LIMIT+dn-dm);
}
return 0;
}
int main()
{ /* decode using private key */
int i;
big e,ep[NP],m,ke,kd,p[NP],kp[NP],mn,mx;
FILE *ifile;
FILE *ofile;
char ifname[13],ofname[13];
BOOL flo;
big_chinese ch;
mip=mirsys(100,0);
for (i=0;i<NP;i++)
{
p[i]=mirvar(0);
ep[i]=mirvar(0);
kp[i]=mirvar(0);
}
e=mirvar(0);
m=mirvar(0);
kd=mirvar(0);
ke=mirvar(0);
mn=mirvar(0);
mx=mirvar(0);
mip->IOBASE=60;
if ((ifile=fopen("private.key","r"))==NULL)
{
printf("Unable to open file private.key\n");
return 0;
}
for (i=0;i<NP;i++)
{
cinnum(p[i],ifile);
}
fclose(ifile);
/* generate public and private keys */
convert(1,ke);
for (i=0;i<NP;i++)
{
multiply(ke,p[i],ke);
}
for (i=0;i<NP;i++)
{ /* kp[i]=(2*(p[i]-1)+1)/3 = 1/3 mod p[i]-1 */
decr(p[i],1,kd);
premult(kd,2,kd);
incr(kd,1,kd);
subdiv(kd,3,kp[i]);
}
crt_init(&ch,NP,p);
nroot(ke,3,mn);
multiply(mn,mn,m);
multiply(mn,m,mx);
subtract(mx,m,mx);
do
{ /* get input file */
printf("file to be decoded = ");
gets(ifname);
} while (strlen(ifname)==0);
strip(ifname);
strcat(ifname,".rsa");
printf("output filename = ");
gets(ofname);
flo=FALSE;
if (strlen(ofname)>0)
{ /* set up output file */
flo=TRUE;
ofile=fopen(ofname,"w");
}
printf("decoding message\n");
if ((ifile=fopen(ifname,"r"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
forever
{ /* decode line by line */
mip->IOBASE=60;
cinnum(m,ifile);
if (size(m)==0) break;
for (i=0;i<NP;i++)
powmod(m,kp[i],p[i],ep[i]);
crt(&ch,ep,e); /* Chinese remainder thereom */
if (compare(e,mx)>=0) divide(e,mn,mn);
mip->IOBASE=128;
if (flo) cotnum(e,ofile);
cotnum(e,stdout);
}
crt_end(&ch);
fclose(ifile);
if (flo) fclose(ofile);
printf("message ends\n");
return 0;
}
int main()
{
FILE *fp;
big e,n,a,b,x,y,r;
epoint *g;
ebrick binst;
int nb,bits,window,len,bptr,m,i,j;
miracl *mip=mirsys(50,0);
n=mirvar(0);
e=mirvar(0);
a=mirvar(0);
b=mirvar(0);
x=mirvar(0);
y=mirvar(0);
r=mirvar(0);
#ifndef MR_EDWARDS
fp=fopen("common.ecs","rt");
#else
fp=fopen("edwards.ecs","rt");
#endif
fscanf(fp,"%d\n",&bits);
mip->IOBASE=16;
cinnum(n,fp);
cinnum(a,fp);
cinnum(b,fp);
cinnum(r,fp);
cinnum(x,fp);
cinnum(y,fp);
mip->IOBASE=10;
printf("modulus is %d bits in length\n",logb2(n));
printf("Enter max. size of exponent in bits = ");
scanf("%d",&nb);
getchar();
printf("Enter window size in bits (1-10)= ");
scanf("%d",&window);
getchar();
ebrick_init(&binst,x,y,a,b,n,window,nb);
/* Print out the precomputed table (for use in ecdhp.c ?)
In which case make sure that MR_SPECIAL is defined and
active in the build of this program, so MR_COMBA must
also be defined as the number of words in the modulus *
len=MR_ROUNDUP(bits,MIRACL);
bptr=0;
for (i=0;i<2*(1<<window);i++)
{
for (j=0;j<len;j++)
{
printf("0x%x,",binst.table[bptr++]);
}
printf("\n");
}
*/
printf("%d elliptic curve points have been precomputed and stored\n",(1<< window));
bigbits(nb,e); /* random exponent */
printf("naive method\n");
ecurve_init(a,b,n,MR_PROJECTIVE);
g=epoint_init();
epoint_set(x,y,0,g);
ecurve_mult(e,g,g);
epoint_get(g,x,y);
cotnum(x,stdout);
cotnum(y,stdout);
printf("Comb method\n");
mul_brick(&binst,e,x,y);
ebrick_end(&binst);
cotnum(x,stdout);
cotnum(y,stdout);
return 0;
}
int main()
{ /* encode using public key */
big e,m,y,ke,mn,mx;
FILE *ifile;
FILE *ofile;
static char line[500];
static char buff[256];
char ifname[13],ofname[13];
BOOL fli,last;
int i,ipt,klen;
mip=mirsys(100,0);
e=mirvar(0);
m=mirvar(0);
y=mirvar(0);
ke=mirvar(0);
mn=mirvar(0);
mx=mirvar(0);
if ((ifile=fopen("public.key","rt"))==NULL)
{
printf("Unable to open file public.key\n");
return 0;
}
mip->IOBASE=16;
cinnum(ke,ifile);
fclose(ifile);
nroot(ke,3,mn);
multiply(mn,mn,m);
multiply(mn,m,mx);
subtract(mx,m,mx);
klen=0;
copy(mx,m);
while (size(m)>0)
{ /* find key length in characters */
klen++;
subdiv(m,128,m);
}
klen--;
printf("file to be encoded = ");
gets(ifname);
fli=FALSE;
if (strlen(ifname)>0) fli=TRUE;
if (fli)
{ /* set up input file */
strcpy(ofname,ifname);
strip(ofname);
strcat(ofname,".rsa");
if ((ifile=fopen(ifname,"rt"))==NULL)
{
printf("Unable to open file %s\n",ifname);
return 0;
}
printf("encoding message\n");
}
else
{ /* accept input from keyboard */
ifile=stdin;
do
{
printf("output filename = ");
gets(ofname);
} while (strlen(ofname)==0);
strip(ofname);
strcat(ofname,".rsa");
printf("input message - finish with cntrl z\n");
}
ofile=fopen(ofname,"wt");
ipt=0;
last=FALSE;
while (!last)
{ /* encode line by line */
if (fgets(&line[ipt],132,ifile)==NULL) last=TRUE;
if (line[ipt]==EOF) last=TRUE;
ipt=strlen(line);
if (ipt<klen && !last) continue;
while (ipt>=klen)
{ /* chop up into klen-sized chunks and encode */
for (i=0;i<klen;i++)
buff[i]=line[i];
buff[klen]='\0';
for (i=klen;i<=ipt;i++)
line[i-klen]=line[i];
ipt-=klen;
mip->IOBASE=128;
cinstr(m,buff);
power(m,3,ke,e);
mip->IOBASE=16;
cotnum(e,ofile);
}
if (last && ipt>0)
{ /* now deal with left overs */
mip->IOBASE=128;
cinstr(m,line);
if (compare(m,mn)<0)
{ /* pad out with random number if necessary */
bigrand(mn,y);
multiply(mn,mn,e);
subtract(e,y,e);
multiply(mn,e,y);
add(m,y,m);
}
power(m,3,ke,e);
mip->IOBASE=16;
cotnum(e,ofile);
}
}
fclose(ofile);
if (fli) fclose(ifile);
return 0;
}
int main()
{ /* factoring program using Brents method */
long k,r,i,m,iter;
big x,y,z,n,q,ys,c3;
#ifndef MR_STATIC
miracl *mip=mirsys(16,0); /* if allocating from the heap, specify size of bigs here */
char *mem=memalloc(7); /* allocate and clear memory from the heap for 7 bigs */
#else
miracl *mip=mirsys(MR_STATIC,0); /* If allocating from the stack, size of bigs is pre-defined */
char mem[MR_BIG_RESERVE(7)]; /* reserve space on the stack for 7 bigs ... */
memset(mem,0,MR_BIG_RESERVE(7)); /* ... and clear this memory */
#endif
x=mirvar_mem(mem,0); /* 7 bigs have index from 0-6 */
y=mirvar_mem(mem,1);
ys=mirvar_mem(mem,2);
z=mirvar_mem(mem,3);
n=mirvar_mem(mem,4);
q=mirvar_mem(mem,5);
c3=mirvar_mem(mem,6);
convert(3,c3);
printf("input number to be factored\n");
cinnum(n,stdin);
if (isprime(n))
{
printf("this number is prime!\n");
return 0;
}
m=10L;
r=1L;
iter=0L;
do
{
printf("iterations=%5ld",iter);
convert(1,q);
do
{
copy(y,x);
for (i=1L;i<=r;i++)
mad(y,y,c3,n,n,y);
k=0;
do
{
iter++;
if (iter%10==0) printf("\b\b\b\b\b%5ld",iter);
fflush(stdout);
copy(y,ys);
for (i=1L;i<=mr_min(m,r-k);i++)
{
mad(y,y,c3,n,n,y);
subtract(y,x,z);
mad(z,q,q,n,n,q);
}
egcd(q,n,z);
k+=m;
} while (k<r && size(z)==1);
r*=2;
} while (size(z)==1);
if (compare(z,n)==0) do
{ /* back-track */
mad(ys,ys,c3,n,n,ys);
subtract(ys,x,z);
} while (egcd(z,n,z)==1);
if (!isprime(z))
printf("\ncomposite factor ");
else printf("\nprime factor ");
cotnum(z,stdout);
if (compare(z,n)==0) return 0;
divide(n,z,n);
divide(y,n,n);
} while (!isprime(n));
printf("prime factor ");
cotnum(n,stdout);
#ifndef MR_STATIC
memkill(mem,7); /* delete all 7 bigs */
#else
memset(mem,0,MR_BIG_RESERVE(7)); /* clear memory used for bigs */
#endif
return 0;
}
int main()
{
FILE *fp;
big p,q,h,g,n,s,t;
long seed;
miracl *mip=mirsys(100,0);
p=mirvar(0);
q=mirvar(0);
h=mirvar(0);
g=mirvar(0);
n=mirvar(0);
s=mirvar(0);
t=mirvar(0);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
/* generate q */
forever
{
bigbits(QBITS,q);
nxprime(q,q);
if (logb2(q)>QBITS) continue;
break;
}
printf("q= ");
cotnum(q,stdout);
/* generate p */
expb2(PBITS,t);
decr(t,1,t);
premult(q,2,n);
divide(t,n,t);
expb2(PBITS-1,s);
decr(s,1,s);
divide(s,n,s);
forever
{
bigrand(t,p);
if (mr_compare(p,s)<=0) continue;
premult(p,2,p);
multiply(p,q,p);
incr(p,1,p);
copy(p,n);
if (isprime(p)) break;
}
printf("p= ");
cotnum(p,stdout);
/* generate g */
do {
decr(p,1,t);
bigrand(t,h);
divide(t,q,t);
powmod(h,t,p,g);
} while (size(g)==1);
printf("g= ");
cotnum(g,stdout);
fp=fopen("common.dss","wt");
fprintf(fp,"%d\n",PBITS);
mip->IOBASE=16;
cotnum(p,fp);
cotnum(q,fp);
cotnum(g,fp);
fclose(fp);
return 0;
}
int main()
{ /* factoring program using Lenstras Elliptic Curve method */
int phase,m,k,nc,iv,pos,btch,u,v;
long i,p,pa,interval;
big q,x,z,a,x1,z1,x2,z2,xt,zt,n,fvw;
static big fu[1+MULT/2];
static BOOL cp[1+MULT/2];
mip=mirsys(30,0);
q=mirvar(0);
x=mirvar(0);
z=mirvar(0);
a=mirvar(0);
x1=mirvar(0);
z1=mirvar(0);
x2=mirvar(0);
z2=mirvar(0);
n=mirvar(0);
t=mirvar(0);
s1=mirvar(0);
d1=mirvar(0);
s2=mirvar(0);
d2=mirvar(0);
ak=mirvar(0);
xt=mirvar(0);
zt=mirvar(0);
fvw=mirvar(0);
w=mirvar(0);
gprime(LIMIT1);
for (m=1;m<=MULT/2;m+=2)
if (igcd(MULT,m)==1)
{
fu[m]=mirvar(0);
cp[m]=TRUE;
}
else cp[m]=FALSE;
printf("input number to be factored\n");
cinnum(n,stdin);
if (isprime(n))
{
printf("this number is prime!\n");
return 0;
}
prepare_monty(n);
for (nc=1,k=6;k<100;k++)
{ /* try a new curve */
/* generating an elliptic curve */
u=k*k-5;
v=4*k;
convert(u,x); nres(x,x);
convert(v,z); nres(z,z);
nres_modsub(z,x,a); /* a=v-u */
copy(x,t);
nres_modmult(x,x,x);
nres_modmult(x,t,x); /* x=u^3 */
copy(z,t);
nres_modmult(z,z,z);
nres_modmult(z,t,z); /* z=v^3 */
copy(a,t);
nres_modmult(t,t,t);
nres_modmult(t,a,t); /* t=(v-u)^3 */
convert(3*u,a); nres(a,a);
convert(v,ak); nres(ak,ak);
nres_modadd(a,ak,a);
nres_modmult(t,a,t); /* t=(v-u)^3.(3u+v) */
convert(u,a); nres(a,a);
copy(a,ak);
nres_modmult(a,a,a);
nres_modmult(a,ak,a); /* a=u^3 */
convert(v,ak); nres(ak,ak);
nres_modmult(a,ak,a); /* a=u^3.v */
nres_premult(a,16,a);
nres_moddiv(t,a,ak); /* ak=(v-u)^3.(3u+v)/16u^3v */
nc++;
phase=1;
p=0;
i=0;
btch=50;
printf("phase 1 - trying all primes less than %d\n",LIMIT1);
printf("prime= %8ld",p);
forever
{ /* main loop */
if (phase==1)
{
p=mip->PRIMES[i];
if (mip->PRIMES[i+1]==0)
{ /* now change gear */
phase=2;
printf("\nphase 2 - trying last prime less than %ld\n",
LIMIT2);
printf("prime= %8ld",p);
copy(x,xt);
copy(z,zt);
nres_modadd(x,z,s2);
nres_modsub(x,z,d2); /* P = (s2,d2) */
duplication(s2,d2,x,z);
nres_modadd(x,z,s1);
nres_modsub(x,z,d1); /* 2.P = (s1,d1) */
nres_moddiv(x1,z1,fu[1]); /* fu[1] = x1/z1 */
addition(x1,z1,s1,d1,s2,d2,x2,z2); /* 3.P = (x2,z2) */
for (m=5;m<=MULT/2;m+=2)
{ /* calculate m.P = (x,z) and store fu[m] = x/z */
nres_modadd(x2,z2,s2);
nres_modsub(x2,z2,d2);
addition(x1,z1,s2,d2,s1,d1,x,z);
copy(x2,x1);
copy(z2,z1);
copy(x,x2);
copy(z,z2);
if (!cp[m]) continue;
copy(z2,fu[m]);
nres_moddiv(x2,fu[m],fu[m]);
}
ellipse(xt,zt,MULT,x,z,x2,z2);
nres_modadd(x,z,xt);
nres_modsub(x,z,zt); /* MULT.P = (xt,zt) */
iv=(int)(p/MULT);
if (p%MULT>MULT/2) iv++;
interval=(long)iv*MULT;
p=interval+1;
ellipse(x,z,iv,x1,z1,x2,z2); /* (x1,z1) = iv.MULT.P */
nres_moddiv(x1,z1,fvw); /* fvw = x1/z1 */
nres_modsub(fvw,fu[p%MULT],q);
marks(interval);
btch*=100;
i++;
continue;
}
pa=p;
while ((LIMIT1/p) > pa) pa*=p;
ellipse(x,z,(int)pa,x1,z1,x2,z2);
copy(x1,x);
copy(z1,z);
copy(z,q);
}
else
{ /* phase 2 - looking for last large prime factor of (p+1+d) */
p+=2;
pos=(int)(p%MULT);
if (pos>MULT/2)
{ /* increment giant step */
iv++;
interval=(long)iv*MULT;
p=interval+1;
marks(interval);
pos=1;
nres_moddiv(x2,z2,fvw);
nres_modadd(x2,z2,s2);
nres_modsub(x2,z2,d2);
addition(x1,z1,s2,d2,xt,zt,x,z);
copy(x2,x1);
copy(z2,z1);
copy(x,x2);
copy(z,z2);
}
if (!cp[pos]) continue;
/* if neither interval +/- pos is prime, don't bother */
if (!plus[pos] && !minus[pos]) continue;
nres_modsub(fvw,fu[pos],t);
nres_modmult(q,t,q);
}
if (i++%btch==0)
{ /* try for a solution */
printf("\b\b\b\b\b\b\b\b%8ld",p);
fflush(stdout);
egcd(q,n,t);
if (size(t)==1)
{
if (p>LIMIT2) break;
else continue;
}
if (compare(t,n)==0)
{
printf("\ndegenerate case");
break;
}
printf("\nfactors are\n");
if (isprime(t)) printf("prime factor ");
else printf("composite factor ");
cotnum(t,stdout);
divide(n,t,n);
if (isprime(n)) printf("prime factor ");
else printf("composite factor ");
cotnum(n,stdout);
return 0;
}
}
if (nc>NCURVES) break;
printf("\ntrying a different curve %d\n",nc);
}
printf("\nfailed to factor\n");
return 0;
}
int main()
{ /* factoring program using Brents method */
long k,r,i,m,iter;
big x,y,z,n,q,ys,c3;
miracl *mip=mirsys(50,0);
x=mirvar(mip,0);
y=mirvar(mip,0);
ys=mirvar(mip,0);
z=mirvar(mip,0);
n=mirvar(mip,0);
q=mirvar(mip,0);
c3=mirvar(mip,3);
printf("input number to be factored\n");
cinnum(mip,n,stdin);
if (isprime(mip,n))
{
printf("this number is prime!\n");
return 0;
}
m=10L;
r=1L;
iter=0L;
do
{
printf("iterations=%5ld",iter);
convert(mip,1,q);
do
{
copy(y,x);
for (i=1L;i<=r;i++)
mad(mip,y,y,c3,n,n,y);
k=0;
do
{
iter++;
if (iter%10==0) printf("\b\b\b\b\b%5ld",iter);
fflush(stdout);
copy(y,ys);
for (i=1L;i<=mr_min(m,r-k);i++)
{
mad(mip,y,y,c3,n,n,y);
subtract(mip,y,x,z);
mad(mip,z,q,q,n,n,q);
}
egcd(mip,q,n,z);
k+=m;
} while (k<r && size(z)==1);
r*=2;
} while (size(z)==1);
if (compare(z,n)==0) do
{ /* back-track */
mad(mip,ys,ys,c3,n,n,ys);
subtract(mip,ys,x,z);
} while (egcd(mip,z,n,z)==1);
if (!isprime(mip,z))
printf("\ncomposite factor ");
else printf("\nprime factor ");
cotnum(mip,z,stdout);
if (compare(z,n)==0) return 0;
divide(mip,n,z,n);
divide(mip,y,n,n);
} while (!isprime(mip,n));
printf("prime factor ");
cotnum(mip,n,stdout);
return 0;
}
int main()
{
FILE *fp;
big q,p,p1,h,t,g,low,high;
big pool[POOL_SIZE];
BOOL fail;
int i,j,p1bits,np;
long seed,m,permutation;
miracl *mip=mirsys(100,0);
q=mirvar(0);
p=mirvar(0);
h=mirvar(0);
t=mirvar(0);
g=mirvar(0);
p1=mirvar(0);
low=mirvar(0);
high=mirvar(0);
gprime(10000);
/* randomise */
printf("Enter 9 digit random number seed = ");
scanf("%ld",&seed);
getchar();
irand(seed);
p1bits=PBITS-QBITS-1;
/* find number of primes pa, pb, pc etc., that will be needed */
np=1;
while (p1bits/np >= OBITS) np++;
np--;
/* find the high/low limits for these primes, so that
the generated prime p will be exactly PBITS in length */
expb2(p1bits-1,t);
nroot(t,np,low); /* np-th integer root */
incr(low,1,low);
premult(t,2,t);
decr(t,1,t);
nroot(t,np,high);
subtract(high,low,t); /* raise low limit up to half-way... */
subdiv(t,2,t);
subtract(high,t,low);
/* generate q */
forever
{ /* make sure leading two bits of q 11... */
expb2(QBITS,q);
bigbits(QBITS-2,t);
subtract(q,t,q);
nxprime(q,q);
if (logb2(q)>QBITS) continue;
break;
}
printf("q= (%d bits)\n",logb2(q));
cotnum(q,stdout);
/* generate prime pool from which permutations of np
primes will be picked until a Lim-Lee prime is found */
for (i=0;i<POOL_SIZE;i++)
{ /* generate the primes pa, pb, pc etc.. */
pool[i]=mirvar(0);
forever
{
bigrand(high,p1);
if (mr_compare(p1,low)<0) continue;
nxprime(p1,p1);
if (mr_compare(p1,high)>0) continue;
copy(p1,pool[i]);
break;
}
}
/* The '1' bits in the permutation indicate which primes are
picked from the pool. If np=5, start at 11111, then 101111 etc */
permutation=1L;
for (i=0;i<np;i++) permutation<<=1;
permutation-=1; /* permuation = 2^np-1 */
/* generate p */
fail=FALSE;
forever
{
convert(1,p1);
for (i=j=0,m=1L;j<np;i++,m<<=1)
{
if (i>=POOL_SIZE)
{ /* ran out of primes... */
fail=TRUE;
break;
}
if (m&permutation)
{
multiply(p1,pool[i],p1);
j++;
}
}
if (fail) break;
printf(".");
premult(q,2,p);
multiply(p,p1,p);
incr(p,1,p);
permutation=increment(permutation);
if (logb2(p)!=PBITS) continue;
if (isprime(p)) break;
}
if (fail)
{
printf("\nFailed - very unlikely! - try increasing POOL_SIZE\n");
return 0;
}
printf("\np= (%d bits)\n",logb2(p));
cotnum(p,stdout);
/* finally find g */
do {
decr(p,1,t);
bigrand(t,h);
divide(t,q,t);
powmod(h,t,p,g);
} while(size(g)==1);
printf("g= (%d bits)\n",logb2(g));
cotnum(g,stdout);
fp=fopen("common.dss","wt");
fprintf(fp,"%d\n",PBITS);
mip->IOBASE=16;
cotnum(p,fp);
cotnum(q,fp);
cotnum(g,fp);
fclose(fp);
return 0;
}