int pseudoprime( type n) { if (mod_exp(2, n-1, n) == 1){ if(n > 16) { if (mod_exp(rand()%n,n-1, n) == 1) return 1; } else { return 1; } } return 0; }
int rabin_miller_test(mpz_t n, mpz_t a) { mpz_t n_minus, d, a_power; int j, s = 0; /* d(n_minus) = n - 1 */ mpz_init(n_minus); mpz_sub_ui(n_minus,n,1); mpz_init_set(d,n_minus); while(mpz_even_p(d)) { mpz_fdiv_q_2exp(d, d, 1); s++; } /* a_power = a^d mod n */ mpz_init(a_power); mod_exp(a,d,n,a_power); if(mpz_cmp_ui(a_power,1) == 0) { mpz_clear(n_minus); mpz_clear(d); mpz_clear(a_power); return PRIME; } for (j = 0; j < s - 1; ++j) { if(mpz_cmp(a_power,n_minus) == 0) { mpz_clear(n_minus); mpz_clear(d); mpz_clear(a_power); return PRIME; } mod_exp_ui(a_power,2,n,a_power); /*mpz_powm_ui (a_power, a_power, 2, n);*/ } if(mpz_cmp(a_power,n_minus) == 0) { mpz_clear(n_minus); mpz_clear(d); mpz_clear(a_power); return PRIME; } mpz_clear(n_minus); mpz_clear(d); mpz_clear(a_power); return COMPOSITE; }
int main() { int z, n; ll m, a, b; scanf("%d", &z); while(z--){ scanf("%d", &m); scanf("%d", &n); ll ans = 0; for(int i=0; i<n; ++i){ scanf("%d %d", &a, &b); ans = (ans+mod_exp(a, b, m)) % m; } printf("%d\n", ans); } }
int main() { long long int sum, n, m; while (1) { scanf("%lld %lld", &n, &m); if ( n == 0 && m == 0) break; sum = 0; while (m > 0) { sum = sum + mod_exp(n,m); m--; } sum = sum % 1000000007; printf("%lld\n", sum); } return 0; }
int main() { unsigned long long a; unsigned long long p; while(scanf("%lld %lld",&p,&a) != EOF) { if(p == 0 && a == 0) break; if(is_prime(p)) printf("no\n"); else { if(mod_exp(a,p,p) == a) printf("yes\n"); else printf("no\n"); } } return 0; }
//miller-rabin bool miller_rabin(bint n, int times) { if(n==2)return 1; if(n<2||!(n&1))return 0; bint a, u=n-1, x, y; int t=0; while(u%2==0) { t++; u/=2; } srand(time(0)); for(int i=0; i<times; i++) { a = rand() % (n-1) + 1; x = mod_exp(a, u, n); for(int j=0; j<t; j++) { y = muti_mod(x, x, n); if ( y == 1 && x != 1 && x != n-1 ) return false; //must not x = y; } if( y!=1) return false; } return true; }
int witness(type a,type n) { type i; type t; type u; type x; type y; t = power2(n-1, &u); y = mod_exp(a, u, n); for (i = 0; i < t; i++) { x = mulmod(y,y,n) ; if (x == 1 && y != 1 && y != n-1) { return 1; } y = x; } if ( y != 1 ) { return 1; } return 0; }
int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, size_t len) { BIGNUM *f, *result; BN_CTX *ctx = NULL; unsigned blinding_index = 0; BN_BLINDING *blinding = NULL; int ret = 0; ctx = BN_CTX_new(); if (ctx == NULL) { goto err; } BN_CTX_start(ctx); f = BN_CTX_get(ctx); result = BN_CTX_get(ctx); if (f == NULL || result == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (BN_bin2bn(in, len, f) == NULL) { goto err; } if (BN_ucmp(f, rsa->n) >= 0) { /* Usually the padding functions would catch this. */ OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } if (!BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx)) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } /* We cannot do blinding or verification without |e|, and continuing without * those countermeasures is dangerous. However, the Java/Android RSA API * requires support for keys where only |d| and |n| (and not |e|) are known. * The callers that require that bad behavior set |RSA_FLAG_NO_BLINDING|. */ int disable_security = (rsa->flags & RSA_FLAG_NO_BLINDING) && rsa->e == NULL; if (!disable_security) { /* Keys without public exponents must have blinding explicitly disabled to * be used. */ if (rsa->e == NULL) { OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT); goto err; } blinding = rsa_blinding_get(rsa, &blinding_index, ctx); if (blinding == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } if (!BN_BLINDING_convert(f, blinding, rsa->e, rsa->mont_n, ctx)) { goto err; } } if (rsa->p != NULL && rsa->q != NULL && rsa->e != NULL && rsa->dmp1 != NULL && rsa->dmq1 != NULL && rsa->iqmp != NULL) { if (!mod_exp(result, f, rsa, ctx)) { goto err; } } else { BIGNUM local_d; BIGNUM *d = NULL; BN_init(&local_d); d = &local_d; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!BN_mod_exp_mont_consttime(result, f, d, rsa->n, ctx, rsa->mont_n)) { goto err; } } /* Verify the result to protect against fault attacks as described in the * 1997 paper "On the Importance of Checking Cryptographic Protocols for * Faults" by Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. Some * implementations do this only when the CRT is used, but we do it in all * cases. Section 6 of the aforementioned paper describes an attack that * works when the CRT isn't used. That attack is much less likely to succeed * than the CRT attack, but there have likely been improvements since 1997. * * This check is cheap assuming |e| is small; it almost always is. */ if (!disable_security) { BIGNUM *vrfy = BN_CTX_get(ctx); if (vrfy == NULL || !BN_mod_exp_mont(vrfy, result, rsa->e, rsa->n, ctx, rsa->mont_n) || !BN_equal_consttime(vrfy, f)) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } if (!BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) { goto err; } } if (!BN_bn2bin_padded(out, len, result)) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } ret = 1; err: if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); } if (blinding != NULL) { rsa_blinding_release(rsa, blinding, blinding_index); } return ret; }
int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, size_t len) { if (rsa->n == NULL || rsa->d == NULL) { OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); return 0; } BIGNUM *f, *result; BN_CTX *ctx = NULL; unsigned blinding_index = 0; BN_BLINDING *blinding = NULL; int ret = 0; ctx = BN_CTX_new(); if (ctx == NULL) { goto err; } BN_CTX_start(ctx); f = BN_CTX_get(ctx); result = BN_CTX_get(ctx); if (f == NULL || result == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (BN_bin2bn(in, len, f) == NULL) { goto err; } if (BN_ucmp(f, rsa->n) >= 0) { // Usually the padding functions would catch this. OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); goto err; } if (!freeze_private_key(rsa, ctx)) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } const int do_blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; if (rsa->e == NULL && do_blinding) { // We cannot do blinding or verification without |e|, and continuing without // those countermeasures is dangerous. However, the Java/Android RSA API // requires support for keys where only |d| and |n| (and not |e|) are known. // The callers that require that bad behavior set |RSA_FLAG_NO_BLINDING|. OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT); goto err; } if (do_blinding) { blinding = rsa_blinding_get(rsa, &blinding_index, ctx); if (blinding == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } if (!BN_BLINDING_convert(f, blinding, rsa->e, rsa->mont_n, ctx)) { goto err; } } if (rsa->p != NULL && rsa->q != NULL && rsa->e != NULL && rsa->dmp1 != NULL && rsa->dmq1 != NULL && rsa->iqmp != NULL) { if (!mod_exp(result, f, rsa, ctx)) { goto err; } } else if (!BN_mod_exp_mont_consttime(result, f, rsa->d_fixed, rsa->n, ctx, rsa->mont_n)) { goto err; } // Verify the result to protect against fault attacks as described in the // 1997 paper "On the Importance of Checking Cryptographic Protocols for // Faults" by Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. Some // implementations do this only when the CRT is used, but we do it in all // cases. Section 6 of the aforementioned paper describes an attack that // works when the CRT isn't used. That attack is much less likely to succeed // than the CRT attack, but there have likely been improvements since 1997. // // This check is cheap assuming |e| is small; it almost always is. if (rsa->e != NULL) { BIGNUM *vrfy = BN_CTX_get(ctx); if (vrfy == NULL || !BN_mod_exp_mont(vrfy, result, rsa->e, rsa->n, ctx, rsa->mont_n) || !BN_equal_consttime(vrfy, f)) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } } if (do_blinding && !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) { goto err; } // The computation should have left |result| as a maximally-wide number, so // that it and serializing does not leak information about the magnitude of // the result. // // See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. assert(result->width == rsa->mont_n->N.width); if (!BN_bn2bin_padded(out, len, result)) { OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } ret = 1; err: if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); } if (blinding != NULL) { rsa_blinding_release(rsa, blinding, blinding_index); } return ret; }
int main(){ int x = mod_mul(2, 5, 7); int y = mod_exp(2, 5, 7); printf("%d, %d\n", x, y); return 0; }