/** \brief 整系数多项式的容度.
\param f 整系数多项式.
\param r 整数容度,包含正负号,使得本原部分lc为正整数.
*/
void UniContZ(mpz_ptr r,const poly_z & f)
{
if(f.size()==0)
{
mpz_set_ui(r,1);
return ;
}
mpz_set(r,f[f.size()-1]);
if(f.size()==1)
{
return ;
}
int sign;
sign=mpz_sgn(r);
mpz_gcd(r,f[0],f[1]);
if(mpz_cmp_ui(r,1)==0)
{
if(sign<0)mpz_neg(r,r);
return ;
}
for(uint i=2;i<f.size();i++)
{
mpz_gcd(r,r,f[i]);
if(mpz_cmp_ui(r,1)==0)
{
if(sign<0)mpz_neg(r,r);
return ;
}
}
if(sign<0)mpz_neg(r,r);
return ;
}
int
main (int argc, char *argv[])
{
gmp_randstate_t rs;
mpz_t x, y, z;
unsigned long int m, n, i, niter, t0, ti;
double t, f, ops_per_sec;
int decimals;
if (argc != 3)
{
fprintf (stderr, "usage: %s m n\n", argv[0]);
fprintf (stderr, " where m and n are number of bits in numbers tested\n");
return -1;
}
m = atoi (argv[1]);
n = atoi (argv[2]);
gmp_randinit_default (rs);
mpz_init (x);
mpz_init (y);
mpz_init (z);
mpz_urandomb (x, rs, m);
mpz_urandomb (y, rs, n);
printf ("Calibrating CPU speed..."); fflush (stdout);
TIME (t, mpz_gcd (z, x, y));
printf ("done\n");
niter = 1 + (unsigned long) (1e4 / t);
printf ("Multiplying %lu-bit number with %lu-bit number %lu times...",
m, n, niter);
fflush (stdout);
t0 = cputime ();
for (i = niter; i > 0; i--)
{
mpz_gcd (z, x, y);
}
ti = cputime () - t0;
printf ("done!\n");
ops_per_sec = 1000.0 * niter / ti;
f = 100.0;
for (decimals = 0;; decimals++)
{
if (ops_per_sec > f)
break;
f = f * 0.1;
}
printf ("RESULT: %.*f operations per second\n", decimals, ops_per_sec);
return 0;
}
// Factor using Pollard's p-1 method
int _factor_pollard_pm1_method(mpz_class &rop, const mpz_class &n,
const mpz_class &c, unsigned B)
{
if (n < 4 || B < 3)
throw std::runtime_error("Require n > 3 and B > 2 to use Pollard's p-1 method");
mpz_class m, g, _c;
_c = c;
Sieve::iterator pi(B);
unsigned p;
while ((p = pi.next_prime()) <= B)
{
m = 1;
// calculate log(p, B), this can be improved
while (m <= B / p) {
m = m * p;
}
mpz_powm(g.get_mpz_t(), _c.get_mpz_t(), m.get_mpz_t(), n.get_mpz_t());
mpz_set(_c.get_mpz_t(), g.get_mpz_t());
}
_c = _c - 1;
mpz_gcd(rop.get_mpz_t(), _c.get_mpz_t(), n.get_mpz_t());
if (rop == 1 || rop == n)
return 0;
else
return 1;
}
void pollard(mpz_t x_1, mpz_t x_2, mpz_t d, mpz_t n, int init, int c, int counter)
{
if(mpz_divisible_ui_p(n, 2)) {
mpz_set_ui(d, 2);
return;
}
mpz_set_ui(x_1, init);
NEXT_VALUE(x_1, x_1, n, c);
NEXT_VALUE(x_2, x_1, n, c);
mpz_set_ui(d, 1);
while (mpz_cmp_ui(d, 1) == 0) {
NEXT_VALUE(x_1, x_1, n, c);
NEXT_VALUE(x_2, x_2, n, c);
NEXT_VALUE(x_2, x_2, n, c);
mpz_sub(d, x_2, x_1);
mpz_abs(d, d);
mpz_gcd(d, d, n);
if (counter < 0) {
mpz_set_ui(d, 0);
return;
} else {
--counter;
}
}
if(mpz_cmp(d, n) == 0) {
return pollard(x_1, x_2, d, n, primes[RAND], primes[RAND], counter);
}
}
// gcd = gcd(a,b) greatest common divisor
// ppg = ppg(a,b) prime powers in a greater than those in b
// pple = pple(a,b) prime powers in a less than or equal to those in b
//
//
//
// Algorithm 11.4 [PDF page 14](http://cr.yp.to/lineartime/dcba-20040404.pdf)
//
// See [gcdppgpple test](test-gcdppgpple.html) for basic usage.
void gcd_ppg_pple(mpz_t gcd, mpz_t ppg, mpz_t pple, const mpz_t a, const mpz_t b) {
mpz_t g;
mpz_init(g);
mpz_gcd(pple, a, b);
mpz_set(gcd, pple);
mpz_fdiv_q(ppg, a, pple);
while(1) {
mpz_gcd(g, ppg, pple);
if (mpz_cmp_ui(g, 1) == 0) {
mpz_clear(g);
return;
}
mpz_mul(ppg, ppg, g);
mpz_fdiv_q(pple, pple, g);
}
}
// gcd = gcd(a,b) greatest common divisor
// ppi = ppi(a,b) powers in a of primes inside b
// ppo = ppo(a,b) powers in a of primes outside b
//
//
//
// Algorithm 11.3 [PDF page 14](http://cr.yp.to/lineartime/dcba-20040404.pdf)
//
// See [gcdppippo test](test-gcdppippo.html) for basic usage.
void gcd_ppi_ppo(mpz_t gcd, mpz_t ppi, mpz_t ppo, const mpz_t a, const mpz_t b) {
mpz_t g;
mpz_init(g);
mpz_gcd(ppi, a, b);
mpz_set(gcd, ppi);
mpz_fdiv_q(ppo, a, ppi);
while(1) {
mpz_gcd(g, ppi, ppo);
if (mpz_cmp_ui(g, 1) == 0) {
mpz_clear(g);
return;
}
mpz_mul(ppi, ppi, g);
mpz_fdiv_q(ppo, ppo, g);
}
}
/* Division */
Rational bignum_div(Bignum _n, Bignum _m)
{
mpz_t n, m, tmp;
*n = *theBIGNUM(_n);
*m = *theBIGNUM(_m);
mpz_init(tmp);
mpz_mod(tmp, n, m);
/* Divided evenly */
if (mpz_sgn(tmp) == 0) {
mpz_cdiv_q(tmp, n, m);
return make_bignum(tmp);
} else {
mpz_t q;
ratio_t r;
mpz_gcd(tmp, n, m);
r = malloc(sizeof(struct ratio_t));
mpz_cdiv_q(q, n, tmp);
r->numerator = make_bignum(q);
mpz_cdiv_q(q, m, tmp);
r->denominator = make_bignum(q);
return make_ratio(r);
}
}
void genpair(){
bool hitmax = FALSE;
impossible = FALSE;
ranGen(max1);
if(mpz_cmp(rndm, min1) < 0)
mpz_add(rndm, rndm, min1);
mpz_set(num1, rndm);
ranGen(max2);
if(mpz_cmp(rndm, min2) < 0)
mpz_add(rndm, rndm, min2);
mpz_set(num2, rndm);
do{
mpz_gcd(_gcd, num1, num2);
if(!mpz_cmp_ui(_gcd, 1)){
rprime = TRUE;
}else{
if(!mpz_cmp(num2, max2)){
if(!hitmax){
mpz_set(num2, min2);
hitmax = TRUE;
}else{
impossible = TRUE;
}
}
mpz_add_ui(num2, num2, 1);
}
}while(!rprime && !impossible);
rprime = FALSE;
}
void ARingZZGMP::syzygy(const ElementType& a, const ElementType& b,
ElementType& x, ElementType& y) const
{
M2_ASSERT(!is_zero(b));
// First check the special cases a = 0, b = 1, -1. Other cases: use gcd.
if (is_zero(a))
{
set_from_long(x, 1);
set_zero(y);
return;
}
if (mpz_cmp_ui(&b,1) == 0)
{
set_from_long(x, 1);
negate(y, a);
return;
}
if (mpz_cmp_si(&b,-1) == 0)
{
set_from_long(x, 1);
set(y, a);
return;
}
elem g;
init(g);
mpz_gcd(&g,&a,&b);
divide(y,a,g);
divide(x,b,g);
if (mpz_sgn(&x) > 0)
negate(y,y);
else
negate(x,x);
clear(g);
}
damgard_jurik_ciphertext_t* damgard_jurik::encrypt(damgard_jurik_plaintext_t* pt, unsigned long s) {
mpz_t r;
gmp_randstate_t rand;
mpz_t x;
mpz_t gc;
damgard_jurik_ciphertext_t *res = new damgard_jurik_ciphertext_t();
/* pick random blinding factor */
mpz_init(r);
mpz_init(gc);
init_rand(rand, pubkey->bits / 8 + 1);
do {
mpz_urandomb(r, rand, pubkey->bits);
mpz_gcd(gc, r, pubkey->n);
}while( mpz_cmp(r, pubkey->n) >= 0 || mpz_cmp_ui(gc, 1) > 0 || mpz_cmp_ui(r, 0) == 0);
mpz_init(x);
// mpz_powm(res->text, pubkey->g, pt->text, pubkey->n_j[s + 1]);
compute_exp(&res->text, &pt->text, s);
mpz_powm(x, r, pubkey->n_j[s], pubkey->n_j[s + 1]);
mpz_mul(res->text, res->text, x);
mpz_mod(res->text, res->text, pubkey->n_j[s + 1]);
mpz_set(res->n_s, pubkey->n_j[s + 1]);
res->s = s;
mpz_clear(x);
mpz_clear(r);
gmp_randclear(rand);
return res;
}
cl_object
_ecl_big_gcd(cl_object a, cl_object b)
{
cl_object z = _ecl_big_register0();
mpz_gcd(z->big.big_num, a->big.big_num, b->big.big_num);
return _ecl_big_register_normalize(z);
}
void eu065(char *ans) {
int N = 99;
mpz_t n, d, r;
mpz_init(n);
mpz_init(d);
mpz_init(r);
mpz_set_ui(n, eterm(N));
mpz_set_ui(d, 1);
for (int i = N-1; i >= 0; i--) {
mpz_swap(n, d);
int t = eterm(i);
mpz_addmul_ui(n, d, t);
mpz_gcd(r, n, d);
mpz_div(n, n, r);
mpz_div(d, d, r);
}
sprintf(ans, "%d", digitsum(n));
mpz_clear(r);
mpz_clear(d);
mpz_clear(n);
}
void damgard_jurik::encrypt(damgard_jurik_ciphertext_t **list, damgard_jurik_plaintext_t **text, unsigned long s, int size) {
mpz_t r;
gmp_randstate_t rand;
mpz_t x;
mpz_t gc;
/* pick random blinding factor */
mpz_init(r);
mpz_init(gc);
init_rand(rand, pubkey->bits / 8 + 1);
do {
mpz_urandomb(r, rand, pubkey->bits);
mpz_gcd(gc, r, pubkey->n);
}while (mpz_cmp(r, pubkey->n) >= 0 || mpz_cmp_ui(gc, 1) > 0 || mpz_cmp_ui(r, 0) == 0);
mpz_init(x);
mpz_powm(x, r, pubkey->n_j[s], pubkey->n_j[s + 1]);
for (int i = 0; i < size; i++) {
list[i] = new damgard_jurik_ciphertext_t();
// mpz_powm(list[i]->text, pubkey->g, text[i]->text, pubkey->n_j[s + 1]);
compute_exp(&list[i]->text, &text[i]->text, s);
mpz_mul(list[i]->text, list[i]->text, x);
mpz_mod(list[i]->text, list[i]->text, pubkey->n_j[s + 1]);
mpz_set(list[i]->n_s, pubkey->n_j[s + 1]);
list[i]->s = s;
}
mpz_clear(x);
mpz_clear(r);
gmp_randclear(rand);
}
/* Verify that the factor reduction hasn't broken anything */
static void verify_factor_array(mpz_t n, mpz_t* farray, int nfacs)
{
int i, j;
mpz_t t;
mpz_init_set_ui(t, 1);
/* Assert we don't have duplicates */
for (i = 0; i < nfacs; i++) {
for (j = i+1; j < nfacs; j++) {
if (mpz_cmp(farray[i],farray[j]) == 0) { gmp_printf("duplicate: F[%d] = F[%d] = %Zd\n", i, j, farray[i]); croak("assert"); }
}
}
/* Assert that all factors multiply to n */
for (i = 0; i < nfacs; i++)
mpz_mul(t, t, farray[i]);
if (mpz_cmp(t, n) != 0) { gmp_printf("farray doesn't multiply: n=%Zd t=%Zd\n", n, t); croak("assert"); }
/* Assert that gcd of each non-identical factor is 1 */
for (i = 0; i < nfacs; i++) {
for (j = i+1; j < nfacs; j++) {
if (mpz_cmp(farray[i],farray[j]) != 0) {
mpz_gcd(t, farray[i], farray[j]);
if (mpz_cmp_ui(t, 1) != 0) { gmp_printf("gcd: farray[%d] = %Zd farray[%d] = %Zd\n", i, farray[i], j, farray[j]); croak("assert"); }
}
}
}
mpz_clear(t);
}
// Factor using Pollard's rho method
int _factor_pollard_rho_method(mpz_class &rop, const mpz_class &n,
const mpz_class &a, const mpz_class &s, unsigned steps = 10000)
{
if (n < 5)
throw std::runtime_error("Require n > 4 to use pollard's-rho method");
mpz_class u, v, g, m;
u = s;
v = s;
for (unsigned i = 0; i < steps; i++) {
u = (u*u + a) % n;
v = (v*v + a) % n;
v = (v*v + a) % n;
m = u - v;
mpz_gcd(g.get_mpz_t(), m.get_mpz_t(), n.get_mpz_t());
if (g == n)
return 0;
if (g == 1)
continue;
rop = g;
return 1;
}
return 0;
}
int prho(mpz_t factor1, mpz_t factor2, mpz_t n, long c, long maxIts)
/* It is assumed that the input is composite. */
{ static mpz_t a, b, oldA, oldB, tmp, tmp2;
static int initialized=0;
long i, its;
if (!(initialized)) {
mpz_init(a); mpz_init(b); mpz_init(tmp); mpz_init(tmp2);
mpz_init(oldA); mpz_init(oldB);
initialized=1;
}
if (c<1) c=1;
if (c>0x000000FF) c &= 0x000000FF;
mpz_set_ui(a, 1);
mpz_set_ui(b, 1);
its=0;
do {
mpz_set(oldA, a); mpz_set(oldB, b);
mpz_set_ui(tmp2, 1);
for (i=25; i>0; i--) {
mpz_mul(tmp, a, a); mpz_add_ui(tmp, tmp, c); mpz_mod(a, tmp, n);
mpz_mul(tmp, b, b); mpz_add_ui(tmp, tmp, c); mpz_mod(b, tmp, n);
mpz_mul(tmp, b, b); mpz_add_ui(tmp, tmp, c); mpz_mod(b, tmp, n);
mpz_sub(tmp, a, b); mpz_mul(tmp2, tmp2, tmp); mpz_mod(tmp2, tmp2, n);
}
its += 25;
mpz_gcd(tmp, tmp2, n);
} while ((mpz_cmp_ui(tmp, 1)==0) && (its<maxIts));
if (its >= maxIts) return -1;
if (mpz_cmp(tmp, n) == 0) {
mpz_set(a, oldA); mpz_set(b, oldB);
do {
mpz_mul(tmp, a, a); mpz_add_ui(tmp, tmp, c); mpz_mod(a, tmp, n);
mpz_mul(tmp, b, b); mpz_add_ui(tmp, tmp, c); mpz_mod(b, tmp, n);
mpz_mul(tmp, b, b); mpz_add_ui(tmp, tmp, c); mpz_mod(b, tmp, n);
mpz_sub(tmp, a, b);
mpz_gcd(tmp, tmp, n);
} while (mpz_cmp_ui(tmp, 1)==0);
}
if (mpz_cmp(tmp, n) < 0) {
mpz_set(factor1, tmp);
mpz_div(factor2, n, factor1);
return 0;
}
return -1; /* Unknown failure. */
}
/* gcd */
static int gcd(void *a, void *b, void *c)
{
LTC_ARGCHK(a != NULL);
LTC_ARGCHK(b != NULL);
LTC_ARGCHK(c != NULL);
mpz_gcd(c, a, b);
return CRYPT_OK;
}
// Basic number theoretic functions
RCP<const Integer> gcd(const Integer &a, const Integer &b)
{
mpz_class g;
mpz_gcd(g.get_mpz_t(), a.as_mpz().get_mpz_t(), b.as_mpz().get_mpz_t());
return integer(g);
}
/* *************************************************************************
* mpz_euler_prp: (also called a Solovay-Strassen pseudoprime)
* An "Euler pseudoprime" to the base a is an odd composite number n with,
* (a,n)=1 such that a^((n-1)/2)=(a/n) mod n [(a/n) is the Jacobi symbol]
* *************************************************************************/
int mpz_euler_prp(mpz_t n, mpz_t a)
{
mpz_t res;
mpz_t exp;
int ret = 0;
if (mpz_cmp_ui(a, 2) < 0)
return PRP_ERROR;
if (mpz_cmp_ui(n, 2) < 0)
return PRP_COMPOSITE;
if (mpz_divisible_ui_p(n, 2))
{
if (mpz_cmp_ui(n, 2) == 0)
return PRP_PRIME;
else
return PRP_COMPOSITE;
}
mpz_init_set_ui(res, 0);
mpz_gcd(res, n, a);
if (mpz_cmp_ui(res, 1) > 0)
{
mpz_clear(res);
return PRP_COMPOSITE;
}
mpz_init_set(exp, n);
mpz_sub_ui(exp, exp, 1); /* exp = n-1 */
mpz_divexact_ui(exp, exp, 2); /* exp = (n-1)/2 */
mpz_powm(res, a, exp, n);
/* reuse exp to calculate jacobi(a,n) mod n */
ret = mpz_jacobi(a,n);
mpz_set(exp, n);
if (ret == -1)
mpz_sub_ui(exp, exp, 1);
else if (ret == 1)
mpz_add_ui(exp, exp, 1);
mpz_mod(exp, exp, n);
if (mpz_cmp(res, exp) == 0)
{
mpz_clear(res);
mpz_clear(exp);
return PRP_PRP;
}
else
{
mpz_clear(res);
mpz_clear(exp);
return PRP_COMPOSITE;
}
}/* method mpz_euler_prp */
mpz_class
gcd<mpz_class>(const mpz_class &a, const mpz_class &b)
{
mpz_class result;
mpz_gcd(result.get_mpz_t(), a.get_mpz_t(), b.get_mpz_t());
return result;
}
void
mpz_lcm (mpz_ptr r, mpz_srcptr u, mpz_srcptr v)
{
mpz_t g;
mp_size_t usize, vsize;
TMP_DECL;
usize = SIZ (u);
vsize = SIZ (v);
if (usize == 0 || vsize == 0)
{
SIZ (r) = 0;
return;
}
usize = ABS (usize);
vsize = ABS (vsize);
if (vsize == 1 || usize == 1)
{
mp_limb_t vl, gl, c;
mp_srcptr up;
mp_ptr rp;
if (usize == 1)
{
usize = vsize;
MPZ_SRCPTR_SWAP (u, v);
}
MPZ_REALLOC (r, usize+1);
up = PTR(u);
vl = PTR(v)[0];
gl = mpn_gcd_1 (up, usize, vl);
vl /= gl;
rp = PTR(r);
c = mpn_mul_1 (rp, up, usize, vl);
rp[usize] = c;
usize += (c != 0);
SIZ(r) = usize;
return;
}
TMP_MARK;
MPZ_TMP_INIT (g, usize); /* v != 0 implies |gcd(u,v)| <= |u| */
mpz_gcd (g, u, v);
mpz_divexact (g, u, g);
mpz_mul (r, g, v);
SIZ (r) = ABS (SIZ (r)); /* result always positive */
TMP_FREE;
}
// Factor using lehman method.
int _factor_lehman_method(mpz_class &rop, const mpz_class &n)
{
if (n < 21)
throw std::runtime_error("Require n >= 21 to use lehman method");
int ret_val = 0;
mpz_class u_bound;
mpz_root(u_bound.get_mpz_t(), n.get_mpz_t(), 3);
u_bound = u_bound + 1;
Sieve::iterator pi(u_bound.get_ui());
unsigned p;
while ((p = pi.next_prime()) <= u_bound.get_ui()) {
if (n % p == 0) {
rop = n / p;
ret_val = 1;
break;
}
}
if (!ret_val) {
mpz_class k, a, b, l;
mpf_class t;
k = 1;
while (k <= u_bound) {
t = 2 * sqrt(k * n);
mpz_set_f(a.get_mpz_t(), t.get_mpf_t());
mpz_root(b.get_mpz_t(), n.get_mpz_t(), 6);
mpz_root(l.get_mpz_t(), k.get_mpz_t(), 2);
b = b / (4 * l);
b = b + a;
while (a <= b) {
l = a * a - 4 * k * n;
if (mpz_perfect_square_p(l.get_mpz_t())) {
mpz_sqrt(b.get_mpz_t(), l.get_mpz_t());
b = a + b;
mpz_gcd(rop.get_mpz_t(), n.get_mpz_t(), b.get_mpz_t());
ret_val = 1;
break;
}
a = a + 1;
}
if (ret_val)
break;
k = k + 1;
}
}
return ret_val;
}
static PyObject *
GMPy_MPZ_Function_GCD(PyObject *self, PyObject *args)
{
PyObject *arg0, *arg1;
MPZ_Object *result = NULL, *tempa = NULL, *tempb = NULL;
if (PyTuple_GET_SIZE(args) != 2) {
TYPE_ERROR("gcd() requires 'mpz','mpz' arguments");
return NULL;
}
if (!(result = GMPy_MPZ_New(NULL))) {
/* LCOV_EXCL_START */
return NULL;
/* LCOV_EXCL_STOP */
}
arg0 = PyTuple_GET_ITEM(args, 0);
arg1 = PyTuple_GET_ITEM(args, 1);
if (MPZ_Check(arg0) && MPZ_Check(arg1)) {
mpz_gcd(result->z, MPZ(arg0), MPZ(arg1));
}
else {
if (!(tempa = GMPy_MPZ_From_Integer(arg0, NULL)) ||
!(tempb = GMPy_MPZ_From_Integer(arg1, NULL))) {
TYPE_ERROR("gcd() requires 'mpz','mpz' arguments");
Py_XDECREF((PyObject*)tempa);
Py_XDECREF((PyObject*)tempb);
Py_DECREF((PyObject*)result);
return NULL;
}
mpz_gcd(result->z, tempa->z, tempb->z);
Py_DECREF((PyObject*)tempa);
Py_DECREF((PyObject*)tempb);
}
return (PyObject*)result;
}
static void rho(mpz_t R, mpz_t N)
{
mpz_t divisor;
mpz_t c;
mpz_t x;
mpz_t xx;
mpz_t abs;
mpz_init(divisor);
mpz_init(c);
mpz_init(x);
mpz_init(xx);
mpz_init(abs);
mpz_urandomm(c, randstate, N);
mpz_urandomm(x, randstate, N);
mpz_set(xx, x);
/* check divisibility by 2 */
if (mpz_divisible_p(N, two)) {
mpz_set(R, two);
return;
}
do {
/* Do this with x */
mpz_mul(x, x, x);
mpz_mod(x, x, N);
mpz_add(x, x, c);
mpz_mod(x, x, N);
/* First time with xx */
mpz_mul(xx, xx, xx);
mpz_mod(xx, xx, N);
mpz_add(xx, xx, c);
mpz_mod(xx, xx, N);
/* Second time with xx */
mpz_mul(xx, xx, xx);
mpz_mod(xx, xx, N);
mpz_add(xx, xx, c);
mpz_mod(xx, xx, N);
mpz_sub(abs, x, xx);
mpz_abs(abs, abs);
mpz_gcd(divisor, abs, N);
} while (mpz_cmp(divisor, one) == 0);
mpz_set(R, divisor);
}
void rsaKeyGen(rsapvk_t *pvk, rsapbk_t *pbk) {
// Temporary variable
mpz_t tmp;
mpz_init(tmp);
// Integer used for random numbers
if (!seed_initialized)
rnInit();
do {
mpz_urandomb(pvk->p, seed, RSA_KEY_SIZE);
} while (!mpz_probab_prime_p(pvk->p, NB_TURN));
do {
mpz_urandomb(pvk->q, seed, RSA_KEY_SIZE);
} while (!mpz_probab_prime_p(pvk->q, NB_TURN));
// Initialize keys
mpz_mul(pbk->n, pvk->p, pvk->q);
mpz_set(pvk->n, pbk->n);
// Compute phi = (p-1)(q-1) = q(p-1) - (p-1)
// I don't compute p-1 and q-1 to avoid many initializations
mpz_sub_ui(tmp, pvk->p, 1);
mpz_mul(pvk->phi, pvk->q, tmp);
mpz_sub(pvk->phi, pvk->phi, tmp);
// Find a random number prime with phi
do {
mpz_urandomb(pbk->pbk, seed, RSA_KEY_SIZE);
mpz_gcd(tmp, pbk->pbk, pvk->phi);
} while (mpz_cmp_ui(tmp, 1));
// Compute pvk
mpz_invert(pvk->pvk, pbk->pbk, pvk->phi);
// Compute k
mpz_set_ui(tmp, NB_CHAR);
pvk->k = 0;
while (mpz_cmp(tmp, pbk->n) < 0) {
mpz_mul_ui(tmp, tmp, NB_CHAR);
pvk->k ++;
}
pvk->k --;
pbk->k = pvk->k;
// Clearing variables
mpz_clear(tmp);
}
/* p <- gcd(n, l[0]*l[1]*...*l[k-1],
returns non-zero iff p is non trivial.
Clobbers l[0] */
int
list_gcd (mpz_t p, listz_t l, unsigned int k, mpz_t n)
{
unsigned int i;
for (i = 1; i < k; i++)
{
mpz_mul (l[0], l[0], l[i]);
mpz_mod (l[0], l[0], n);
}
mpz_gcd (p, l[0], n);
return mpz_cmp_ui (p, 1);
}
void QtGMP::gcd()
{
QString s("");
mpz_t aa,bb,cc;
char *str=0;
mpz_init(cc);
mpz_init_set_str(aa,qPrintable(this->lineEdit1->text()),10);
mpz_init_set_str(bb,qPrintable(this->lineEdit2->text()),10);
mpz_gcd(cc,aa,bb);
// gmp_printf("A:\t%Zd\nB:\t%Zd\nGCD(A,B):\t%Zd\n\n\n",aa,bb,cc);
s.sprintf("A:\t%s\nB:\t%s\nGCD(A,B):\t%s\n",mpz_get_str(str,10,aa),mpz_get_str(str,10,bb),mpz_get_str(str,10,cc));
this->textEdit->setText(s);
mpz_clears(aa,bb,cc,'\0');
}
mp_size_t
integer_gmp_mpn_gcd(mp_limb_t r[],
const mp_limb_t x0[], const mp_size_t xn,
const mp_limb_t y0[], const mp_size_t yn)
{
assert (xn >= yn);
assert (yn > 0);
assert (xn == yn || yn > 1 || y0[0] != 0);
/* post-condition: rn <= xn */
if (yn == 1) {
if (y0[0]) {
r[0] = integer_gmp_mpn_gcd_1(x0, xn, y0[0]);
return 1;
} else { /* {y0,yn} == 0 */
assert (xn==yn); /* NB: redundant assertion */
memcpy(r, x0, xn*sizeof(mp_limb_t));
return xn;
}
} else {
// mpn_gcd() seems to require non-trivial normalization of its
// input arguments (which does not seem to be documented anywhere,
// see source of mpz_gcd() for more details), so we resort to just
// use mpz_gcd() which does the tiresome normalization for us at
// the cost of a few additional temporary buffer allocations in
// C-land.
const mpz_t op1 = CONST_MPZ_INIT(x0, xn);
const mpz_t op2 = CONST_MPZ_INIT(y0, yn);
mpz_t rop;
mpz_init (rop);
mpz_gcd(rop, op1, op2);
const mp_size_t rn = rop[0]._mp_size;
assert(rn > 0);
assert(rn <= xn);
/* the allocation/memcpy of the result can be neglectable since
mpz_gcd() already has to allocate other temporary buffers
anyway */
memcpy(r, rop[0]._mp_d, rn*sizeof(mp_limb_t));
mpz_clear(rop);
return rn;
}
}
int pollardsRho(mpz_t *n)
{
mpz_t myN, x_fixed, cycle_size, x, factor, count, tmp;
long counter = 0;
int status = FAIL;
printf("Trying Pollards rho\n");
mpz_init_set(myN, *n);
mpz_init_set_ui(x_fixed, POLRHOXFIXED); mpz_init_set_ui(cycle_size, POLRHOCYCLESIZE);
mpz_init_set_ui(x, POLRHOX); mpz_init_set_ui(factor, POLRHOFACTOR);
mpz_init(tmp); mpz_init(count);
while (counter < POLRHOMAX)
{
mpz_set_ui(count, 1);
while (mpz_cmp(count, cycle_size) <= 0 && mpz_cmp_ui(factor, 1) <= 0)
{
mpz_mul(x, x, x); //x = (x*x+1)%number;
mpz_add_ui(x, x, 1);
mpz_mod(x, x, myN);
mpz_sub(tmp, x, x_fixed); //factor = gcd(x - x_fixed, number);
mpz_gcd(factor, tmp, myN);
mpz_add_ui(count, count, 1);
}
if (mpz_cmp_ui(factor, 1) > 0)
{
printWin(&factor, "Pollards rho");
status = WIN;
break;
}
mpz_mul_ui(cycle_size, cycle_size, 2); //cycle_size *= 2;
mpz_set(x_fixed, x);
counter += 1;
}
mpz_clear(myN);
mpz_clear(x_fixed); mpz_clear(cycle_size); mpz_clear(x);
mpz_clear(factor); mpz_clear(count); mpz_clear(tmp);
return status;
}
paillier_priv::paillier_priv (const bigint &pp, const bigint &qq,
const bigint *nn)
: paillier_pub ((nn ? *nn : (pp * qq))), p (pp), q (qq)
{
init ();
bigint p1 = p - 1;
bigint q1 = q - 1;
bigint kgcd;
mpz_gcd (&kgcd, &p1, &q1);
k = p1 * q1;
k /= kgcd;
}
