static GEN
bound_for_coeff(long m, GEN rr, GEN *maxroot)
{
long i,r1, lrr=lg(rr);
GEN p1,b1,b2,B,M, C = matpascal(m-1);
for (r1=1; r1 < lrr; r1++)
if (typ(rr[r1]) != t_REAL) break;
r1--;
rr = gabs(rr,0); *maxroot = vecmax(rr);
for (i=1; i<lrr; i++)
if (gcmp(gel(rr,i), gen_1) < 0) gel(rr,i) = gen_1;
for (b1=gen_1,i=1; i<=r1; i++) b1 = gmul(b1, gel(rr,i));
for (b2=gen_1 ; i<lrr; i++) b2 = gmul(b2, gel(rr,i));
B = gmul(b1, gsqr(b2)); /* Mahler measure */
M = cgetg(m+2, t_VEC); gel(M,1) = gel(M,2) = gen_0; /* unused */
for (i=1; i<m; i++)
{
p1 = gadd(gmul(gcoeff(C, m, i+1), B),/* binom(m-1, i) */
gcoeff(C, m, i)); /* binom(m-1, i-1) */
gel(M,i+2) = ceil_safe(p1);
}
return M;
}
int galoisTest(){
uint8_t a,b,c;
int isOk = true;
// Addition :
a = 0x01; b = 0x0A; c = 0x0B;
if((gadd(a,b) != c)){
printf("Galois addition failed\n");
isOk = false;
}
// Multiplication :
if((gmul(a,b) != b) || (gmul(0x02, 0x02)!=0x04) ){
printf("Galois multiplication failed\n");
isOk = false;
}
// Division :
if((gdiv(b,a) != b) || (gdiv(0x02, 0x02)!=0x01)){
printf("Galois division failed\n");
isOk = false;
}
return isOk;
}
static GEN
nf_chk_factors(nfcmbf_t *T, GEN P, GEN M_L, GEN famod, GEN pk)
{
GEN nf = T->nf, bound = T->bound;
GEN nfT = gel(nf,1);
long i, r;
GEN pol = P, list, piv, y;
GEN C2ltpol, C = T->L->topowden, Tpk = T->L->Tpk;
GEN lc = absi(leading_term(pol)), lt = is_pm1(lc)? NULL: lc;
GEN Clt = mul_content(C, lt);
GEN C2lt = mul_content(C,Clt);
piv = special_pivot(M_L);
if (!piv) return NULL;
if (DEBUGLEVEL>3) fprintferr("special_pivot output:\n%Z\n",piv);
r = lg(piv)-1;
list = cgetg(r+1, t_COL);
C2ltpol = C2lt? gmul(C2lt,pol): pol;
for (i = 1;;)
{
pari_sp av = avma;
if (DEBUGLEVEL)
fprintferr("nf_LLL_cmbf: checking factor %ld (avma - bot = %lu)\n",
i, avma - bot);
y = chk_factors_get(lt, famod, gel(piv,i), Tpk, pk);
if (DEBUGLEVEL>2) fprintferr("... mod p^k (avma - bot = %lu)\n", avma-bot);
if (! (y = nf_pol_lift(y, bound, T)) ) return NULL;
if (DEBUGLEVEL>2) fprintferr("... lifted (avma - bot = %lu)\n", avma-bot);
y = gerepilecopy(av, y);
/* y is the candidate factor */
pol = RgXQX_divrem(C2ltpol, y, nfT, ONLY_DIVIDES);
if (!pol) return NULL;
y = Q_primpart(y);
gel(list,i) = QXQX_normalize(y, nfT);
if (++i >= r) break;
if (C2lt) pol = Q_primpart(pol);
if (lt) lt = absi(leading_term(pol));
Clt = mul_content(C, lt);
C2lt = mul_content(C,Clt);
C2ltpol = C2lt? gmul(C2lt,pol): pol;
}
y = Q_primpart(pol);
gel(list,i) = QXQX_normalize(y, nfT); return list;
}
GEN
bnflogdegree(GEN nf, GEN A, GEN ell)
{
pari_sp av = avma;
GEN AZ, A0Z, NA0;
long vAZ;
if (typ(ell) != t_INT) pari_err_TYPE("bnflogdegree", ell);
nf = checknf(nf);
A = idealhnf(nf, A);
AZ = gcoeff(A,1,1);
vAZ = Z_pvalrem(AZ, ell, &A0Z);
if (is_pm1(A0Z))
NA0 = gen_1;
else
(void)Z_pvalrem(idealnorm(nf,A), ell, &NA0);
if (vAZ)
{
GEN Aell = ZM_hnfmodid(A, powiu(ell,vAZ));
GEN S = idealprimedec(nf, ell), T;
long l, i, s = 0;
T = padicfact(nf, S, 100);
l = lg(S);
for (i = 1; i < l; i++)
{
GEN P = gel(S,i);
long v = idealval(nf, Aell, P);
if (v) s += v * ftilde(nf, P, gel(T,i));
}
if (s) NA0 = gmul(NA0, gpowgs(ell1(ell), s));
}
return gerepileupto(av, NA0);
}
static trace_data *
init_trace(trace_data *T, GEN S, nflift_t *L, GEN q)
{
long e = gexpo(S), i,j, l,h;
GEN qgood, S1, invd;
if (e < 0) return NULL; /* S = 0 */
qgood = int2n(e - 32); /* single precision check */
if (cmpii(qgood, q) > 0) q = qgood;
S1 = gdivround(S, q);
if (gcmp0(S1)) return NULL;
invd = ginv(itor(L->den, DEFAULTPREC));
T->dPinvS = gmul(L->iprk, S);
l = lg(S);
h = lg(T->dPinvS[1]);
T->PinvSdbl = (double**)cgetg(l, t_MAT);
init_dalloc();
for (j = 1; j < l; j++)
{
double *t = dalloc(h * sizeof(double));
GEN c = gel(T->dPinvS,j);
pari_sp av = avma;
T->PinvSdbl[j] = t;
for (i=1; i < h; i++) t[i] = rtodbl(mpmul(invd, gel(c,i)));
avma = av;
}
T->d = L->den;
T->P1 = gdivround(L->prk, q);
T->S1 = S1; return T;
}
// mMul memory-wise
matrix* mMul(matrix a, matrix b){
int i, j, k;
matrix* resultMatrix;
uint8_t factor;
uint8_t *aVector, *bVector, *resVector;
// Check dimension correctness
if(a.nColumns != b.nRows){
printf("mMul : Error in Matrix dimensions. Cannot continue\n");
exit(1);
}
resultMatrix = mCreate(a.nRows, b.nColumns);
for(i = 0; i < resultMatrix->nRows; i++){
aVector = a.data[i];
resVector = resultMatrix->data[i];
for(j = 0; j < a.nColumns; j++){
factor = aVector[j];
if(factor != 0x00){
bVector = b.data[j];
for(k = 0; k < b.nColumns; k++){
resVector[k] = gadd(resVector[k], gmul(factor, bVector[k]));
}
}
}
}
return resultMatrix;
}
/* return B such that if x in O_K, K = Z[X]/(T), then the L2-norm of the
* coordinates of the numerator of x [on the power, resp. integral, basis if T
* is a polynomial, resp. an nf] is <= B T_2(x)
* *ptden = multiplicative bound for denom(x) */
static GEN
L2_bound(GEN T, GEN tozk, GEN *ptden)
{
GEN nf, M, L, prep, den;
long prec;
T = get_nfpol(T, &nf);
prec = ZX_get_prec(T) + ZM_get_prec(tozk);
den = nf? gen_1: NULL;
den = initgaloisborne(T, den, prec, &L, &prep, NULL);
M = vandermondeinverse(L, gmul(T, real_1(prec)), den, prep);
if (nf) M = gmul(tozk, M);
if (gcmp1(den)) den = NULL;
*ptden = den;
return QuickNormL2(M, DEFAULTPREC);
}
/* return a bound for T_2(P), P | polbase in C[X]
* NB: Mignotte bound: A | S ==>
* |a_i| <= binom(d-1, i-1) || S ||_2 + binom(d-1, i) lc(S)
*
* Apply to sigma(S) for all embeddings sigma, then take the L_2 norm over
* sigma, then take the sup over i.
**/
static GEN
nf_Mignotte_bound(GEN nf, GEN polbase)
{
GEN G = gmael(nf,5,2), lS = leading_term(polbase); /* t_INT */
GEN p1, C, N2, matGS, binlS, bin;
long prec, i, j, d = degpol(polbase), n = degpol(nf[1]), r1 = nf_get_r1(nf);
binlS = bin = vecbinome(d-1);
if (!gcmp1(lS)) binlS = gmul(lS, bin);
N2 = cgetg(n+1, t_VEC);
prec = gprecision(G);
for (;;)
{
nffp_t F;
matGS = cgetg(d+2, t_MAT);
for (j=0; j<=d; j++) gel(matGS,j+1) = arch_for_T2(G, gel(polbase,j+2));
matGS = shallowtrans(matGS);
for (j=1; j <= r1; j++) /* N2[j] = || sigma_j(S) ||_2 */
{
gel(N2,j) = gsqrt( QuickNormL2(gel(matGS,j), DEFAULTPREC), DEFAULTPREC );
if (lg(N2[j]) < DEFAULTPREC) goto PRECPB;
}
for ( ; j <= n; j+=2)
{
GEN q1 = QuickNormL2(gel(matGS,j ), DEFAULTPREC);
GEN q2 = QuickNormL2(gel(matGS,j+1), DEFAULTPREC);
p1 = gmul2n(mpadd(q1, q2), -1);
gel(N2,j) = gel(N2,j+1) = gsqrt( p1, DEFAULTPREC );
if (lg(N2[j]) < DEFAULTPREC) goto PRECPB;
}
if (j > n) break; /* done */
PRECPB:
prec = (prec<<1)-2;
remake_GM(nf, &F, prec); G = F.G;
if (DEBUGLEVEL>1) pari_warn(warnprec, "nf_factor_bound", prec);
}
/* Take sup over 0 <= i <= d of
* sum_sigma | binom(d-1, i-1) ||sigma(S)||_2 + binom(d-1,i) lc(S) |^2 */
/* i = 0: n lc(S)^2 */
C = mulsi(n, sqri(lS));
/* i = d: sum_sigma ||sigma(S)||_2^2 */
p1 = gnorml2(N2); if (gcmp(C, p1) < 0) C = p1;
for (i = 1; i < d; i++)
{
GEN s = gen_0;
for (j = 1; j <= n; j++)
{
p1 = mpadd( mpmul(gel(bin,i), gel(N2,j)), gel(binlS,i+1) );
s = mpadd(s, gsqr(p1));
}
if (gcmp(C, s) < 0) C = s;
}
return C;
}
void rowMulSub(uint8_t* a, uint8_t* b, uint8_t coeff, int size){
if(coeff != 0x00){
// a = a - b*c
int i;
for(i = 0; i < size ; i++){
a[i] = gsub(a[i], gmul(coeff, b[i]));
}
}
}
static GEN
nf_to_Zq(GEN x, GEN T, GEN pk, GEN pks2, GEN proj)
{
GEN y;
if (typ(x) != t_COL) return centermodii(x, pk, pks2);
y = gmul(proj, x);
if (!T) return centermodii(y, pk, pks2);
y = RgV_to_RgX(y, varn(T));
return centermod_i(FpX_rem(y, T, pk), pk, pks2);
}
/* Warning: return L->topowden * (best lift) */
static GEN
nf_bestlift_to_pol(GEN elt, GEN bound, nflift_t *L)
{
pari_sp av = avma;
GEN v, u = nf_bestlift(elt,bound,L);
if (!u) return NULL;
v = gclone(u); avma = av;
u = gmul(L->topow, v);
gunclone(v); return u;
}
/* We want to be able to reconstruct x, |x|^2 < C, from x mod pr^k */
static double
bestlift_bound(GEN C, long d, double alpha, GEN Npr)
{
const double y = 1 / (alpha - 0.25); /* = 2 if alpha = 3/4 */
double t;
if (typ(C) != t_REAL) C = gmul(C, real_1(DEFAULTPREC));
setlg(C, DEFAULTPREC);
t = rtodbl(mplog(gmul2n(divrs(C,d), 4))) * 0.5 + (d-1) * log(1.5 * sqrt(y));
return ceil((t * d) / log(gtodouble(Npr)));
}
/* Let X = Tra * M_L, Y = bestlift(X) return V s.t Y = X - PRK V
* and set *eT2 = gexpo(Y) [cf nf_bestlift, but memory efficient] */
static GEN
get_V(GEN Tra, GEN M_L, GEN PRK, GEN PRKinv, GEN pk, long *eT2)
{
long i, e = 0, l = lg(M_L);
GEN V = cgetg(l, t_MAT);
*eT2 = 0;
for (i = 1; i < l; i++)
{ /* cf nf_bestlift(Tra * c) */
pari_sp av = avma, av2;
GEN v, T2 = gmul(Tra, gel(M_L,i));
v = gdivround(gmul(PRKinv, T2), pk); /* small */
av2 = avma;
T2 = gsub(T2, gmul(PRK, v));
e = gexpo(T2); if (e > *eT2) *eT2 = e;
avma = av2;
gel(V,i) = gerepileupto(av, v); /* small */
}
return V;
}
static GEN
nf_DDF_roots(GEN pol, GEN polred, GEN nfpol, GEN lt, GEN init_fa, long nbf,
long fl, nflift_t *L)
{
long Cltx_r[] = { evaltyp(t_POL)|_evallg(4), 0,0,0 };
long i, m;
GEN C2ltpol, C = L->topowden;
GEN Clt = mul_content(C, lt);
GEN C2lt = mul_content(C,Clt);
GEN z;
if (L->Tpk)
{
int cof = (degpol(pol) > nbf); /* non trivial cofactor ? */
z = FqX_split_roots(init_fa, L->Tp, L->p, cof? polred: NULL);
z = hensel_lift_fact(polred, z, L->Tpk, L->p, L->pk, L->k);
if (cof) setlg(z, lg(z)-1); /* remove cofactor */
z = roots_from_deg1(z);
}
else
z = rootpadicfast(polred, L->p, L->k);
Cltx_r[1] = evalsigne(1) | evalvarn(varn(pol));
gel(Cltx_r,3) = Clt? Clt: gen_1;
C2ltpol = C2lt? gmul(C2lt, pol): pol;
for (m=1,i=1; i<lg(z); i++)
{
GEN q, r = gel(z,i);
r = nf_bestlift_to_pol(lt? gmul(lt,r): r, NULL, L);
gel(Cltx_r,2) = gneg(r); /* check P(r) == 0 */
q = RgXQX_divrem(C2ltpol, Cltx_r, nfpol, ONLY_DIVIDES); /* integral */
if (q) {
C2ltpol = C2lt? gmul(Clt,q): q;
if (Clt) r = gdiv(r, Clt);
gel(z,m++) = r;
}
else if (fl == 2) return cgetg(1, t_VEC);
}
z[0] = evaltyp(t_VEC) | evallg(m);
return z;
}
/* g in Z[X] potentially defines a subfield of Q[X]/f. It is a subfield iff A
* (cf subfield) was a block system; then there
* exists h in Q[X] such that f | g o h. listdelta determines h s.t f | g o h
* in Fp[X] (cf chinese_retrieve_pol). Try to lift it; den is a
* multiplicative bound for denominator of lift. */
static GEN
embedding(GEN g, GEN DATA, primedata *S, GEN den, GEN listdelta)
{
GEN TR, w0_Q, w0, w1_Q, w1, wpow, h0, gp, T, q2, q, maxp, a, p = S->p;
long rt;
pari_sp av;
T = gel(DATA,1); rt = brent_kung_optpow(degpol(T), 2);
maxp= gel(DATA,7);
gp = derivpol(g); av = avma;
w0 = chinese_retrieve_pol(DATA, S, listdelta);
w0_Q = centermod(gmul(w0,den), p);
h0 = FpXQ_inv(FpX_FpXQ_compo(gp,w0, T,p), T,p); /* = 1/g'(w0) mod (T,p) */
wpow = NULL; q = sqri(p);
for(;;)
{/* Given g,w0,h0 in Z[x], s.t. h0.g'(w0) = 1 and g(w0) = 0 mod (T,p), find
* [w1,h1] satisfying the same conditions mod p^2, [w1,h1] = [w0,h0] (mod p)
* (cf. Dixon: J. Austral. Math. Soc., Series A, vol.49, 1990, p.445) */
if (DEBUGLEVEL>1)
fprintferr("lifting embedding mod p^k = %Z^%ld\n",p, Z_pval(q,p));
/* w1 := w0 - h0 g(w0) mod (T,q) */
if (wpow)
a = FpX_FpXQV_compo(g,wpow, T,q);
else
a = FpX_FpXQ_compo(g,w0, T,q); /* first time */
/* now, a = 0 (p) */
a = gmul(gneg(h0), gdivexact(a, p));
w1 = gadd(w0, gmul(p, FpX_rem(a, T,p)));
w1_Q = centermod(gmul(w1, remii(den,q)), q);
if (gequal(w1_Q, w0_Q) || cmpii(q,maxp) > 0)
{
GEN G = gcmp1(den)? g: RgX_rescale(g,den);
if (gcmp0(RgX_RgXQ_compo(G, w1_Q, T))) break;
}
if (cmpii(q, maxp) > 0)
{
if (DEBUGLEVEL) fprintferr("coeff too big for embedding\n");
return NULL;
}
gerepileall(av, 5, &w1,&h0,&w1_Q,&q,&p);
q2 = sqri(q);
wpow = FpXQ_powers(w1, rt, T, q2);
/* h0 := h0 * (2 - h0 g'(w1)) mod (T,q)
* = h0 + h0 * (1 - h0 g'(w1)) */
a = gmul(gneg(h0), FpX_FpXQV_compo(gp, FpXV_red(wpow,q),T,q));
a = ZX_Z_add(FpX_rem(a, T,q), gen_1); /* 1 - h0 g'(w1) = 0 (p) */
a = gmul(h0, gdivexact(a, p));
h0 = gadd(h0, gmul(p, FpX_rem(a, T,p)));
w0 = w1; w0_Q = w1_Q; p = q; q = q2;
}
TR = gel(DATA,5);
if (!gcmp0(TR)) w1_Q = translate_pol(w1_Q, TR);
return gdiv(w1_Q,den);
}
/* return a minimal lift of elt modulo id */
static GEN
nf_bestlift(GEN elt, GEN bound, nflift_t *L)
{
GEN u;
long i,l = lg(L->prk), t = typ(elt);
if (t != t_INT)
{
if (t == t_POL) elt = mulmat_pol(L->tozk, elt);
u = gmul(L->iprk,elt);
for (i=1; i<l; i++) gel(u,i) = diviiround(gel(u,i), L->den);
}
else
{
u = gmul(elt, gel(L->iprk,1));
for (i=1; i<l; i++) gel(u,i) = diviiround(gel(u,i), L->den);
elt = gscalcol(elt, l-1);
}
u = gsub(elt, gmul(L->prk, u));
if (bound && gcmp(QuickNormL2(u,DEFAULTPREC), bound) > 0) u = NULL;
return u;
}
static GEN
_powpolmodsimple(Cache *C, Red *R, GEN jac)
{
pari_sp av = avma;
GEN w = mulmat_pol(C->matvite, jac);
long j, ph = lg(w);
R->red = &_redsimple;
for (j=1; j<ph; j++)
gel(w,j) = _powpolmod(C, centermodii(gel(w,j), R->N, R->N2), R, &sqrmod);
w = centermod_i( gmul(C->matinvvite, w), R->N, R->N2 );
w = gerepileupto(av, w);
return RgV_to_RgX(w, 0);
}
/* return a bound for T_2(P), P | polbase
* max |b_i|^2 <= 3^{3/2 + d} / (4 \pi d) [P]_2,
* where [P]_2 is Bombieri's 2-norm
* Sum over conjugates
*/
static GEN
nf_Beauzamy_bound(GEN nf, GEN polbase)
{
GEN lt,C,run,s, G = gmael(nf,5,2), POL, bin;
long i,prec,precnf, d = degpol(polbase), n = degpol(nf[1]);
precnf = gprecision(G);
prec = MEDDEFAULTPREC;
bin = vecbinome(d);
POL = polbase + 2;
/* compute [POL]_2 */
for (;;)
{
run= real_1(prec);
s = real_0(prec);
for (i=0; i<=d; i++)
{
GEN p1 = gnorml2(arch_for_T2(G, gmul(run, gel(POL,i)))); /* T2(POL[i]) */
if (!signe(p1)) continue;
if (lg(p1) == 3) break;
/* s += T2(POL[i]) / binomial(d,i) */
s = addrr(s, gdiv(p1, gel(bin,i+1)));
}
if (i > d) break;
prec = (prec<<1)-2;
if (prec > precnf)
{
nffp_t F; remake_GM(nf, &F, prec); G = F.G;
if (DEBUGLEVEL>1) pari_warn(warnprec, "nf_factor_bound", prec);
}
}
lt = leading_term(polbase);
s = gmul(s, mulis(sqri(lt), n));
C = powrshalf(stor(3,DEFAULTPREC), 3 + 2*d); /* 3^{3/2 + d} */
return gdiv(gmul(C, s), gmulsg(d, mppi(DEFAULTPREC)));
}
/* return P(X + c) using destructive Horner, optimize for c = 1,-1 */
GEN
translate_pol(GEN P, GEN c)
{
pari_sp av = avma, lim;
GEN Q, *R;
long i, k, n;
if (!signe(P) || gcmp0(c)) return gcopy(P);
Q = shallowcopy(P);
R = (GEN*)(Q+2); n = degpol(P);
lim = stack_lim(av, 2);
if (gcmp1(c))
{
for (i=1; i<=n; i++)
{
for (k=n-i; k<n; k++) R[k] = gadd(R[k], R[k+1]);
if (low_stack(lim, stack_lim(av,2)))
{
if(DEBUGMEM>1) pari_warn(warnmem,"TR_POL(1), i = %ld/%ld", i,n);
Q = gerepilecopy(av, Q); R = (GEN*)Q+2;
}
}
}
else if (gcmp_1(c))
{
for (i=1; i<=n; i++)
{
for (k=n-i; k<n; k++) R[k] = gsub(R[k], R[k+1]);
if (low_stack(lim, stack_lim(av,2)))
{
if(DEBUGMEM>1) pari_warn(warnmem,"TR_POL(-1), i = %ld/%ld", i,n);
Q = gerepilecopy(av, Q); R = (GEN*)Q+2;
}
}
}
else
{
for (i=1; i<=n; i++)
{
for (k=n-i; k<n; k++) R[k] = gadd(R[k], gmul(c, R[k+1]));
if (low_stack(lim, stack_lim(av,2)))
{
if(DEBUGMEM>1) pari_warn(warnmem,"TR_POL, i = %ld/%ld", i,n);
Q = gerepilecopy(av, Q); R = (GEN*)Q+2;
}
}
}
return gerepilecopy(av, Q);
}
void Rijndael::invMixColumns(unsigned char** block){
unsigned char* temp = new unsigned char [4]; //utilizado para guardar coluna atual
for (int j = 0; j < 4; j++){
memcpy(temp, &block[0][j], 1);
memcpy(temp+1, &block[1][j], 1);
memcpy(temp+2, &block[2][j], 1);
memcpy(temp+3, &block[3][j], 1);
for (int i = 0; i < 4; i++){
block[i][j] = 0x00;
for (int m = 0; m < 4; m ++){
block[i][j] ^= gmul(temp[m], _inv_mix[i][m]); // this gmul totally sucks at performance. thinking about static pre-calculated tables.
}
}
}
delete[] temp;
}
/* Find h in Fp[X] such that h(a[i]) = listdelta[i] for all modular factors
* ff[i], where a[i] is a fixed root of ff[i] in Fq = Z[Y]/(p,T) [namely the
* first one in FpX_factorff_irred output]. Let f = ff[i], A the given root,
* then h mod f is Tr_Fq/Fp ( h(A) f(X)/(X-A)f'(A) ), most of the expression
* being precomputed. The complete h is recovered via chinese remaindering */
static GEN
chinese_retrieve_pol(GEN DATA, primedata *S, GEN listdelta)
{
GEN interp, bezoutC, h, pol = FpX_red(gel(DATA,1), S->p);
long i, l;
interp = gel(DATA,9);
bezoutC= gel(DATA,6);
h = NULL; l = lg(interp);
for (i=1; i<l; i++)
{ /* h(firstroot[i]) = listdelta[i] */
GEN t = FqX_Fq_mul(gel(interp,i), gel(listdelta,i), S->T,S->p);
t = poltrace(t, (GEN)S->Trk[i], S->p);
t = gmul(t, gel(bezoutC,i));
h = h? gadd(h,t): t;
}
return FpX_rem(FpX_red(h, S->p), pol, S->p);
}
static void
init_proj(nflift_t *L, GEN nfT, GEN p)
{
if (L->Tp)
{
GEN z = cgetg(3, t_VEC), proj;
gel(z,1) = L->Tp;
gel(z,2) = FpX_div(FpX_red(nfT,p), L->Tp, p);
z = hensel_lift_fact(nfT, z, NULL, p, L->pk, L->k);
L->Tpk = gel(z,1);
proj = get_proj_modT(L->topow, L->Tpk, L->pk);
if (L->topowden)
proj = FpM_red(gmul(Fp_inv(L->topowden, L->pk), proj), L->pk);
L->ZqProj = proj;
}
else
{
L->Tpk = NULL;
L->ZqProj = dim1proj(L->prkHNF);
}
}
static GEN
nf_LLL_cmbf(nfcmbf_t *T, GEN p, long k, long rec)
{
nflift_t *L = T->L;
GEN pk = L->pk, PRK = L->prk, PRKinv = L->iprk, GSmin = L->GSmin;
GEN Tpk = L->Tpk;
GEN famod = T->fact, nf = T->nf, ZC = T->ZC, Br = T->Br;
GEN Pbase = T->polbase, P = T->pol, dn = T->dn;
GEN nfT = gel(nf,1);
GEN Btra;
long dnf = degpol(nfT), dP = degpol(P);
double BitPerFactor = 0.5; /* nb bits / modular factor */
long i, C, tmax, n0;
GEN lP, Bnorm, Tra, T2, TT, CM_L, m, list, ZERO;
double Bhigh;
pari_sp av, av2, lim;
long ti_LLL = 0, ti_CF = 0;
pari_timer ti2, TI;
lP = absi(leading_term(P));
if (is_pm1(lP)) lP = NULL;
n0 = lg(famod) - 1;
/* Lattice: (S PRK), small vector (vS vP). To find k bound for the image,
* write S = S1 q + S0, P = P1 q + P0
* |S1 vS + P1 vP|^2 <= Bhigh for all (vS,vP) assoc. to true factors */
Btra = mulrr(ZC, mulsr(dP*dP, normlp(Br, 2, dnf)));
Bhigh = get_Bhigh(n0, dnf);
C = (long)ceil(sqrt(Bhigh/n0)) + 1; /* C^2 n0 ~ Bhigh */
Bnorm = dbltor( n0 * C * C + Bhigh );
ZERO = zeromat(n0, dnf);
av = avma; lim = stack_lim(av, 1);
TT = cgetg(n0+1, t_VEC);
Tra = cgetg(n0+1, t_MAT);
for (i=1; i<=n0; i++) TT[i] = 0;
CM_L = gscalsmat(C, n0);
/* tmax = current number of traces used (and computed so far) */
for(tmax = 0;; tmax++)
{
long a, b, bmin, bgood, delta, tnew = tmax + 1, r = lg(CM_L)-1;
GEN oldCM_L, M_L, q, S1, P1, VV;
int first = 1;
/* bound for f . S_k(genuine factor) = ZC * bound for T_2(S_tnew) */
Btra = mulrr(ZC, mulsr(dP*dP, normlp(Br, 2*tnew, dnf)));
bmin = logint(ceil_safe(sqrtr(Btra)), gen_2, NULL);
if (DEBUGLEVEL>2)
fprintferr("\nLLL_cmbf: %ld potential factors (tmax = %ld, bmin = %ld)\n",
r, tmax, bmin);
/* compute Newton sums (possibly relifting first) */
if (gcmp(GSmin, Btra) < 0)
{
nflift_t L1;
GEN polred;
bestlift_init(k<<1, nf, T->pr, Btra, &L1);
polred = ZqX_normalize(Pbase, lP, &L1);
k = L1.k;
pk = L1.pk;
PRK = L1.prk;
PRKinv = L1.iprk;
GSmin = L1.GSmin;
Tpk = L1.Tpk;
famod = hensel_lift_fact(polred, famod, Tpk, p, pk, k);
for (i=1; i<=n0; i++) TT[i] = 0;
}
for (i=1; i<=n0; i++)
{
GEN h, lPpow = lP? gpowgs(lP, tnew): NULL;
GEN z = polsym_gen(gel(famod,i), gel(TT,i), tnew, Tpk, pk);
gel(TT,i) = z;
h = gel(z,tnew+1);
/* make Newton sums integral */
lPpow = mul_content(lPpow, dn);
if (lPpow) h = FpX_red(gmul(h,lPpow), pk);
gel(Tra,i) = nf_bestlift(h, NULL, L); /* S_tnew(famod) */
}
/* compute truncation parameter */
if (DEBUGLEVEL>2) { TIMERstart(&ti2); TIMERstart(&TI); }
oldCM_L = CM_L;
av2 = avma;
b = delta = 0; /* -Wall */
AGAIN:
M_L = Q_div_to_int(CM_L, utoipos(C));
VV = get_V(Tra, M_L, PRK, PRKinv, pk, &a);
if (first)
{ /* initialize lattice, using few p-adic digits for traces */
bgood = (long)(a - max(32, BitPerFactor * r));
b = max(bmin, bgood);
delta = a - b;
}
else
{ /* add more p-adic digits and continue reduction */
if (a < b) b = a;
b = max(b-delta, bmin);
if (b - delta/2 < bmin) b = bmin; /* near there. Go all the way */
}
/* restart with truncated entries */
q = int2n(b);
P1 = gdivround(PRK, q);
S1 = gdivround(Tra, q);
T2 = gsub(gmul(S1, M_L), gmul(P1, VV));
m = vconcat( CM_L, T2 );
if (first)
{
first = 0;
m = shallowconcat( m, vconcat(ZERO, P1) );
/* [ C M_L 0 ]
* m = [ ] square matrix
* [ T2' PRK ] T2' = Tra * M_L truncated
*/
}
CM_L = LLL_check_progress(Bnorm, n0, m, b == bmin, /*dbg:*/ &ti_LLL);
if (DEBUGLEVEL>2)
fprintferr("LLL_cmbf: (a,b) =%4ld,%4ld; r =%3ld -->%3ld, time = %ld\n",
a,b, lg(m)-1, CM_L? lg(CM_L)-1: 1, TIMER(&TI));
if (!CM_L) { list = mkcol(QXQX_normalize(P,nfT)); break; }
if (b > bmin)
{
CM_L = gerepilecopy(av2, CM_L);
goto AGAIN;
}
if (DEBUGLEVEL>2) msgTIMER(&ti2, "for this trace");
i = lg(CM_L) - 1;
if (i == r && gequal(CM_L, oldCM_L))
{
CM_L = oldCM_L;
avma = av2; continue;
}
if (i <= r && i*rec < n0)
{
pari_timer ti;
if (DEBUGLEVEL>2) TIMERstart(&ti);
list = nf_chk_factors(T, P, Q_div_to_int(CM_L,utoipos(C)), famod, pk);
if (DEBUGLEVEL>2) ti_CF += TIMER(&ti);
if (list) break;
CM_L = gerepilecopy(av2, CM_L);
}
if (low_stack(lim, stack_lim(av,1)))
{
if(DEBUGMEM>1) pari_warn(warnmem,"nf_LLL_cmbf");
gerepileall(av, Tpk? 9: 8,
&CM_L,&TT,&Tra,&famod,&pk,&GSmin,&PRK,&PRKinv,&Tpk);
}
}
if (DEBUGLEVEL>2)
fprintferr("* Time LLL: %ld\n* Time Check Factor: %ld\n",ti_LLL,ti_CF);
return list;
}
static GEN
_mul(GEN x, GEN y, Red *R) { return R->red(gmul(x,y), R); }
void mimc_perm_gadget<field_type>::snark_perm() {
field_type x = input_state;
field_type tmp;
int index = varCount;
index += 1;
//mimc_snarkboard<field_type> pb;
snarkvar<field_type> X, Y, Z;
for(int i = 0;i < num_round;i++) {
linear_term<field_type> u(0, fONE, key);
X.add_var(u);
u.reset(index, fONE, x);
index++;
X.add_var(u);
Y.clear();
Y = X;
u.reset(index, fONE, fZERO);
Z.clear();
Z.add_var(u);
index++;
// std::cout<<"BEFORE SQR\n\n";
// std::cout<<"X ->\n";X.print_snarkvar();
// std::cout<<"Y ->\n";Y.print_snarkvar();
// std::cout<<"Z ->\n";Z.print_snarkvar();
f2n_sqr_gadget<field_type> gsqr(&X, &Z, mptr);
gsqr.generate_r1cs_constraint();
gsqr.generate_r1cs_witness();
// std::cout<<"AFTER SQR\n\n";
// std::cout<<"X ->\n";X.print_snarkvar();
// std::cout<<"Y ->\n";Y.print_snarkvar();
// std::cout<<"Z ->\n";Z.print_snarkvar();
Z.lc[0].var_val = Z.lc_val;
X.clear();
X = Z;
Z.clear();
u.reset(index, fONE, fZERO);
Z.add_var(u);
// std::cout<<"BEFORE MUL\n\n";
// std::cout<<"X ->\n";X.print_snarkvar();
// std::cout<<"Y ->\n";Y.print_snarkvar();
// std::cout<<"Z ->\n";Z.print_snarkvar();
f2n_mul_gadget<field_type> gmul(&X, &Y, &Z, mptr);
gmul.generate_r1cs_constraint();
gmul.generate_r1cs_witness();
// std::cout<<"AFTER MUL\n\n";
// std::cout<<"X ->\n";X.print_snarkvar();
// std::cout<<"Y ->\n";Y.print_snarkvar();
// std::cout<<"Z ->\n";Z.print_snarkvar();
X.clear();
x = Z.lc_val;
Y.clear();
}
}
inline uchar rs_round( void )
{
uchar sum;
sum = gadd(0,gmul(l_shift[0],0));
l_shift[0] = l_shift[1];
sum = gadd(sum,gmul(l_shift[1],1));
l_shift[1] = l_shift[2];
sum = gadd(sum,gmul(l_shift[2],2));
l_shift[2] = l_shift[3];
sum = gadd(sum,gmul(l_shift[3],3));
l_shift[3] = l_shift[4];
sum = gadd(sum,gmul(l_shift[4],4));
l_shift[4] = l_shift[5];
sum = gadd(sum,gmul(l_shift[5],5));
l_shift[5] = l_shift[6];
sum = gadd(sum,gmul(l_shift[6],6));
l_shift[6] = l_shift[7];
sum = gadd(sum,gmul(l_shift[7],7));
l_shift[7] = l_shift[8];
sum = gadd(sum,gmul(l_shift[8],8));
l_shift[8] = l_shift[9];
sum = gadd(sum,gmul(l_shift[9],9));
l_shift[9] = l_shift[10];
sum = gadd(sum,gmul(l_shift[10],10));
l_shift[10] = l_shift[11];
sum = gadd(sum,gmul(l_shift[11],11));
l_shift[11] = l_shift[12];
sum = gadd(sum,gmul(l_shift[12],12));
l_shift[12] = l_shift[13];
sum = gadd(sum,gmul(l_shift[13],13));
l_shift[13] = l_shift[14];
sum = gadd(sum,gmul(l_shift[14],14));
l_shift[14] = l_shift[15];
sum = gadd(sum,gmul(l_shift[15],15));
l_shift[15] = 0;
return sum;
}
/* Naive recombination of modular factors: combine up to maxK modular
* factors, degree <= klim and divisible by hint
*
* target = polynomial we want to factor
* famod = array of modular factors. Product should be congruent to
* target/lc(target) modulo p^a
* For true factors: S1,S2 <= p^b, with b <= a and p^(b-a) < 2^31 */
static GEN
nfcmbf(nfcmbf_t *T, GEN p, long a, long maxK, long klim)
{
GEN pol = T->pol, nf = T->nf, famod = T->fact, dn = T->dn;
GEN bound = T->bound;
GEN nfpol = gel(nf,1);
long K = 1, cnt = 1, i,j,k, curdeg, lfamod = lg(famod)-1, dnf = degpol(nfpol);
GEN res = cgetg(3, t_VEC);
pari_sp av0 = avma;
GEN pk = gpowgs(p,a), pks2 = shifti(pk,-1);
GEN ind = cgetg(lfamod+1, t_VECSMALL);
GEN degpol = cgetg(lfamod+1, t_VECSMALL);
GEN degsofar = cgetg(lfamod+1, t_VECSMALL);
GEN listmod = cgetg(lfamod+1, t_COL);
GEN fa = cgetg(lfamod+1, t_COL);
GEN lc = absi(leading_term(pol)), lt = is_pm1(lc)? NULL: lc;
GEN C2ltpol, C = T->L->topowden, Tpk = T->L->Tpk;
GEN Clt = mul_content(C, lt);
GEN C2lt = mul_content(C,Clt);
const double Bhigh = get_Bhigh(lfamod, dnf);
trace_data _T1, _T2, *T1, *T2;
pari_timer ti;
TIMERstart(&ti);
if (maxK < 0) maxK = lfamod-1;
C2ltpol = C2lt? gmul(C2lt,pol): pol;
{
GEN q = ceil_safe(sqrtr(T->BS_2));
GEN t1,t2, ltdn, lt2dn;
GEN trace1 = cgetg(lfamod+1, t_MAT);
GEN trace2 = cgetg(lfamod+1, t_MAT);
ltdn = mul_content(lt, dn);
lt2dn= mul_content(ltdn, lt);
for (i=1; i <= lfamod; i++)
{
pari_sp av = avma;
GEN P = gel(famod,i);
long d = degpol(P);
degpol[i] = d; P += 2;
t1 = gel(P,d-1);/* = - S_1 */
t2 = gsqr(t1);
if (d > 1) t2 = gsub(t2, gmul2n(gel(P,d-2), 1));
/* t2 = S_2 Newton sum */
t2 = typ(t2)!=t_INT? FpX_rem(t2, Tpk, pk): modii(t2, pk);
if (lt)
{
if (typ(t2)!=t_INT) {
t1 = FpX_red(gmul(ltdn, t1), pk);
t2 = FpX_red(gmul(lt2dn,t2), pk);
} else {
t1 = remii(mulii(ltdn, t1), pk);
t2 = remii(mulii(lt2dn,t2), pk);
}
}
gel(trace1,i) = gclone( nf_bestlift(t1, NULL, T->L) );
gel(trace2,i) = gclone( nf_bestlift(t2, NULL, T->L) ); avma = av;
}
T1 = init_trace(&_T1, trace1, T->L, q);
T2 = init_trace(&_T2, trace2, T->L, q);
for (i=1; i <= lfamod; i++) {
gunclone(gel(trace1,i));
gunclone(gel(trace2,i));
}
}
degsofar[0] = 0; /* sentinel */
/* ind runs through strictly increasing sequences of length K,
* 1 <= ind[i] <= lfamod */
nextK:
if (K > maxK || 2*K > lfamod) goto END;
if (DEBUGLEVEL > 3)
fprintferr("\n### K = %d, %Z combinations\n", K,binomial(utoipos(lfamod), K));
setlg(ind, K+1); ind[1] = 1;
i = 1; curdeg = degpol[ind[1]];
for(;;)
{ /* try all combinations of K factors */
for (j = i; j < K; j++)
{
degsofar[j] = curdeg;
ind[j+1] = ind[j]+1; curdeg += degpol[ind[j+1]];
}
if (curdeg <= klim && curdeg % T->hint == 0) /* trial divide */
{
GEN t, y, q, list;
pari_sp av;
av = avma;
/* d - 1 test */
if (T1)
{
t = get_trace(ind, T1);
if (rtodbl(QuickNormL2(t,DEFAULTPREC)) > Bhigh)
{
if (DEBUGLEVEL>6) fprintferr(".");
avma = av; goto NEXT;
}
}
/* d - 2 test */
if (T2)
{
t = get_trace(ind, T2);
if (rtodbl(QuickNormL2(t,DEFAULTPREC)) > Bhigh)
{
if (DEBUGLEVEL>3) fprintferr("|");
avma = av; goto NEXT;
}
}
avma = av;
y = lt; /* full computation */
for (i=1; i<=K; i++)
{
GEN q = gel(famod, ind[i]);
if (y) q = gmul(y, q);
y = FqX_centermod(q, Tpk, pk, pks2);
}
y = nf_pol_lift(y, bound, T);
if (!y)
{
if (DEBUGLEVEL>3) fprintferr("@");
avma = av; goto NEXT;
}
/* try out the new combination: y is the candidate factor */
q = RgXQX_divrem(C2ltpol, y, nfpol, ONLY_DIVIDES);
if (!q)
{
if (DEBUGLEVEL>3) fprintferr("*");
avma = av; goto NEXT;
}
/* found a factor */
list = cgetg(K+1, t_VEC);
gel(listmod,cnt) = list;
for (i=1; i<=K; i++) list[i] = famod[ind[i]];
y = Q_primpart(y);
gel(fa,cnt++) = QXQX_normalize(y, nfpol);
/* fix up pol */
pol = q;
for (i=j=k=1; i <= lfamod; i++)
{ /* remove used factors */
if (j <= K && i == ind[j]) j++;
else
{
famod[k] = famod[i];
update_trace(T1, k, i);
update_trace(T2, k, i);
degpol[k] = degpol[i]; k++;
}
}
lfamod -= K;
if (lfamod < 2*K) goto END;
i = 1; curdeg = degpol[ind[1]];
if (C2lt) pol = Q_primpart(pol);
if (lt) lt = absi(leading_term(pol));
Clt = mul_content(C, lt);
C2lt = mul_content(C,Clt);
C2ltpol = C2lt? gmul(C2lt,pol): pol;
if (DEBUGLEVEL > 2)
{
fprintferr("\n"); msgTIMER(&ti, "to find factor %Z",y);
fprintferr("remaining modular factor(s): %ld\n", lfamod);
}
continue;
}
NEXT:
for (i = K+1;;)
{
if (--i == 0) { K++; goto nextK; }
if (++ind[i] <= lfamod - K + i)
{
curdeg = degsofar[i-1] + degpol[ind[i]];
if (curdeg <= klim) break;
}
}
}
END:
if (degpol(pol) > 0)
{ /* leftover factor */
if (signe(leading_term(pol)) < 0) pol = gneg_i(pol);
if (C2lt && lfamod < 2*K) pol = QXQX_normalize(Q_primpart(pol), nfpol);
setlg(famod, lfamod+1);
gel(listmod,cnt) = shallowcopy(famod);
gel(fa,cnt++) = pol;
}
if (DEBUGLEVEL>6) fprintferr("\n");
if (cnt == 2) {
avma = av0;
gel(res,1) = mkvec(T->pol);
gel(res,2) = mkvec(T->fact);
}
else
{
setlg(listmod, cnt); setlg(fa, cnt);
gel(res,1) = fa;
gel(res,2) = listmod;
res = gerepilecopy(av0, res);
}
return res;
}
static GEN
ZqX_normalize(GEN P, GEN lt, nflift_t *L)
{
GEN R = lt? gmul(Fp_inv(lt, L->pk), P): P;
return ZqX(R, L->pk, L->Tpk, L->ZqProj);
}
/* return the factorization of the square-free polynomial x.
The coeffs of x are in Z_nf and its leading term is a rational integer.
deg(x) > 1, deg(nfpol) > 1
If fl = 1, return only the roots of x in nf
If fl = 2, as fl=1 if pol splits, [] otherwise */
static GEN
nfsqff(GEN nf, GEN pol, long fl)
{
long n, nbf, dpol = degpol(pol);
GEN pr, C0, polbase, init_fa = NULL;
GEN N2, rep, polmod, polred, lt, nfpol = gel(nf,1);
nfcmbf_t T;
nflift_t L;
pari_timer ti, ti_tot;
if (DEBUGLEVEL>2) { TIMERstart(&ti); TIMERstart(&ti_tot); }
n = degpol(nfpol);
polbase = unifpol(nf, pol, t_COL);
if (typ(polbase) != t_POL) pari_err(typeer, "nfsqff");
polmod = lift_intern( unifpol(nf, pol, t_POLMOD) );
if (dpol == 1) return mkvec(QXQX_normalize(polmod, nfpol));
/* heuristic */
if (dpol*3 < n)
{
GEN z, t;
long i;
if (DEBUGLEVEL>2) fprintferr("Using Trager's method\n");
z = (GEN)polfnf(polmod, nfpol)[1];
if (fl) {
long l = lg(z);
for (i = 1; i < l; i++)
{
t = gel(z,i); if (degpol(t) > 1) break;
gel(z,i) = gneg(gdiv(gel(t,2), gel(t,3)));
}
setlg(z, i);
if (fl == 2 && i != l) return cgetg(1,t_VEC);
}
return z;
}
nbf = nf_pick_prime(5, nf, polbase, fl, <, &init_fa, &pr, &L.Tp);
if (fl == 2 && nbf < dpol) return cgetg(1,t_VEC);
if (nbf <= 1)
{
if (!fl) return mkvec(QXQX_normalize(polmod, nfpol)); /* irreducible */
if (!nbf) return cgetg(1,t_VEC); /* no root */
}
if (DEBUGLEVEL>2) {
msgTIMER(&ti, "choice of a prime ideal");
fprintferr("Prime ideal chosen: %Z\n", pr);
}
pol = simplify_i(lift(polmod));
L.tozk = gel(nf,8);
L.topow= Q_remove_denom(gel(nf,7), &L.topowden);
T.ZC = L2_bound(nf, L.tozk, &(T.dn));
T.Br = nf_root_bounds(pol, nf); if (lt) T.Br = gmul(T.Br, lt);
if (fl) C0 = normlp(T.Br, 2, n);
else C0 = nf_factor_bound(nf, polbase); /* bound for T_2(Q_i), Q | P */
T.bound = mulrr(T.ZC, C0); /* bound for |Q_i|^2 in Z^n on chosen Z-basis */
N2 = mulsr(dpol*dpol, normlp(T.Br, 4, n)); /* bound for T_2(lt * S_2) */
T.BS_2 = mulrr(T.ZC, N2); /* bound for |S_2|^2 on chosen Z-basis */
if (DEBUGLEVEL>2) {
msgTIMER(&ti, "bound computation");
fprintferr(" 1) T_2 bound for %s: %Z\n", fl?"root":"factor", C0);
fprintferr(" 2) Conversion from T_2 --> | |^2 bound : %Z\n", T.ZC);
fprintferr(" 3) Final bound: %Z\n", T.bound);
}
L.p = gel(pr,1);
if (L.Tp && degpol(L.Tp) == 1) L.Tp = NULL;
bestlift_init(0, nf, pr, T.bound, &L);
if (DEBUGLEVEL>2) TIMERstart(&ti);
polred = ZqX_normalize(polbase, lt, &L); /* monic */
if (fl) {
GEN z = nf_DDF_roots(pol, polred, nfpol, lt, init_fa, nbf, fl, &L);
if (lg(z) == 1) return cgetg(1, t_VEC);
return z;
}
{
pari_sp av = avma;
if (L.Tp)
rep = FqX_split_all(init_fa, L.Tp, L.p);
else
{
long d;
rep = cgetg(dpol + 1, t_VEC); gel(rep,1) = FpX_red(polred,L.p);
d = FpX_split_Berlekamp((GEN*)(rep + 1), L.p);
setlg(rep, d + 1);
}
T.fact = gerepilecopy(av, sort_vecpol(rep, &cmp_pol));
}
if (DEBUGLEVEL>2) msgTIMER(&ti, "splitting mod %Z", pr);
T.pr = pr;
T.L = &L;
T.polbase = polbase;
T.pol = pol;
T.nf = nf;
T.hint = 1; /* useless */
rep = nf_combine_factors(&T, polred, L.p, L.k, dpol-1);
if (DEBUGLEVEL>2)
fprintferr("Total Time: %ld\n===========\n", TIMER(&ti_tot));
return rep;
}
/* assume x scalar or t_COL */
static GEN
arch_for_T2(GEN G, GEN x)
{
return (typ(x) == t_COL)? gmul(G,x): gmul(gel(G,1),x);
}
