static void select_curve_params(mpz_t a, mpz_t b, mpz_t g,
long D, mpz_t *roots, long i, mpz_t N, mpz_t t)
{
int N_is_not_1_congruent_3;
mpz_set_ui(a, 0);
mpz_set_ui(b, 0);
if (D == -3) { mpz_set_si(b, -1); }
else if (D == -4) { mpz_set_si(a, -1); }
else {
mpz_sub_ui(t, roots[i], 1728);
mpz_mod(t, t, N);
/* c = (j * inverse(j-1728)) mod n */
if (mpz_divmod(b, roots[i], t, N, b)) {
mpz_mul_si(a, b, -3); /* r = -3c */
mpz_mul_si(b, b, 2); /* s = 2c */
}
}
mpz_mod(a, a, N);
mpz_mod(b, b, N);
/* g: 1 < g < Ni && (g/Ni) != -1 && (g%3!=1 || cubic non-residue) */
N_is_not_1_congruent_3 = ! mpz_congruent_ui_p(N, 1, 3);
for ( mpz_set_ui(g, 2); mpz_cmp(g, N) < 0; mpz_add_ui(g, g, 1) ) {
if (mpz_jacobi(g, N) != -1)
continue;
if (N_is_not_1_congruent_3)
break;
mpz_sub_ui(t, N, 1);
mpz_tdiv_q_ui(t, t, 3);
mpz_powm(t, g, t, N); /* t = g^((Ni-1)/3) mod Ni */
if (mpz_cmp_ui(t, 1) == 0)
continue;
if (D == -3) {
mpz_powm_ui(t, t, 3, N);
if (mpz_cmp_ui(t, 1) != 0) /* Additional check when D == -3 */
continue;
}
break;
}
if (mpz_cmp(g, N) >= 0) /* No g can be found: N is composite */
mpz_set_ui(g, 0);
}
int generatePrime(mpz_t *p,mpz_t *q,mpz_t *n,int number)
{
int i;
gmp_randstate_t rstate_p[number],rstate_q[number];
for(i = 0; i < number; i++)
{
gmp_randinit_mt(rstate_p[i]);
gmp_randinit_mt(rstate_q[i]);
}
for(i = 0; i < number; i++)
{
//Seeds to generate random number
gmp_randseed_ui(rstate_p[i],randomSeed());
gmp_randseed_ui(rstate_q[i],randomSeed());
do{
do{
mpz_urandomb(*(p+i),rstate_p[i],32); // generate random number p less than 2^32-1
}while(mpz_sizeinbase(*(p+i),2)!=32); //checks whether p is 32 bit or not
}while(!isPrimeNumber(*(p+i)) || (!mpz_congruent_ui_p(*(p+i),3,4))); //checks whether p is prime or not with 500 witnesses
do{
do{
mpz_urandomb(*(q+i),rstate_q[i],32); // generate random number q less than 2^32-1
}while(mpz_sizeinbase(*(q+i),2)!=32); //checks whether p is 32 bit or not
}while(!isPrimeNumber(*(q+i)) || (!mpz_congruent_ui_p(*(q+i),3,4))); //checks whether q is prime or not with 500 witnesses
mpz_mul (*(n+i),*(p+i),*(q+i));
}
/* for(i = 0; i < number; i++)
{
//Seeds to generate random number
gmp_randseed_ui(rstate_q[i],randomSeed());
do{
do{
mpz_urandomb(*(q+i),rstate_q[i],32); // generate random number q less than 2^32-1
}while(mpz_sizeinbase(*(q+i),2)!=32); //checks whether p is 32 bit or not
}while(!isPrimeNumber(*(q+i)) || (!mpz_congruent_ui_p(*(q+i),3,4))); //checks whether q is prime or not with 500 witnesses
}*/
return TRUE;
}
void mpz_sqrtmp_r
(mpz_ptr root, mpz_srcptr a, mpz_srcptr p)
{
/* ? a \neq 0 */
if (mpz_get_ui(a) != 0)
{
/* ? p = 3 (mod 4) */
if (mpz_congruent_ui_p(p, 3L, 4L))
{
mpz_t foo;
mpz_init_set(foo, p);
mpz_add_ui(foo, foo, 1L);
mpz_fdiv_q_2exp(foo, foo, 2L);
mpz_powm(root, a, foo, p);
mpz_clear(foo);
return;
}
/* ! p = 1 (mod 4) */
else
{
/* ! s = (p-1)/4 */
mpz_t s;
mpz_init_set(s, p);
mpz_sub_ui(s, s, 1L);
mpz_fdiv_q_2exp(s, s, 2L);
/* ? p = 5 (mod 8) */
if (mpz_congruent_ui_p(p, 5L, 8L))
{
mpz_t foo, b;
mpz_init(foo);
mpz_powm(foo, a, s, p);
mpz_init_set(b, p);
mpz_add_ui(b, b, 3L);
mpz_fdiv_q_2exp(b, b, 3L);
mpz_powm(root, a, b, p);
/* ? a^{(p-1)/4} = 1 (mod p) */
if (mpz_cmp_ui(foo, 1L) == 0)
{
mpz_clear(foo), mpz_clear(s), mpz_clear(b);
return;
}
/* ! a^{(p-1)/4} = -1 (mod p) */
else
{
do
mpz_wrandomm(b, p);
while (mpz_jacobi(b, p) != -1);
mpz_powm(b, b, s, p);
mpz_mul(root, root, b);
mpz_mod(root, root, p);
mpz_clear(foo), mpz_clear(s), mpz_clear(b);
return;
}
}
/* ! p = 1 (mod 8) */
else
{
mpz_t foo, bar, b, t;
mpz_init(foo), mpz_init(bar);
mpz_powm(foo, a, s, p);
/* while a^s = 1 (mod p) */
while (mpz_cmp_ui(foo, 1L) == 0)
{
/* ? s odd */
if (mpz_odd_p(s))
{
mpz_add_ui(s, s, 1L);
mpz_fdiv_q_2exp(s, s, 1L);
mpz_powm(root, a, s, p);
mpz_clear(foo), mpz_clear(s);
return;
}
/* ! s even */
else
{
mpz_fdiv_q_2exp(s, s, 1L);
}
mpz_powm(foo, a, s, p);
}
/* ! a^s = -1 (mod p) */
mpz_init(b);
do
mpz_wrandomm(b, p);
while (mpz_jacobi(b, p) != -1);
mpz_init_set(t, p);
mpz_sub_ui(t, t, 1L);
mpz_fdiv_q_2exp(t, t, 1L);
/* while s even */
while (mpz_even_p(s))
{
mpz_fdiv_q_2exp(s, s, 1L);
mpz_fdiv_q_2exp(t, t, 1L);
mpz_powm(foo, a, s, p);
mpz_powm(bar, b, t, p);
mpz_mul(foo, foo, bar);
mpz_mod(foo, foo, p);
mpz_set_si(bar, -1L);
/* ? a^s * b^t = -1 (mod p) */
if (mpz_congruent_p(foo, bar, p))
{
mpz_set(bar, p);
mpz_sub_ui(bar, bar, 1L);
mpz_fdiv_q_2exp(bar, bar, 1L);
mpz_add(t, t, bar);
}
}
mpz_add_ui(s, s, 1L);
mpz_fdiv_q_2exp(s, s, 1L);
mpz_fdiv_q_2exp(t, t, 1L);
mpz_powm(foo, a, s, p);
mpz_powm(bar, b, t, p);
mpz_mul(root, foo, bar);
mpz_mod(root, root, p);
mpz_clear(foo), mpz_clear(bar);
mpz_clear(s), mpz_clear(b), mpz_clear(t);
return;
}
}
}
/* error, return zero root */
mpz_set_ui(root, 0L);
}
/* See Cohen section 1.5.
* See http://www.math.vt.edu/people/brown/doc/sqrts.pdf
*/
int sqrtmod(mpz_t x, mpz_t a, mpz_t p,
mpz_t t, mpz_t q, mpz_t b, mpz_t z) /* 4 temp variables */
{
int r, e, m;
/* Easy cases from page 31 (or Menezes 3.36, 3.37) */
if (mpz_congruent_ui_p(p, 3, 4)) {
mpz_add_ui(t, p, 1);
mpz_tdiv_q_2exp(t, t, 2);
mpz_powm(x, a, t, p);
return verify_sqrt(x, a, p, t, q);
}
if (mpz_congruent_ui_p(p, 5, 8)) {
mpz_sub_ui(t, p, 1);
mpz_tdiv_q_2exp(t, t, 2);
mpz_powm(q, a, t, p);
if (mpz_cmp_si(q, 1) == 0) { /* s = a^((p+3)/8) mod p */
mpz_add_ui(t, p, 3);
mpz_tdiv_q_2exp(t, t, 3);
mpz_powm(x, a, t, p);
} else { /* s = 2a * (4a)^((p-5)/8) mod p */
mpz_sub_ui(t, p, 5);
mpz_tdiv_q_2exp(t, t, 3);
mpz_mul_ui(q, a, 4);
mpz_powm(x, q, t, p);
mpz_mul_ui(x, x, 2);
mpz_mulmod(x, x, a, p, x);
}
return verify_sqrt(x, a, p, t, q);
}
if (mpz_kronecker(a, p) != 1) {
/* Possible no solution exists. Check Euler criterion. */
mpz_sub_ui(t, p, 1);
mpz_tdiv_q_2exp(t, t, 1);
mpz_powm(x, a, t, p);
if (mpz_cmp_si(x, 1) != 0) {
mpz_set_ui(x, 0);
return 0;
}
}
mpz_sub_ui(q, p, 1);
e = mpz_scan1(q, 0); /* Remove 2^e from q */
mpz_tdiv_q_2exp(q, q, e);
mpz_set_ui(t, 2);
while (mpz_legendre(t, p) != -1) /* choose t "at random" */
mpz_add_ui(t, t, 1);
mpz_powm(z, t, q, p); /* Step 1 complete */
r = e;
mpz_powm(b, a, q, p);
mpz_add_ui(q, q, 1);
mpz_divexact_ui(q, q, 2);
mpz_powm(x, a, q, p); /* Done with q, will use it for y now */
while (mpz_cmp_ui(b, 1)) {
/* calculate how many times b^2 mod p == 1 */
mpz_set(t, b);
m = 0;
do {
mpz_powm_ui(t, t, 2, p);
m++;
} while (m < r && mpz_cmp_ui(t, 1));
if (m >= r) break;
mpz_ui_pow_ui(t, 2, r-m-1);
mpz_powm(t, z, t, p);
mpz_mulmod(x, x, t, p, x);
mpz_powm_ui(z, t, 2, p);
mpz_mulmod(b, b, z, p, b);
r = m;
}
return verify_sqrt(x, a, p, t, q);
}
