public ModulusRing(BigInteger modulus)
                _mod = modulus;

                // calculate constant = b^ (2k) / m
                var i = _mod._length << 1;

                _constant = new BigInteger(Sign.Positive, i + 1);
                _constant._data[i] = 0x00000001;

                _constant = _constant/_mod;
Beispiel #2
        public static byte[] Calculate(BigInteger.BigInteger a, BigInteger.BigInteger b)
            byte[] bytes;
            lock (Locker)
                bytes = a.ModPow(b, Prime).GetBytes();

            if (bytes.Length < 96)
                var oldBytes = bytes;
                bytes = new byte[96];
                Array.Copy(oldBytes, 0, bytes, 96 - oldBytes.Length, oldBytes.Length);
                for (var i = 0; i < (96 - oldBytes.Length); i++)
                    bytes[i] = 0;

            private static BigInteger[] DwordDivMod(BigInteger n, uint d)
                var ret = new BigInteger(Sign.Positive, n._length);

                ulong r = 0;
                var i = n._length;

                while (i-- > 0)
                    r <<= 32;
                    r |= n._data[i];
                    ret._data[i] = (uint) (r/d);
                    r %= d;

                BigInteger rem = (uint) r;

                return new[] {ret, rem};
        public BigInteger(BigInteger bi, uint len)
            _data = new uint[len];

            for (uint i = 0; i < bi._length; i++)
                _data[i] = bi._data[i];

            _length = bi._length;
            public static BigInteger DwordDiv(BigInteger n, uint d)
                var ret = new BigInteger(Sign.Positive, n._length);

                ulong r = 0;
                var i = n._length;

                while (i-- > 0)
                    r <<= 32;
                    r |= n._data[i];
                    ret._data[i] = (uint) (r/d);
                    r %= d;

                return ret;
 public Sign Compare(BigInteger bi)
     return Kernel.Compare(this, bi);
Beispiel #7
 public static byte[] Calculate(byte[] a, BigInteger.BigInteger b)
     return(Calculate(new BigInteger.BigInteger(a), b)); //UInt64ToBytes(Calculate(BytesToUInt64(a), b));
            public static BigInteger LeftShift(BigInteger bi, int n)
                if (n == 0) return new BigInteger(bi, bi._length + 1);

                var w = n >> 5;
                n &= ((1 << 5) - 1);

                var ret = new BigInteger(Sign.Positive, bi._length + 1 + (uint) w);

                uint i = 0, l = bi._length;
                if (n != 0)
                    uint carry = 0;
                    while (i < l)
                        var x = bi._data[i];
                        ret._data[i + w] = (x << n) | carry;
                        carry = x >> (32 - n);
                    ret._data[i + w] = carry;
                    while (i < l)
                        ret._data[i + w] = bi._data[i];

                return ret;
            public static BigInteger MultiplyByDword(BigInteger n, uint f)
                var ret = new BigInteger(Sign.Positive, n._length + 1);

                uint i = 0;
                ulong c = 0;

                    c += n._data[i]*(ulong) f;
                    ret._data[i] = (uint) c;
                    c >>= 32;
                } while (++i < n._length);
                ret._data[i] = (uint) c;
                return ret;
            /// <summary>
            ///     Compares two BigInteger
            /// </summary>
            /// <param name="bi1">A BigInteger</param>
            /// <param name="bi2">A BigInteger</param>
            /// <returns>The sign of bi1 - bi2</returns>
            public static Sign Compare(BigInteger bi1, BigInteger bi2)
                // Step 1. Compare the lengths
                uint l1 = bi1._length, l2 = bi2._length;

                while (l1 > 0 && bi1._data[l1 - 1] == 0) l1--;
                while (l2 > 0 && bi2._data[l2 - 1] == 0) l2--;

                if (l1 == 0 && l2 == 0) return Sign.Zero;

                // bi1 len < bi2 len
                if (l1 < l2) return Sign.Negative;
                    // bi1 len > bi2 len
                if (l1 > l2) return Sign.Positive;

                // Step 2. Compare the bits

                var pos = l1 - 1;

                while (pos != 0 && bi1._data[pos] == bi2._data[pos]) pos--;

                if (bi1._data[pos] < bi2._data[pos])
                    return Sign.Negative;
                if (bi1._data[pos] > bi2._data[pos])
                    return Sign.Positive;
                return Sign.Zero;
            /// <summary>
            ///     Adds two numbers with the same sign.
            /// </summary>
            /// <param name="bi1">A BigInteger</param>
            /// <param name="bi2">A BigInteger</param>
            /// <returns>bi1 + bi2</returns>
            public static BigInteger AddSameSign(BigInteger bi1, BigInteger bi2)
                uint[] x, y;
                uint yMax, xMax, i = 0;

                // x should be bigger
                if (bi1._length < bi2._length)
                    x = bi2._data;
                    xMax = bi2._length;
                    y = bi1._data;
                    yMax = bi1._length;
                    x = bi1._data;
                    xMax = bi1._length;
                    y = bi2._data;
                    yMax = bi2._length;

                var result = new BigInteger(Sign.Positive, xMax + 1);

                var r = result._data;

                ulong sum = 0;

                // Add common parts of both numbers
                    sum = x[i] + ((ulong) y[i]) + sum;
                    r[i] = (uint) sum;
                    sum >>= 32;
                } while (++i < yMax);

                // Copy remainder of longer number while carry propagation is required
                var carry = (sum != 0);

                if (carry)
                    if (i < xMax)
                            carry = ((r[i] = x[i] + 1) == 0); while (++i < xMax && carry);

                    if (carry)
                        r[i] = 1;
                        result._length = ++i;
                        return result;

                // Copy the rest
                if (i < xMax)
                        r[i] = x[i]; while (++i < xMax);

                return result;
            public BigInteger Pow(BigInteger a, BigInteger k)
                var b = new BigInteger(1);
                if (k == 0)
                    return b;

                var aCopy = a;
                if (k.TestBit(0))
                    b = a;

                var bitCount = k.BitCount();
                for (var i = 1; i < bitCount; i++)
                    aCopy = Multiply(aCopy, aCopy);
                    if (k.TestBit(i))
                        b = Multiply(aCopy, b);
                return b;
 public BigInteger Pow(uint b, BigInteger exp)
     return Pow(new BigInteger(b), exp);
            public BigInteger Difference(BigInteger a, BigInteger b)
                var cmp = Kernel.Compare(a, b);
                BigInteger diff;

                switch (cmp)
                    case Sign.Zero:
                        return 0;
                    case Sign.Positive:
                        diff = a - b;
                    case Sign.Negative:
                        diff = b - a;
                        throw new Exception();

                if (diff >= _mod)
                    if (diff._length >= _mod._length << 1)
                        diff %= _mod;
                if (cmp == Sign.Negative)
                    diff = _mod - diff;
                return diff;
            public BigInteger Multiply(BigInteger a, BigInteger b)
                if (a == 0 || b == 0) return 0;

                if (a > _mod)
                    a %= _mod;

                if (b > _mod)
                    b %= _mod;

                var ret = a*b;

                return ret;
        public string ToString(uint radix, string characterSet)
            if (characterSet.Length < radix)
                throw new ArgumentException("charSet length less than radix", "characterSet");
            if (radix == 1)
                throw new ArgumentException("There is no such thing as radix one notation", "radix");

            if (this == 0) return "0";
            if (this == 1) return "1";

            var result = "";

            var a = new BigInteger(this);

            while (a != 0)
                var rem = Kernel.SingleByteDivideInPlace(a, radix);
                result = characterSet[(int) rem] + result;

            return result;
            public static BigInteger[] MultiByteDivide(BigInteger bi1, BigInteger bi2)
                if (Compare(bi1, bi2) == Sign.Negative)
                    return new BigInteger[] {0, new BigInteger(bi1)};


                if (bi2._length == 1)
                    return DwordDivMod(bi1, bi2._data[0]);

                var remainderLen = bi1._length + 1;
                var divisorLen = (int) bi2._length + 1;

                var mask = 0x80000000;
                var val = bi2._data[bi2._length - 1];
                var shift = 0;
                var resultPos = (int) bi1._length - (int) bi2._length;

                while (mask != 0 && (val & mask) == 0)
                    mask >>= 1;

                var quot = new BigInteger(Sign.Positive, bi1._length - bi2._length + 1);
                var rem = (bi1 << shift);

                var remainder = rem._data;

                bi2 = bi2 << shift;

                var j = (int) (remainderLen - bi2._length);
                var pos = (int) remainderLen - 1;

                var firstDivisorByte = bi2._data[bi2._length - 1];
                ulong secondDivisorByte = bi2._data[bi2._length - 2];

                while (j > 0)
                    var dividend = ((ulong) remainder[pos] << 32) + remainder[pos - 1];

                    var qHat = dividend/firstDivisorByte;
                    var rHat = dividend%firstDivisorByte;

                        if (qHat == 0x100000000 ||
                            (qHat*secondDivisorByte) > ((rHat << 32) + remainder[pos - 2]))
                            rHat += firstDivisorByte;

                            if (rHat < 0x100000000)
                    } while (true);

                    // At this point, q_hat is either exact, or one too large
                    // (more likely to be exact) so, we attempt to multiply the
                    // divisor by q_hat, if we get a borrow, we just subtract
                    // one from q_hat and add the divisor back.

                    uint dPos = 0;
                    var nPos = pos - divisorLen + 1;
                    ulong mc = 0;
                    var uintQHat = (uint) qHat;
                        mc += bi2._data[dPos]*(ulong) uintQHat;
                        var t = remainder[nPos];
                        remainder[nPos] -= (uint) mc;
                        mc >>= 32;
                        if (remainder[nPos] > t) mc++;
                    } while (dPos < divisorLen);

                    nPos = pos - divisorLen + 1;
                    dPos = 0;

                    // Overestimate
                    if (mc != 0)
                        ulong sum = 0;

                            sum = remainder[nPos] + ((ulong) bi2._data[dPos]) + sum;
                            remainder[nPos] = (uint) sum;
                            sum >>= 32;
                        } while (dPos < divisorLen);

                    quot._data[resultPos--] = uintQHat;


                var ret = new[] {quot, rem};

                if (shift != 0)
                    ret[1] >>= shift;

                return ret;
            public static BigInteger Subtract(BigInteger big, BigInteger small)
                var result = new BigInteger(Sign.Positive, big._length);

                uint[] r = result._data, b = big._data, s = small._data;
                uint i = 0, c = 0;

                    var x = s[i];
                    if (((x += c) < c) | ((r[i] = b[i] - x) > ~x))
                        c = 1;
                        c = 0;
                } while (++i < small._length);

                if (i == big._length) goto fixup;

                if (c == 1)
                        r[i] = b[i] - 1; while (b[i++] == 0 && i < big._length);

                    if (i == big._length) goto fixup;

                    r[i] = b[i]; while (++i < big._length);


                return result;
 public BigInteger ModPow(BigInteger exp, BigInteger n)
     var mr = new ModulusRing(n);
     return mr.Pow(this, exp);
            public static BigInteger Gcd(BigInteger a, BigInteger b)
                var x = a;
                var y = b;

                var g = y;

                while (x._length > 1)
                    g = x;
                    x = y%x;
                    y = g;
                if (x == 0) return g;

                // TODO: should we have something here if we can convert to long?

                // Now we can just do it with single precision. I am using the binary gcd method,
                // as it should be faster.

                var yy = x._data[0];
                var xx = y%yy;

                var t = 0;

                while (((xx | yy) & 1) == 0)
                    xx >>= 1;
                    yy >>= 1;
                while (xx != 0)
                    while ((xx & 1) == 0) xx >>= 1;
                    while ((yy & 1) == 0) yy >>= 1;
                    if (xx >= yy)
                        xx = (xx - yy) >> 1;
                        yy = (yy - xx) >> 1;

                return yy << t;
            public static BigInteger RightShift(BigInteger bi, int n)
                if (n == 0) return new BigInteger(bi);

                var w = n >> 5;
                var s = n & ((1 << 5) - 1);

                var ret = new BigInteger(Sign.Positive, bi._length - (uint) w + 1);
                var l = (uint) ret._data.Length - 1;

                if (s != 0)
                    uint carry = 0;

                    while (l-- > 0)
                        var x = bi._data[l + w];
                        ret._data[l] = (x >> n) | carry;
                        carry = x << (32 - n);
                    while (l-- > 0)
                        ret._data[l] = bi._data[l + w];
                return ret;
            public static BigInteger ModInverse(BigInteger bi, BigInteger modulus)
                if (modulus._length == 1) return ModInverse(bi, modulus._data[0]);

                BigInteger[] p = {0, 1};
                var q = new BigInteger[2]; // quotients
                BigInteger[] r = {0, 0}; // remainders

                var step = 0;

                var a = modulus;
                var b = bi;

                var mr = new ModulusRing(modulus);

                while (b != 0)
                    if (step > 1)
                        var pval = mr.Difference(p[0], p[1]*q[0]);
                        p[0] = p[1];
                        p[1] = pval;

                    var divret = MultiByteDivide(a, b);

                    q[0] = q[1];
                    q[1] = divret[0];
                    r[0] = r[1];
                    r[1] = divret[1];
                    a = b;
                    b = divret[1];


                if (r[0] != 1)
                    throw (new ArithmeticException("No inverse!"));

                return mr.Difference(p[0], p[1]*q[0]);
            public static void MinusEq(BigInteger big, BigInteger small)
                uint[] b = big._data, s = small._data;
                uint i = 0, c = 0;

                    var x = s[i];
                    if (((x += c) < c) | ((b[i] -= x) > ~x))
                        c = 1;
                        c = 0;
                } while (++i < small._length);

                if (i == big._length) goto fixup;

                if (c == 1)
                        b[i]--; while (b[i++] == 0 && i < big._length);


                // Normalize length
                while (big._length > 0 && big._data[big._length - 1] == 0) big._length--;

                // Check for zero
                if (big._length == 0)
        public static BigInteger operator *(BigInteger bi1, BigInteger bi2)
            if (bi1 == 0 || bi2 == 0) return 0;

            // Validate pointers
            if (bi1._data.Length < bi1._length) throw new IndexOutOfRangeException("bi1 out of range");
            if (bi2._data.Length < bi2._length) throw new IndexOutOfRangeException("bi2 out of range");

            var ret = new BigInteger(Sign.Positive, bi1._length + bi2._length);

            Kernel.Multiply(bi1._data, 0, bi1._length, bi2._data, 0, bi2._length, ret._data, 0);

            return ret;
            public void BarrettReduction(BigInteger x)
                var n = _mod;
                uint k = n._length,
                    kPlusOne = k + 1,
                    kMinusOne = k - 1;

                // x < mod, so nothing to do.
                if (x._length < k) return;

                // Validate pointers
                if (x._data.Length < x._length) throw new IndexOutOfRangeException("x out of range");

                // q1 = x / b^ (k-1)
                // q2 = q1 * constant
                // q3 = q2 / b^ (k+1), Needs to be accessed with an offset of kPlusOne

                // TODO: We should the method in HAC p 604 to do this (14.45)
                var q3 = new BigInteger(Sign.Positive, x._length - kMinusOne + _constant._length);
                Kernel.Multiply(x._data, kMinusOne, x._length - kMinusOne, _constant._data, 0, _constant._length, q3._data, 0);

                // r1 = x mod b^ (k+1)
                // i.e. keep the lowest (k+1) words

                var lengthToCopy = (x._length > kPlusOne) ? kPlusOne : x._length;

                x._length = lengthToCopy;

                // r2 = (q3 * n) mod b^ (k+1)
                // partial multiplication of q3 and n

                var r2 = new BigInteger(Sign.Positive, kPlusOne);
                Kernel.MultiplyMod2P32Pmod(q3._data, (int) kPlusOne, (int) q3._length - (int) kPlusOne, n._data, 0,
                    (int) n._length, r2._data, 0, (int) kPlusOne);


                if (r2 <= x)
                    Kernel.MinusEq(x, r2);
                    var val = new BigInteger(Sign.Positive, kPlusOne + 1);
                    val._data[kPlusOne] = 0x00000001;

                    Kernel.MinusEq(val, r2);
                    Kernel.PlusEq(x, val);

                while (x >= n)
                    Kernel.MinusEq(x, n);
            public static void PlusEq(BigInteger bi1, BigInteger bi2)
                uint[] x, y;
                uint yMax, xMax, i = 0;
                var flag = false;

                // x should be bigger
                if (bi1._length < bi2._length)
                    flag = true;
                    x = bi2._data;
                    xMax = bi2._length;
                    y = bi1._data;
                    yMax = bi1._length;
                    x = bi1._data;
                    xMax = bi1._length;
                    y = bi2._data;
                    yMax = bi2._length;

                var r = bi1._data;

                ulong sum = 0;

                // Add common parts of both numbers
                    sum += x[i] + ((ulong) y[i]);
                    r[i] = (uint) sum;
                    sum >>= 32;
                } while (++i < yMax);

                // Copy remainder of longer number while carry propagation is required
                var carry = (sum != 0);

                if (carry)
                    if (i < xMax)
                            carry = ((r[i] = x[i] + 1) == 0); while (++i < xMax && carry);

                    if (carry)
                        r[i] = 1;
                        bi1._length = ++i;

                // Copy the rest
                if (flag && i < xMax - 1)
                        r[i] = x[i]; while (++i < xMax);

                bi1._length = xMax + 1;
Beispiel #27
 public static byte[] Calculate(BigInteger.BigInteger a, byte[] b)
     return(Calculate(a, new BigInteger.BigInteger(b))); //UInt64ToBytes(Calculate(a, BytesToUInt64(b)));
            /// <summary>
            ///     Performs n / d and n % d in one operation.
            /// </summary>
            /// <param name="n">A BigInteger, upon exit this will hold n / d</param>
            /// <param name="d">The divisor</param>
            /// <returns>n % d</returns>
            public static uint SingleByteDivideInPlace(BigInteger n, uint d)
                ulong r = 0;
                var i = n._length;

                while (i-- > 0)
                    r <<= 32;
                    r |= n._data[i];
                    n._data[i] = (uint) (r/d);
                    r %= d;

                return (uint) r;
            public static uint DwordMod(BigInteger n, uint d)
                ulong r = 0;
                var i = n._length;

                while (i-- > 0)
                    r <<= 32;
                    r |= n._data[i];
                    r %= d;

                return (uint) r;
 public BigInteger(BigInteger bi)
     _data = (uint[]) bi._data.Clone();
     _length = bi._length;