private void miIntegerManyFactors_Click(object sender, RoutedEventArgs e)
{
PrimesBigInteger value = null;
try
{
if (sender == miPrime)
{
value = new PrimesBigInteger(MaxValue.RandomPrimeLimit());
}
else if (sender == miBigInteger)
{
value = new PrimesBigInteger(MaxValue.RandomIntLimit());
}
else if (sender == miIntegerManyFactors)
{
int bits = Math.Max(MaxValue.BitCount() / 16, 8);
BigInteger p = MaxValue.Sqrt().RandomIntLimit();
for (int i = 0; i < 16; i++)
{
BigInteger pp = p * BigIntegerHelper.RandomPrimeBits(bits);
if (pp < MaxValue)
{
p = pp;
}
}
value = new PrimesBigInteger(p);
}
else if (sender == miTowBigFactors)
{
BigInteger a = MaxValue.Sqrt().RandomPrimeLimit();
BigInteger b = (MaxValue / a).RandomPrimeLimit();
value = new PrimesBigInteger(a * b);
}
}
catch
{
return;
}
if (value != null)
{
FireOnRandomNumberGenerated(value);
}
}
// not used, public/private keys are input variables for this plugin
private void generateKeys()
{
BigInteger twoPowModulusBits, n_plus1;
p = BigIntegerHelper.RandomPrimeBits(keyBitLength - (keyBitLength / 2));
q = BigIntegerHelper.RandomPrimeBits(keyBitLength / 2);
n = p * q;
// Just complete PK: n^2
n_plus1 = n + 1;
n_square = n * n;
// compute lambda
p_minus1 = p - 1;
q_minus1 = q - 1;
lambda = BigIntegerHelper.LCM(p_minus1, q_minus1);
// Compute n^(-1)
twoPowModulusBits = 1 << keyBitLength;
n_inv = BigIntegerHelper.ModInverse(n, twoPowModulusBits);
// Store the L(lambda)-part for decryption
decDiv = BigInteger.ModPow(n + 1, lambda, n_square);
decDiv = BigIntegerHelper.ModInverse(L(decDiv), n);
p_square = p * p;
q_square = q * q;
hp = BigIntegerHelper.ModInverse((BigInteger.ModPow(n + 1, p_minus1, p_square) - 1) / p, p);
hq = BigIntegerHelper.ModInverse((BigInteger.ModPow(n + 1, q_minus1, q_square) - 1) / q, q);
// for CRT
BigInteger s, t;
BigIntegerHelper.ExtEuclid(p, q, out s, out t);
ep = s * p;
eq = t * q;
// CRT Encryption:
BigIntegerHelper.ExtEuclid(p_square, q_square, out s, out t);
ep2 = s * p_square;
eq2 = t * q_square;
}
private void generateKeys(int k, int t, int l, BigInteger ownu)
{
if (l < 8 || l > 16)
{
throw new Exception("Choose parameter l from the interval 8<=l<=16 !");
}
if (t <= l)
{
throw new Exception("Parameter t must be greater than l.");
}
if (k <= t)
{
throw new Exception("Parameter k must be greater than t.");
}
if (k % 2 != 0)
{
throw new Exception("Parameter k has to be an even number!");
}
//if ((k / 2 < (l + 5)) || (k / 2 < t + 2))
// throw new Exception("Parameter k has to be specified by the rules k/2 > l+4 and k/2 > t+1!");
if (k / 2 < l + t + 10)
{
throw new Exception("Choose parameters k,l,t so that k/2 >= l+t+10 !");
}
// generate u the minimal prime number greater than l+2
//Workaround, TODO:
//u = (l == 0) ? ownu : BigIntegerHelper.NextProbablePrime(l + l + 2);
u = BigIntegerHelper.NextProbablePrime((1 << l) + 2);
// generate vp, vq as a random t bit prime number
vp = BigIntegerHelper.RandomPrimeBits(t);
vq = BigIntegerHelper.RandomPrimeBits(t);
// store the product vp*vq
vpvq = vp * vq;
// DGK style to generate p and q from u and v:
// p is chosen as rp * u * vp + 1 where r_p is randomly chosen such that p has roughly k/2 bits
BigInteger rp, rq, tmp;
int needed_bits;
tmp = u * vp;
needed_bits = k / 2 - (int)Math.Ceiling(BigInteger.Log(tmp, 2));
//int needed_bits = k / 2 - mpz_sizeinbase(tmp1, 2);
do
{
rp = BigIntegerHelper.RandomIntMSBSet(needed_bits - 1) * 2;
p = rp * tmp + 1;
} while (!BigIntegerHelper.IsProbablePrime(p));
// q is chosen as rq * u*vq + 1 where rq is randomly chosen such that q has roughly k/2 bits
tmp = u * vq;
needed_bits = k / 2 - (int)Math.Ceiling(BigInteger.Log(tmp, 2));
do
{
rq = BigIntegerHelper.RandomIntMSBSet(needed_bits - 1) * 2;
q = rq * tmp + 1;
} while (!BigIntegerHelper.IsProbablePrime(q));
// RSA modulus n
N = p * q;
/*
* h must be random in Zn* and have order vp*vq. We
* choose it by setting
*
* h = h' ^{rp * rq * u}.
*
* Seeing h as (hp, hq) and h' as (h'p, h'q) in Zp* x Zq*, we
* then have
*
* (hp^vpvq, hq^vpvq) = (h'p^{rp*u*vp}^(rq*vq), h'q^{rq*u*vq}^(rp*vp))
* = (1^(rq*vq), 1^(rp*vp)) = (1, 1)
*
* which means that h^(vpvq) = 1 in Zn*.
*
* So we only need to check that h is not 1 and that it really
* is in Zn*.
*/
BigInteger r;
tmp = rp * rq * u;
while (true)
{
r = BigIntegerHelper.RandomIntLimit(n);
h = BigInteger.ModPow(r, tmp, n);
if (h == 1)
{
continue;
}
if (BigInteger.GreatestCommonDivisor(h, n) == 1)
{
break;
}
}
/*
* g is chosen at random in Zn* such that it has order uv. This
* is done in much the same way as for h, but the order of
* power of the random number might be u, v or uv. We therefore
* also check that g^u and g^v are different from 1.
*/
BigInteger rprq = rp * rq;
while (true)
{
r = BigIntegerHelper.RandomIntLimit(n);
g = BigInteger.ModPow(r, rprq, n);
// test if g is "good":
if (g == 1)
{
continue;
}
if (BigInteger.GreatestCommonDivisor(g, n) != 1)
{
continue;
}
if (BigInteger.ModPow(g, u, n) == 1)
{
continue; // test if ord(g) == u
}
if (BigInteger.ModPow(g, vp, n) == 1)
{
continue; // test if ord(g) == vp
}
if (BigInteger.ModPow(g, vq, n) == 1)
{
continue; // test if ord(g) == vq
}
if (BigInteger.ModPow(g, u * vp, n) == 1)
{
continue; // test if ord(g) == u*vp
}
if (BigInteger.ModPow(g, u * vq, n) == 1)
{
continue; // test if ord(g) == u*vq
}
if (BigInteger.ModPow(g, vpvq, n) == 1)
{
continue; // test if ord(g) == vp*vq
}
break; // g has passed all tests
}
}
