private unsafe BigInteger OddModTwoPow (BigInteger exp)
{
uint [] wkspace = new uint [mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont ((BigInteger)2, this.mod);
resultNum = new BigInteger (resultNum, mod.length << 1 +1);
uint mPrime = Montgomery.Inverse (mod.data [0]);
//
// TODO: eat small bits, the ones we can do with no modular reduction
//
uint pos = (uint)exp.BitCount () - 2;
do {
Kernel.SquarePositive (resultNum, ref wkspace);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
if (exp.TestBit (pos)) {
//
// resultNum = (resultNum * 2) % mod
//
fixed (uint* u = resultNum.data) {
//
// Double
//
uint* uu = u;
uint* uuE = u + resultNum.length;
uint x, carry = 0;
while (uu < uuE) {
x = *uu;
*uu = (x << 1) | carry;
carry = x >> (32 - 1);
uu++;
}
// subtraction inlined because we know it is square
if (carry != 0 || resultNum >= mod) {
fixed (uint* s = mod.data) {
uu = u;
uint c = 0;
uint* ss = s;
do {
uint a = *ss++;
if (((a += c) < c) | ((* (uu++) -= a) > ~a))
c = 1;
else
c = 0;
} while (uu < uuE);
}
}
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
private BigInteger OddPow (BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger (Montgomery.ToMont (1, mod), mod.length << 1);
BigInteger tempNum = new BigInteger (Montgomery.ToMont (b, mod), mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint mPrime = Montgomery.Inverse (mod.data [0]);
uint totalBits = (uint)exp.BitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.TestBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
Montgomery.Reduce (resultNum, mod, mPrime);
}
// the value of tempNum is required in the last loop
if (pos < totalBits - 1) {
Kernel.SquarePositive (tempNum, ref wkspace);
Montgomery.Reduce (tempNum, mod, mPrime);
}
}
Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
private unsafe BigInteger EvenPow (uint b, BigInteger exp)
{
exp.Normalize ();
uint [] wkspace = new uint [mod.length << 1 + 1];
BigInteger resultNum = new BigInteger ((BigInteger)b, mod.length << 1 + 1);
uint pos = (uint)exp.BitCount () - 2;
//
// We know that the first itr will make the val b
//
do {
//
// r = r ^ 2 % m
//
Kernel.SquarePositive (resultNum, ref wkspace);
if (!(resultNum.length < mod.length))
BarrettReduction (resultNum);
if (exp.TestBit (pos)) {
//
// r = r * b % m
//
// TODO: Is Unsafe really speeding things up?
fixed (uint* u = resultNum.data) {
uint i = 0;
ulong mc = 0;
do {
mc += (ulong)u [i] * (ulong)b;
u [i] = (uint)mc;
mc >>= 32;
} while (++i < resultNum.length);
if (resultNum.length < mod.length) {
if (mc != 0) {
u [i] = (uint)mc;
resultNum.length++;
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
}
} else if (mc != 0) {
//
// First, we estimate the quotient by dividing
// the first part of each of the numbers. Then
// we correct this, if necessary, with a subtraction.
//
uint cc = (uint)mc;
// We would rather have this estimate overshoot,
// so we add one to the divisor
uint divEstimate = (uint) ((((ulong)cc << 32) | (ulong) u [i -1]) /
(mod.data [mod.length-1] + 1));
uint t;
i = 0;
mc = 0;
do {
mc += (ulong)mod.data [i] * (ulong)divEstimate;
t = u [i];
u [i] -= (uint)mc;
mc >>= 32;
if (u [i] > t) mc++;
i++;
} while (i < resultNum.length);
cc -= (uint)mc;
if (cc != 0) {
uint sc = 0, j = 0;
uint [] s = mod.data;
do {
uint a = s [j];
if (((a += sc) < sc) | ((u [j] -= a) > ~a)) sc = 1;
else sc = 0;
j++;
} while (j < resultNum.length);
cc -= sc;
}
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
} else {
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
}
}
}
} while (pos-- > 0);
return resultNum;
}
public BigInteger Pow (BigInteger a, BigInteger k)
{
BigInteger b = new BigInteger (1);
if (k == 0)
return b;
BigInteger A = a;
if (k.TestBit (0))
b = a;
for (int i = 1; i < k.BitCount (); i++) {
A = Multiply (A, A);
if (k.TestBit (i))
b = Multiply (A, b);
}
return b;
}
public BigInteger EvenPow (BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger ((BigInteger)1, mod.length << 1);
BigInteger tempNum = new BigInteger (b % mod, mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint totalBits = (uint)exp.BitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.TestBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
BarrettReduction (resultNum);
}
Kernel.SquarePositive (tempNum, ref wkspace);
BarrettReduction (tempNum);
if (tempNum == 1) {
return resultNum;
}
}
return resultNum;
}
private void GenerateParams (int keyLength)
{
byte[] seed = new byte[20];
byte[] part1 = new byte[20];
byte[] part2 = new byte[20];
byte[] u = new byte[20];
// TODO: a prime generator should be made for this
SHA1 sha = SHA1.Create ();
int n = (keyLength - 1) / 160;
byte[] w = new byte [keyLength / 8];
bool primesFound = false;
while (!primesFound) {
do {
Random.GetBytes (seed);
part1 = sha.ComputeHash (seed);
Array.Copy(seed, 0, part2, 0, seed.Length);
add (part2, seed, 1);
part2 = sha.ComputeHash (part2);
for (int i = 0; i != u.Length; i++)
u [i] = (byte)(part1 [i] ^ part2 [i]);
// first bit must be set (to respect key length)
u[0] |= (byte)0x80;
// last bit must be set (prime are all odds - except 2)
u[19] |= (byte)0x01;
q = new BigInteger (u);
}
while (!q.IsProbablePrime ());
counter = 0;
int offset = 2;
while (counter < 4096) {
for (int k = 0; k < n; k++) {
add(part1, seed, offset + k);
part1 = sha.ComputeHash (part1);
Array.Copy (part1, 0, w, w.Length - (k + 1) * part1.Length, part1.Length);
}
add(part1, seed, offset + n);
part1 = sha.ComputeHash (part1);
Array.Copy (part1, part1.Length - ((w.Length - (n) * part1.Length)), w, 0, w.Length - n * part1.Length);
w[0] |= (byte)0x80;
BigInteger x = new BigInteger (w);
BigInteger c = x % (q * 2);
p = x - (c - 1);
if (p.TestBit ((uint)(keyLength - 1))) {
if (p.IsProbablePrime ()) {
primesFound = true;
break;
}
}
counter += 1;
offset += n + 1;
}
}
// calculate the generator g
BigInteger pMinusOneOverQ = (p - 1) / q;
for (;;) {
BigInteger h = BigInteger.GenerateRandom (keyLength);
if ((h <= 1) || (h >= (p - 1)))
continue;
g = h.ModPow (pMinusOneOverQ, p);
if (g <= 1)
continue;
break;
}
this.seed = new BigInteger (seed);
j = (p - 1) / q;
}
protected override bool IsPrimeAcceptable (BigInteger bi, object Context)
{
return bi.TestBit (1);
}
public BigInteger Pow (BigInteger a, BigInteger k)
{
#if false
BigInteger b = new BigInteger (1);
if (k == 0)
return b;
BigInteger A = a;
if (k.TestBit (0))
b = a;
for (int i = 1; i < k.BitCount (); i++) {
A = Multiply (A, A);
if (k.TestBit (i))
b = Multiply (A, b);
}
return b;
#endif
var result = System.Numerics.BigInteger.ModPow(
EncodeBigInteger(a),
EncodeBigInteger(k),
EncodeBigInteger(mod)
);
return DecodeBigInteger(result);
}
private BigInteger OddPow(uint b, BigInteger exp)
{
exp.Normalize();
uint[] wkspace = new uint[mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont((BigInteger)b, this.mod);
resultNum = new BigInteger(resultNum, mod.length << 1 + 1);
uint mPrime = Montgomery.Inverse(mod.data[0]);
int bc = exp.BitCount () - 2;
uint pos = (bc > 1 ? (uint) bc : 1);
//
// We know that the first itr will make the val b
//
do
{
//
// r = r ^ 2 % m
//
Kernel.SquarePositive(resultNum, ref wkspace);
resultNum = Montgomery.Reduce(resultNum, mod, mPrime);
if (exp.TestBit(pos))
{
//
// r = r * b % m
//
uint u = 0;
uint i = 0;
ulong mc = 0;
do
{
mc += (ulong)resultNum.data[u + i] * (ulong)b;
resultNum.data[u + i] = (uint)mc;
mc >>= 32;
} while (++i < resultNum.length);
if (resultNum.length < mod.length)
{
if (mc != 0)
{
resultNum.data[u + i] = (uint)mc;
resultNum.length++;
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
}
else if (mc != 0)
{
//
// First, we estimate the quotient by dividing
// the first part of each of the numbers. Then
// we correct this, if necessary, with a subtraction.
//
uint cc = (uint)mc;
// We would rather have this estimate overshoot,
// so we add one to the divisor
uint divEstimate;
if (mod.data [mod.length - 1] < UInt32.MaxValue) {
divEstimate = (uint) ((((ulong)cc << 32) | (ulong)resultNum.data[u + i - 1]) /
(mod.data [mod.length-1] + 1));
}
else {
// guess but don't divide by 0
divEstimate = (uint) ((((ulong)cc << 32) | (ulong)resultNum.data[i - 1]) /
(mod.data [mod.length-1]));
}
uint t;
i = 0;
mc = 0;
do
{
mc += (ulong)mod.data[i] * (ulong)divEstimate;
t = resultNum.data[u + i];
resultNum.data[u + i] -= (uint)mc;
mc >>= 32;
if (resultNum.data[u + i] > t)
mc++;
i++;
} while (i < resultNum.length);
cc -= (uint)mc;
if (cc != 0)
{
uint sc = 0, j = 0;
uint[] s = mod.data;
do
{
uint a = s[j];
if (((a += sc) < sc) | ((resultNum.data[u + j] -= a) > ~a))
sc = 1;
else
sc = 0;
j++;
} while (j < resultNum.length);
cc -= sc;
}
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
else
{
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce(resultNum, mod, mPrime);
return resultNum;
}
public BigInteger Pow(BigInteger a, BigInteger k)
{
var b = new BigInteger(1);
if (k == 0)
return b;
var A = a;
if (k.TestBit(0))
b = a;
var bitCount = k.BitCount();
for (var i = 1; i < bitCount; i++)
{
A = Multiply(A, A);
if (k.TestBit(i))
b = Multiply(A, b);
}
return b;
}
