// initializes the private variables (throws CryptographicException) private void Initialize(BigInteger p, BigInteger g, BigInteger x, int secretLen, bool checkInput) { if (!p.isProbablePrime() || g <= 0 || g >= p || (x != null && (x <= 0 || x > p - 2))) throw new CryptographicException(); // default is to generate a number as large as the prime this // is usually overkill, but it's the most secure thing we can // do if the user doesn't specify a desired secret length ... if (secretLen == 0) secretLen = p.bitCount(); m_P = p; m_G = g; if (x == null) { BigInteger pm1 = m_P - 1; for(m_X = BigInteger.genRandom(secretLen); m_X >= pm1 || m_X == 0; m_X = BigInteger.genRandom(secretLen)) {} } else { m_X = x; } }
public BigInteger EvenPow(BigInteger b, BigInteger exp) { BigInteger resultNum = new BigInteger((BigInteger)1, mod.length << 1); BigInteger tempNum = new BigInteger(b % mod, mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k) uint totalBits = (uint)exp.bitCount(); uint[] wkspace = new uint[mod.length << 1]; // perform squaring and multiply exponentiation for (uint pos = 0; pos < totalBits; pos++) { if (exp.testBit(pos)) { Array.Clear(wkspace, 0, wkspace.Length); Kernel.Multiply(resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0); resultNum.length += tempNum.length; uint[] t = wkspace; wkspace = resultNum.data; resultNum.data = t; BarrettReduction(resultNum); } Kernel.SquarePositive(tempNum, ref wkspace); BarrettReduction(tempNum); if (tempNum == 1) { return resultNum; } } return resultNum; }
private unsafe BigInteger OddModTwoPow(BigInteger exp) { uint[] wkspace = new uint[mod.length << 1 + 1]; BigInteger resultNum = Montgomery.ToMont((BigInteger)2, this.mod); resultNum = new BigInteger(resultNum, mod.length << 1 + 1); uint mPrime = Montgomery.Inverse(mod.data[0]); // // TODO: eat small bits, the ones we can do with no modular reduction // uint pos = (uint)exp.bitCount() - 2; do { Kernel.SquarePositive(resultNum, ref wkspace); resultNum = Montgomery.Reduce(resultNum, mod, mPrime); if (exp.testBit(pos)) { // // resultNum = (resultNum * 2) % mod // fixed (uint* u = resultNum.data) { // // Double // uint* uu = u; uint* uuE = u + resultNum.length; uint x, carry = 0; while (uu < uuE) { x = *uu; *uu = (x << 1) | carry; carry = x >> (32 - 1); uu++; } // subtraction inlined because we know it is square if (carry != 0 || resultNum >= mod) { fixed (uint* s = mod.data) { uu = u; uint c = 0; uint* ss = s; do { uint a = *ss++; if (((a += c) < c) | ((*(uu++) -= a) > ~a)) c = 1; else c = 0; } while (uu < uuE); } } } } } while (pos-- > 0); resultNum = Montgomery.Reduce(resultNum, mod, mPrime); return resultNum; }
private unsafe BigInteger EvenPow(uint b, BigInteger exp) { exp.Normalize(); uint[] wkspace = new uint[mod.length << 1 + 1]; BigInteger resultNum = new BigInteger((BigInteger)b, mod.length << 1 + 1); uint pos = (uint)exp.bitCount() - 2; // // We know that the first itr will make the val b // do { // // r = r ^ 2 % m // Kernel.SquarePositive(resultNum, ref wkspace); if (!(resultNum.length < mod.length)) BarrettReduction(resultNum); if (exp.testBit(pos)) { // // r = r * b % m // // TODO: Is Unsafe really speeding things up? fixed (uint* u = resultNum.data) { uint i = 0; ulong mc = 0; do { mc += (ulong)u[i] * (ulong)b; u[i] = (uint)mc; mc >>= 32; } while (++i < resultNum.length); if (resultNum.length < mod.length) { if (mc != 0) { u[i] = (uint)mc; resultNum.length++; while (resultNum >= mod) Kernel.MinusEq(resultNum, mod); } } else if (mc != 0) { // // First, we estimate the quotient by dividing // the first part of each of the numbers. Then // we correct this, if necessary, with a subtraction. // uint cc = (uint)mc; // We would rather have this estimate overshoot, // so we add one to the divisor uint divEstimate = (uint)((((ulong)cc << 32) | (ulong)u[i - 1]) / (mod.data[mod.length - 1] + 1)); uint t; i = 0; mc = 0; do { mc += (ulong)mod.data[i] * (ulong)divEstimate; t = u[i]; u[i] -= (uint)mc; mc >>= 32; if (u[i] > t) mc++; i++; } while (i < resultNum.length); cc -= (uint)mc; if (cc != 0) { uint sc = 0, j = 0; uint[] s = mod.data; do { uint a = s[j]; if (((a += sc) < sc) | ((u[j] -= a) > ~a)) sc = 1; else sc = 0; j++; } while (j < resultNum.length); cc -= sc; } while (resultNum >= mod) Kernel.MinusEq(resultNum, mod); } else { while (resultNum >= mod) Kernel.MinusEq(resultNum, mod); } } } } while (pos-- > 0); return resultNum; }
private BigInteger OddPow(BigInteger b, BigInteger exp) { BigInteger resultNum = new BigInteger(Montgomery.ToMont(1, mod), mod.length << 1); BigInteger tempNum = new BigInteger(Montgomery.ToMont(b, mod), mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k) uint mPrime = Montgomery.Inverse(mod.data[0]); uint totalBits = (uint)exp.bitCount(); uint[] wkspace = new uint[mod.length << 1]; // perform squaring and multiply exponentiation for (uint pos = 0; pos < totalBits; pos++) { if (exp.testBit(pos)) { Array.Clear(wkspace, 0, wkspace.Length); Kernel.Multiply(resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0); resultNum.length += tempNum.length; uint[] t = wkspace; wkspace = resultNum.data; resultNum.data = t; Montgomery.Reduce(resultNum, mod, mPrime); } Kernel.SquarePositive(tempNum, ref wkspace); Montgomery.Reduce(tempNum, mod, mPrime); } Montgomery.Reduce(resultNum, mod, mPrime); return resultNum; }
private void Initialize(BigInteger p, BigInteger g, BigInteger x) { if (!p.isProbablePrime() || g <= 0 || g >= p) throw new CryptographicException("Inputs p or g are not as expected. P probably isn't a prime or G is less than zero or more than P."); if(x != null) { _x = x; } else { var pMinus1 = p - 1; var secretLen = p.bitCount(); for (_x = BigInteger.genRandom(secretLen); _x >= pMinus1 || _x == 0; _x = BigInteger.genRandom(secretLen)) { } } _p = p; _g = g; }