private static BigInteger Pow2ModPow(BigInteger X, BigInteger Y, int N)
{
// PRE: (base > 0), (exponent > 0) and (j > 0)
BigInteger res = BigInteger.One;
BigInteger e = Y.Copy();
BigInteger baseMod2toN = X.Copy();
BigInteger res2;
// If 'base' is odd then it's coprime with 2^j and phi(2^j) = 2^(j-1);
// so we can reduce reduce the exponent (mod 2^(j-1)).
if (X.TestBit(0))
{
InplaceModPow2(e, N - 1);
}
InplaceModPow2(baseMod2toN, N);
for (int i = e.BitLength - 1; i >= 0; i--)
{
res2 = res.Copy();
InplaceModPow2(res2, N);
res = res.Multiply(res2);
if (BitLevel.TestBit(e, i))
{
res = res.Multiply(baseMod2toN);
InplaceModPow2(res, N);
}
}
InplaceModPow2(res, N);
return(res);
}
/**
* It uses the sieve of Eratosthenes to discard several composite numbers in
* some appropriate range (at the moment {@code [this, this + 1024]}). After
* this process it applies the Miller-Rabin test to the numbers that were
* not discarded in the sieve.
*
* @see BigInteger#nextProbablePrime()
* @see #millerRabin(BigInteger, int)
*/
public static BigInteger NextProbablePrime(BigInteger n)
{
// PRE: n >= 0
int i, j;
int certainty;
int gapSize = 1024; // for searching of the next probable prime number
int[] modules = new int[primes.Length];
bool[] isDivisible = new bool[gapSize];
BigInteger startPoint;
BigInteger probPrime;
// If n < "last prime of table" searches next prime in the table
if ((n.numberLength == 1) && (n.Digits[0] >= 0)
&& (n.Digits[0] < primes[primes.Length - 1])) {
for (i = 0; n.Digits[0] >= primes[i]; i++) {
;
}
return BIprimes[i];
}
/*
* Creates a "N" enough big to hold the next probable prime Note that: N <
* "next prime" < 2*N
*/
startPoint = new BigInteger(1, n.numberLength,
new int[n.numberLength + 1]);
Array.Copy(n.Digits, 0, startPoint.Digits, 0, n.numberLength);
// To fix N to the "next odd number"
if (n.TestBit(0)) {
Elementary.inplaceAdd(startPoint, 2);
} else {
startPoint.Digits[0] |= 1;
}
// To set the improved certainly of Miller-Rabin
j = startPoint.BitLength;
for (certainty = 2; j < BITS[certainty]; certainty++) {
;
}
// To calculate modules: N mod p1, N mod p2, ... for first primes.
for (i = 0; i < primes.Length; i++) {
modules[i] = Division.Remainder(startPoint, primes[i]) - gapSize;
}
while (true) {
// At this point, all numbers in the gap are initialized as
// probably primes
// Arrays.fill(isDivisible, false);
for (int k = 0; k < isDivisible.Length; k++)
isDivisible[k] = false;
// To discard multiples of first primes
for (i = 0; i < primes.Length; i++) {
modules[i] = (modules[i] + gapSize) % primes[i];
j = (modules[i] == 0) ? 0 : (primes[i] - modules[i]);
for (; j < gapSize; j += primes[i]) {
isDivisible[j] = true;
}
}
// To execute Miller-Rabin for non-divisible numbers by all first
// primes
for (j = 0; j < gapSize; j++) {
if (!isDivisible[j]) {
probPrime = startPoint.Copy();
Elementary.inplaceAdd(probPrime, j);
if (MillerRabin(probPrime, certainty)) {
return probPrime;
}
}
}
Elementary.inplaceAdd(startPoint, gapSize);
}
}
/// <summary>
/// It uses the sieve of Eratosthenes to discard several composite numbers in
/// some appropriate range (at the moment [this, this + 1024]).
/// <para>After this process it applies the Miller-Rabin test to the numbers that were not discarded in the sieve.</para>
/// </summary>
internal static BigInteger NextProbablePrime(BigInteger X)
{
// PRE: n >= 0
int i, j;
int certainty;
int gapSize = 1024; // for searching of the next probable prime number
int[] modules = new int[m_primes.Length];
bool[] isDivisible = new bool[gapSize];
BigInteger startPoint;
BigInteger probPrime;
// If n < "last prime of table" searches next prime in the table
if ((X.m_numberLength == 1) && (X.m_digits[0] >= 0) && (X.m_digits[0] < m_primes[m_primes.Length - 1]))
{
for (i = 0; X.m_digits[0] >= m_primes[i]; i++)
{
;
}
return(m_biPrimes[i]);
}
// Creates a "N" enough big to hold the next probable prime Note that: N < "next prime" < 2*N
startPoint = new BigInteger(1, X.m_numberLength, new int[X.m_numberLength + 1]);
Array.Copy(X.m_digits, 0, startPoint.m_digits, 0, X.m_numberLength);
// To fix N to the "next odd number"
if (X.TestBit(0))
{
Elementary.InplaceAdd(startPoint, 2);
}
else
{
startPoint.m_digits[0] |= 1;
}
// To set the improved certainly of Miller-Rabin
j = startPoint.BitLength;
for (certainty = 2; j < BITS[certainty]; certainty++)
{
;
}
// To calculate modules: N mod p1, N mod p2, ... for first primes.
for (i = 0; i < m_primes.Length; i++)
{
modules[i] = Division.Remainder(startPoint, m_primes[i]) - gapSize;
}
while (true)
{
// At this point, all numbers in the gap are initialized as probably primes
for (int k = 0; k < isDivisible.Length; k++)
{
isDivisible[k] = false;
}
// To discard multiples of first primes
for (i = 0; i < m_primes.Length; i++)
{
modules[i] = (modules[i] + gapSize) % m_primes[i];
j = (modules[i] == 0) ? 0 : (m_primes[i] - modules[i]);
for (; j < gapSize; j += m_primes[i])
{
isDivisible[j] = true;
}
}
// To execute Miller-Rabin for non-divisible numbers by all first
// primes
for (j = 0; j < gapSize; j++)
{
if (!isDivisible[j])
{
probPrime = startPoint.Copy();
Elementary.InplaceAdd(probPrime, j);
if (MillerRabin(probPrime, certainty))
{
return(probPrime);
}
}
}
Elementary.InplaceAdd(startPoint, gapSize);
}
}
/// <summary>
/// Calculates x.modInverse(p) Based on: Savas, E; Koc, C "The Montgomery Modular Inverse - Revised"
/// </summary>
///
/// <param name="X">BigInteger X</param>
/// <param name="P">BigInteger P</param>
///
/// <returns>Returns <c>1/X Mod M</c></returns>
internal static BigInteger ModInverseMontgomery(BigInteger X, BigInteger P)
{
// ZERO hasn't inverse
if (X._sign == 0)
{
throw new ArithmeticException("BigInteger not invertible!");
}
// montgomery inverse require even modulo
if (!P.TestBit(0))
{
return(ModInverseLorencz(X, P));
}
int m = P._numberLength * 32;
// PRE: a \in [1, p - 1]
BigInteger u, v, r, s;
u = P.Copy(); // make copy to use inplace method
v = X.Copy();
int max = System.Math.Max(v._numberLength, u._numberLength);
r = new BigInteger(1, 1, new int[max + 1]);
s = new BigInteger(1, 1, new int[max + 1]);
s._digits[0] = 1;
int k = 0;
int lsbu = u.LowestSetBit;
int lsbv = v.LowestSetBit;
int toShift;
if (lsbu > lsbv)
{
BitLevel.InplaceShiftRight(u, lsbu);
BitLevel.InplaceShiftRight(v, lsbv);
BitLevel.InplaceShiftLeft(r, lsbv);
k += lsbu - lsbv;
}
else
{
BitLevel.InplaceShiftRight(u, lsbu);
BitLevel.InplaceShiftRight(v, lsbv);
BitLevel.InplaceShiftLeft(s, lsbu);
k += lsbv - lsbu;
}
r._sign = 1;
while (v.Signum() > 0)
{
// INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0))
while (u.CompareTo(v) > BigInteger.EQUALS)
{
Elementary.InplaceSubtract(u, v);
toShift = u.LowestSetBit;
BitLevel.InplaceShiftRight(u, toShift);
Elementary.InplaceAdd(r, s);
BitLevel.InplaceShiftLeft(s, toShift);
k += toShift;
}
while (u.CompareTo(v) <= BigInteger.EQUALS)
{
Elementary.InplaceSubtract(v, u);
if (v.Signum() == 0)
{
break;
}
toShift = v.LowestSetBit;
BitLevel.InplaceShiftRight(v, toShift);
Elementary.InplaceAdd(s, r);
BitLevel.InplaceShiftLeft(r, toShift);
k += toShift;
}
}
// in u is stored the gcd
if (!u.IsOne())
{
throw new ArithmeticException("BigInteger not invertible.");
}
if (r.CompareTo(P) >= BigInteger.EQUALS)
{
Elementary.InplaceSubtract(r, P);
}
r = P.Subtract(r);
// Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module)
int n1 = CalcN(P);
if (k > m)
{
r = MonPro(r, BigInteger.One, P, n1);
k = k - m;
}
r = MonPro(r, BigInteger.GetPowerOfTwo(m - k), P, n1);
return(r);
}
private static BigInteger Pow2ModPow(BigInteger X, BigInteger Y, int N)
{
// PRE: (base > 0), (exponent > 0) and (j > 0)
BigInteger res = BigInteger.One;
BigInteger e = Y.Copy();
BigInteger baseMod2toN = X.Copy();
BigInteger res2;
// If 'base' is odd then it's coprime with 2^j and phi(2^j) = 2^(j-1);
// so we can reduce reduce the exponent (mod 2^(j-1)).
if (X.TestBit(0))
InplaceModPow2(e, N - 1);
InplaceModPow2(baseMod2toN, N);
for (int i = e.BitLength - 1; i >= 0; i--)
{
res2 = res.Copy();
InplaceModPow2(res2, N);
res = res.Multiply(res2);
if (BitLevel.TestBit(e, i))
{
res = res.Multiply(baseMod2toN);
InplaceModPow2(res, N);
}
}
InplaceModPow2(res, N);
return res;
}
/// <summary>
/// Calculates x.modInverse(p) Based on: Savas, E; Koc, C "The Montgomery Modular Inverse - Revised"
/// </summary>
///
/// <param name="X">BigInteger X</param>
/// <param name="P">BigInteger P</param>
///
/// <returns>Returns <c>1/X Mod M</c></returns>
internal static BigInteger ModInverseMontgomery(BigInteger X, BigInteger P)
{
// ZERO hasn't inverse
if (X._sign == 0)
throw new ArithmeticException("BigInteger not invertible!");
// montgomery inverse require even modulo
if (!P.TestBit(0))
return ModInverseLorencz(X, P);
int m = P._numberLength * 32;
// PRE: a \in [1, p - 1]
BigInteger u, v, r, s;
u = P.Copy(); // make copy to use inplace method
v = X.Copy();
int max = System.Math.Max(v._numberLength, u._numberLength);
r = new BigInteger(1, 1, new int[max + 1]);
s = new BigInteger(1, 1, new int[max + 1]);
s._digits[0] = 1;
int k = 0;
int lsbu = u.LowestSetBit;
int lsbv = v.LowestSetBit;
int toShift;
if (lsbu > lsbv)
{
BitLevel.InplaceShiftRight(u, lsbu);
BitLevel.InplaceShiftRight(v, lsbv);
BitLevel.InplaceShiftLeft(r, lsbv);
k += lsbu - lsbv;
}
else
{
BitLevel.InplaceShiftRight(u, lsbu);
BitLevel.InplaceShiftRight(v, lsbv);
BitLevel.InplaceShiftLeft(s, lsbu);
k += lsbv - lsbu;
}
r._sign = 1;
while (v.Signum() > 0)
{
// INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0))
while (u.CompareTo(v) > BigInteger.EQUALS)
{
Elementary.InplaceSubtract(u, v);
toShift = u.LowestSetBit;
BitLevel.InplaceShiftRight(u, toShift);
Elementary.InplaceAdd(r, s);
BitLevel.InplaceShiftLeft(s, toShift);
k += toShift;
}
while (u.CompareTo(v) <= BigInteger.EQUALS)
{
Elementary.InplaceSubtract(v, u);
if (v.Signum() == 0)
break;
toShift = v.LowestSetBit;
BitLevel.InplaceShiftRight(v, toShift);
Elementary.InplaceAdd(s, r);
BitLevel.InplaceShiftLeft(r, toShift);
k += toShift;
}
}
// in u is stored the gcd
if (!u.IsOne())
throw new ArithmeticException("BigInteger not invertible.");
if (r.CompareTo(P) >= BigInteger.EQUALS)
Elementary.InplaceSubtract(r, P);
r = P.Subtract(r);
// Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module)
int n1 = CalcN(P);
if (k > m)
{
r = MonPro(r, BigInteger.One, P, n1);
k = k - m;
}
r = MonPro(r, BigInteger.GetPowerOfTwo(m - k), P, n1);
return r;
}
/**
* Calculates a.modInverse(p) Based on: Savas, E; Koc, C "The Montgomery Modular
* Inverse - Revised"
*/
public static BigInteger ModInverseMontgomery(BigInteger a, BigInteger p)
{
if (a.Sign == 0) {
// ZERO hasn't inverse
// math.19: BigInteger not invertible
throw new ArithmeticException(Messages.math19);
}
if (!p.TestBit(0)) {
// montgomery inverse require even modulo
return ModInverseLorencz(a, p);
}
int m = p.numberLength*32;
// PRE: a \in [1, p - 1]
BigInteger u, v, r, s;
u = p.Copy(); // make copy to use inplace method
v = a.Copy();
int max = System.Math.Max(v.numberLength, u.numberLength);
r = new BigInteger(1, 1, new int[max + 1]);
s = new BigInteger(1, 1, new int[max + 1]);
s.Digits[0] = 1;
// s == 1 && v == 0
int k = 0;
int lsbu = u.LowestSetBit;
int lsbv = v.LowestSetBit;
int toShift;
if (lsbu > lsbv) {
BitLevel.InplaceShiftRight(u, lsbu);
BitLevel.InplaceShiftRight(v, lsbv);
BitLevel.InplaceShiftLeft(r, lsbv);
k += lsbu - lsbv;
} else {
BitLevel.InplaceShiftRight(u, lsbu);
BitLevel.InplaceShiftRight(v, lsbv);
BitLevel.InplaceShiftLeft(s, lsbu);
k += lsbv - lsbu;
}
r.Sign = 1;
while (v.Sign > 0) {
// INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0))
while (u.CompareTo(v) > BigInteger.EQUALS) {
Elementary.inplaceSubtract(u, v);
toShift = u.LowestSetBit;
BitLevel.InplaceShiftRight(u, toShift);
Elementary.inplaceAdd(r, s);
BitLevel.InplaceShiftLeft(s, toShift);
k += toShift;
}
while (u.CompareTo(v) <= BigInteger.EQUALS) {
Elementary.inplaceSubtract(v, u);
if (v.Sign == 0)
break;
toShift = v.LowestSetBit;
BitLevel.InplaceShiftRight(v, toShift);
Elementary.inplaceAdd(s, r);
BitLevel.InplaceShiftLeft(r, toShift);
k += toShift;
}
}
if (!u.IsOne) {
// in u is stored the gcd
// math.19: BigInteger not invertible.
throw new ArithmeticException(Messages.math19);
}
if (r.CompareTo(p) >= BigInteger.EQUALS)
Elementary.inplaceSubtract(r, p);
r = p.Subtract(r);
// Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module)
int n1 = CalcN(p);
if (k > m) {
r = MonPro(r, BigInteger.One, p, n1);
k = k - m;
}
r = MonPro(r, BigInteger.GetPowerOfTwo(m - k), p, n1);
return r;
}