//***********************************************************************
// Generates a random number with the specified number of bits such
// that gcd(number, this) = 1
//***********************************************************************
internal BigInteger genCoPrime(int bits, Random rand)
{
bool done = false;
BigInteger result = new BigInteger();
while (!done)
{
result.genRandomBits(bits, rand);
// gcd test
BigInteger g = result.gcd(this);
if (g.dataLength == 1 && g.data[0] == 1)
done = true;
}
return result;
}
internal bool LucasStrongTestHelper(BigInteger thisVal)
{
// Do the test (selects D based on Selfridge)
// Let D be the first element of the sequence
// 5, -7, 9, -11, 13, ... for which J(D,n) = -1
// Let P = 1, Q = (1-D) / 4
long D = 5, sign = -1, dCount = 0;
bool done = false;
while (!done)
{
int Jresult = BigInteger.Jacobi(D, thisVal);
if (Jresult == -1)
done = true; // J(D, this) = 1
else
{
if (Jresult == 0 && Math.Abs(D) < thisVal) // divisor found
return false;
if (dCount == 20)
{
// check for square
BigInteger root = thisVal.sqrt();
if (root * root == thisVal)
return false;
}
//Console.WriteLine(D);
D = (Math.Abs(D) + 2) * sign;
sign = -sign;
}
dCount++;
}
long Q = (1 - D) >> 2;
BigInteger p_add1 = thisVal + 1;
int s = 0;
for (int index = 0; index < p_add1.dataLength; index++)
{
uint mask = 0x01;
for (int i = 0; i < 32; i++)
{
if ((p_add1.data[index] & mask) != 0)
{
index = p_add1.dataLength; // to break the outer loop
break;
}
mask <<= 1;
s++;
}
}
BigInteger t = p_add1 >> s;
// calculate constant = b^(2k) / m
// for Barrett Reduction
BigInteger constant = new BigInteger();
int nLen = thisVal.dataLength << 1;
constant.data[nLen] = 0x00000001;
constant.dataLength = nLen + 1;
constant = constant / thisVal;
BigInteger[] lucas = LucasSequenceHelper(1, Q, t, thisVal, constant, 0);
bool isPrime = false;
if ((lucas[0].dataLength == 1 && lucas[0].data[0] == 0) ||
(lucas[1].dataLength == 1 && lucas[1].data[0] == 0))
{
// u(t) = 0 or V(t) = 0
isPrime = true;
}
for (int i = 1; i < s; i++)
{
if (!isPrime)
{
// doubling of index
lucas[1] = thisVal.BarrettReduction(lucas[1] * lucas[1], thisVal, constant);
lucas[1] = (lucas[1] - (lucas[2] << 1)) % thisVal;
if ((lucas[1].dataLength == 1 && lucas[1].data[0] == 0))
isPrime = true;
}
lucas[2] = thisVal.BarrettReduction(lucas[2] * lucas[2], thisVal, constant); //Q^k
}
if (isPrime) // additional checks for composite numbers
{
// If n is prime and gcd(n, Q) == 1, then
// Q^((n+1)/2) = Q * Q^((n-1)/2) is congruent to (Q * J(Q, n)) mod n
BigInteger g = thisVal.gcd(Q);
if (g.dataLength == 1 && g.data[0] == 1) // gcd(this, Q) == 1
{
if ((lucas[2].data[maxLength - 1] & 0x80000000) != 0)
lucas[2] += thisVal;
BigInteger temp = (Q * BigInteger.Jacobi(Q, thisVal)) % thisVal;
if ((temp.data[maxLength - 1] & 0x80000000) != 0)
temp += thisVal;
if (lucas[2] != temp)
isPrime = false;
}
}
return isPrime;
}
//***********************************************************************
// Probabilistic prime test based on Rabin-Miller's
//
// for any p > 0 with p - 1 = 2^s * t
//
// p is probably prime (strong pseudoprime) if for any a < p,
// 1) a^t mod p = 1 or
// 2) a^((2^j)*t) mod p = p-1 for some 0 <= j <= s-1
//
// Otherwise, p is composite.
//
// Returns
// -------
// True if "this" is a strong pseudoprime to randomly chosen
// bases. The number of chosen bases is given by the "confidence"
// parameter.
//
// False if "this" is definitely NOT prime.
//
//***********************************************************************
internal bool RabinMillerTest(int confidence)
{
BigInteger thisVal;
if ((this.data[maxLength - 1] & 0x80000000) != 0) // negative
thisVal = -this;
else
thisVal = this;
if (thisVal.dataLength == 1)
{
// test small numbers
if (thisVal.data[0] == 0 || thisVal.data[0] == 1)
return false;
else if (thisVal.data[0] == 2 || thisVal.data[0] == 3)
return true;
}
if ((thisVal.data[0] & 0x1) == 0) // even numbers
return false;
// calculate values of s and t
BigInteger p_sub1 = thisVal - (new BigInteger(1));
int s = 0;
for (int index = 0; index < p_sub1.dataLength; index++)
{
uint mask = 0x01;
for (int i = 0; i < 32; i++)
{
if ((p_sub1.data[index] & mask) != 0)
{
index = p_sub1.dataLength; // to break the outer loop
break;
}
mask <<= 1;
s++;
}
}
BigInteger t = p_sub1 >> s;
int bits = thisVal.bitCount();
BigInteger a = new BigInteger();
Random rand = new Random();
for (int round = 0; round < confidence; round++)
{
bool done = false;
while (!done) // generate a < n
{
int testBits = 0;
// make sure "a" has at least 2 bits
while (testBits < 2)
testBits = (int)(rand.NextDouble() * bits);
a.genRandomBits(testBits, rand);
int byteLen = a.dataLength;
// make sure "a" is not 0
if (byteLen > 1 || (byteLen == 1 && a.data[0] != 1))
done = true;
}
// check whether a factor exists (fix for version 1.03)
BigInteger gcdTest = a.gcd(thisVal);
if (gcdTest.dataLength == 1 && gcdTest.data[0] != 1)
return false;
BigInteger b = a.modPow(t, thisVal);
bool result = false;
if (b.dataLength == 1 && b.data[0] == 1) // a^t mod p = 1
result = true;
for (int j = 0; result == false && j < s; j++)
{
if (b == p_sub1) // a^((2^j)*t) mod p = p-1 for some 0 <= j <= s-1
{
result = true;
break;
}
b = (b * b) % thisVal;
}
if (result == false)
return false;
}
return true;
}
//***********************************************************************
// Probabilistic prime test based on Solovay-Strassen (Euler Criterion)
//
// p is probably prime if for any a < p (a is not multiple of p),
// a^((p-1)/2) mod p = J(a, p)
//
// where J is the Jacobi symbol.
//
// Otherwise, p is composite.
//
// Returns
// -------
// True if "this" is a Euler pseudoprime to randomly chosen
// bases. The number of chosen bases is given by the "confidence"
// parameter.
//
// False if "this" is definitely NOT prime.
//
//***********************************************************************
internal bool SolovayStrassenTest(int confidence)
{
BigInteger thisVal;
if ((this.data[maxLength - 1] & 0x80000000) != 0) // negative
thisVal = -this;
else
thisVal = this;
if (thisVal.dataLength == 1)
{
// test small numbers
if (thisVal.data[0] == 0 || thisVal.data[0] == 1)
return false;
else if (thisVal.data[0] == 2 || thisVal.data[0] == 3)
return true;
}
if ((thisVal.data[0] & 0x1) == 0) // even numbers
return false;
int bits = thisVal.bitCount();
BigInteger a = new BigInteger();
BigInteger p_sub1 = thisVal - 1;
BigInteger p_sub1_shift = p_sub1 >> 1;
Random rand = new Random();
for (int round = 0; round < confidence; round++)
{
bool done = false;
while (!done) // generate a < n
{
int testBits = 0;
// make sure "a" has at least 2 bits
while (testBits < 2)
testBits = (int)(rand.NextDouble() * bits);
a.genRandomBits(testBits, rand);
int byteLen = a.dataLength;
// make sure "a" is not 0
if (byteLen > 1 || (byteLen == 1 && a.data[0] != 1))
done = true;
}
// check whether a factor exists (fix for version 1.03)
BigInteger gcdTest = a.gcd(thisVal);
if (gcdTest.dataLength == 1 && gcdTest.data[0] != 1)
return false;
// calculate a^((p-1)/2) mod p
BigInteger expResult = a.modPow(p_sub1_shift, thisVal);
if (expResult == p_sub1)
expResult = -1;
// calculate Jacobi symbol
BigInteger jacob = Jacobi(a, thisVal);
// if they are different then it is not prime
if (expResult != jacob)
return false;
}
return true;
}
//***********************************************************************
// Probabilistic prime test based on Fermat's little theorem
//
// for any a < p (p does not divide a) if
// a^(p-1) mod p != 1 then p is not prime.
//
// Otherwise, p is probably prime (pseudoprime to the chosen base).
//
// Returns
// -------
// True if "this" is a pseudoprime to randomly chosen
// bases. The number of chosen bases is given by the "confidence"
// parameter.
//
// False if "this" is definitely NOT prime.
//
// Note - this method is fast but fails for Carmichael numbers except
// when the randomly chosen base is a factor of the number.
//
//***********************************************************************
internal bool FermatLittleTest(int confidence)
{
BigInteger thisVal;
if ((this.data[maxLength - 1] & 0x80000000) != 0) // negative
thisVal = -this;
else
thisVal = this;
if (thisVal.dataLength == 1)
{
// test small numbers
if (thisVal.data[0] == 0 || thisVal.data[0] == 1)
return false;
else if (thisVal.data[0] == 2 || thisVal.data[0] == 3)
return true;
}
if ((thisVal.data[0] & 0x1) == 0) // even numbers
return false;
int bits = thisVal.bitCount();
BigInteger a = new BigInteger();
BigInteger p_sub1 = thisVal - (new BigInteger(1));
Random rand = new Random();
for (int round = 0; round < confidence; round++)
{
bool done = false;
while (!done) // generate a < n
{
int testBits = 0;
// make sure "a" has at least 2 bits
while (testBits < 2)
testBits = (int)(rand.NextDouble() * bits);
a.genRandomBits(testBits, rand);
int byteLen = a.dataLength;
// make sure "a" is not 0
if (byteLen > 1 || (byteLen == 1 && a.data[0] != 1))
done = true;
}
// check whether a factor exists (fix for version 1.03)
BigInteger gcdTest = a.gcd(thisVal);
if (gcdTest.dataLength == 1 && gcdTest.data[0] != 1)
return false;
// calculate a^(p-1) mod p
BigInteger expResult = a.modPow(p_sub1, thisVal);
int resultLen = expResult.dataLength;
// is NOT prime is a^(p-1) mod p != 1
if (resultLen > 1 || (resultLen == 1 && expResult.data[0] != 1))
{
return false;
}
}
return true;
}
