/* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
public void skpow(BIG e, FF p)
{
int i, b, n = p.length;
FF R0 = new FF(n);
FF R1 = new FF(n);
FF ND = p.invmod2m();
mod(p);
R0.one();
R1.copy(this);
R0.nres(p);
R1.nres(p);
for (i = 8 * ROM.MODBYTES - 1; i >= 0; i--)
{
b = e.bit(i);
copy(R0);
modmul(R1, p, ND);
cswap(R0, R1, b);
R0.modsqr(p, ND);
R1.copy(this);
cswap(R0, R1, b);
}
copy(R0);
redc(p, ND);
}
/* U=1/a mod 2^m - Arazi & Qi */
private FF invmod2m()
{
int i, n = length;
FF b = new FF(n);
FF c = new FF(n);
FF U = new FF(n);
FF t;
U.zero();
U.v[0].copy(v[0]);
U.v[0].invmod2m();
for (i = 1; i < n; i <<= 1)
{
b.copy(this);
b.mod2m(i);
t = mul(U, b);
t.shrw(i);
b.copy(t);
c.copy(this);
c.shrw(i);
c.mod2m(i);
c.lmul(U);
c.mod2m(i);
b.add(c);
b.norm();
b.lmul(U);
b.mod2m(i);
c.one();
c.shlw(i);
b.revsub(c);
b.norm();
b.shlw(i);
U.add(b);
}
U.norm();
return(U);
}
/* Set return=1/this mod p. Binary method - a<p on entry */
public void invmodp(FF p)
{
int n = p.length;
FF u = new FF(n);
FF v = new FF(n);
FF x1 = new FF(n);
FF x2 = new FF(n);
FF t = new FF(n);
FF one = new FF(n);
one.one();
u.copy(this);
v.copy(p);
x1.copy(one);
x2.zero();
// reduce n in here as well!
while (comp(u, one) != 0 && comp(v, one) != 0)
{
while (u.parity() == 0)
{
u.shr();
if (x1.parity() != 0)
{
x1.add(p);
x1.norm();
}
x1.shr();
}
while (v.parity() == 0)
{
v.shr();
if (x2.parity() != 0)
{
x2.add(p);
x2.norm();
}
x2.shr();
}
if (comp(u, v) >= 0)
{
u.sub(v);
u.norm();
if (comp(x1, x2) >= 0)
{
x1.sub(x2);
}
else
{
t.copy(p);
t.sub(x2);
x1.add(t);
}
x1.norm();
}
else
{
v.sub(u);
v.norm();
if (comp(x2, x1) >= 0)
{
x2.sub(x1);
}
else
{
t.copy(p);
t.sub(x1);
x2.add(t);
}
x2.norm();
}
}
if (comp(u, one) == 0)
{
copy(x1);
}
else
{
copy(x2);
}
}
/* Miller-Rabin test for primality. Slow. */
public static bool prime(FF p, RAND rng)
{
int i, j, s = 0, n = p.length;
bool loop;
FF d = new FF(n);
FF x = new FF(n);
FF unity = new FF(n);
FF nm1 = new FF(n);
int sf = 4849845; // 3*5*.. *19
p.norm();
if (p.cfactor(sf))
{
return(false);
}
unity.one();
nm1.copy(p);
nm1.sub(unity);
nm1.norm();
d.copy(nm1);
while (d.parity() == 0)
{
d.shr();
s++;
}
if (s == 0)
{
return(false);
}
for (i = 0; i < 10; i++)
{
x.randomnum(p, rng);
x.pow(d, p);
if (comp(x, unity) == 0 || comp(x, nm1) == 0)
{
continue;
}
loop = false;
for (j = 1; j < s; j++)
{
x.power(2, p);
if (comp(x, unity) == 0)
{
return(false);
}
if (comp(x, nm1) == 0)
{
loop = true;
break;
}
}
if (loop)
{
continue;
}
return(false);
}
return(true);
}