//*********************************************************************** // Generates a random number with the specified number of bits such // that gcd(number, this) = 1 //*********************************************************************** public BigInteger GenCoPrime(int bits, StrongNumberProvider rand) { bool done = false; BigInteger result = new BigInteger(); while (!done) { result.GenRandomBits(bits, rand); //Console.WriteLine(result.ToString(16)); // gcd test BigInteger g = result.Gcd(this); if (g.dataLength == 1 && g.data[0] == 1) done = true; } return result; }
//*********************************************************************** // Generates a positive BigInteger that is probably prime. //*********************************************************************** public static BigInteger GenPseudoPrime(int bits, int confidence, StrongNumberProvider rand) { BigInteger result = new BigInteger(); bool done = false; while (!done) { result.GenRandomBits(bits, rand); result.data[0] |= 0x01; // make it odd // prime test done = result.IsProbablePrime(confidence); } return result; }
//*********************************************************************** // Probabilistic prime test based on Solovay-Strassen (Euler Criterion) // // p is probably prime if for any a < p (a is not multiple of p), // a^((p-1)/2) mod p = J(a, p) // // where J is the Jacobi symbol. // // Otherwise, p is composite. // // Returns // ------- // True if "this" is a Euler pseudoprime to randomly chosen // bases. The number of chosen bases is given by the "confidence" // parameter. // // False if "this" is definitely NOT prime. // //*********************************************************************** public bool SolovayStrassenTest(int confidence) { BigInteger thisVal; if ((this.data[maxLength - 1] & 0x80000000) != 0) // negative thisVal = -this; else thisVal = this; if (thisVal.dataLength == 1) { // test small numbers if (thisVal.data[0] == 0 || thisVal.data[0] == 1) return false; else if (thisVal.data[0] == 2 || thisVal.data[0] == 3) return true; } if ((thisVal.data[0] & 0x1) == 0) // even numbers return false; int bits = thisVal.BitCount(); BigInteger a = new BigInteger(); BigInteger p_sub1 = thisVal - 1; BigInteger p_sub1_shift = p_sub1 >> 1; StrongNumberProvider rand = new StrongNumberProvider(); for (int round = 0; round < confidence; round++) { bool done = false; while (!done) // generate a < n { int testBits = 0; // make sure "a" has at least 2 bits while (testBits < 2) testBits = (int)(rand.NextSingle() * bits); a.GenRandomBits(testBits, rand); int byteLen = a.dataLength; // make sure "a" is not 0 if (byteLen > 1 || (byteLen == 1 && a.data[0] != 1)) done = true; } // check whether a factor exists (fix for version 1.03) BigInteger gcdTest = a.Gcd(thisVal); if (gcdTest.dataLength == 1 && gcdTest.data[0] != 1) return false; // calculate a^((p-1)/2) mod p BigInteger expResult = a.ModPow(p_sub1_shift, thisVal); if (expResult == p_sub1) expResult = -1; // calculate Jacobi symbol BigInteger jacob = Jacobi(a, thisVal); //Console.WriteLine("a = " + a.ToString(10) + " b = " + thisVal.ToString(10)); //Console.WriteLine("expResult = " + expResult.ToString(10) + " Jacob = " + jacob.ToString(10)); // if they are different then it is not prime if (expResult != jacob) return false; } return true; }
//*********************************************************************** // Probabilistic prime test based on Rabin-Miller's // // for any p > 0 with p - 1 = 2^s * t // // p is probably prime (strong pseudoprime) if for any a < p, // 1) a^t mod p = 1 or // 2) a^((2^j)*t) mod p = p-1 for some 0 <= j <= s-1 // // Otherwise, p is composite. // // Returns // ------- // True if "this" is a strong pseudoprime to randomly chosen // bases. The number of chosen bases is given by the "confidence" // parameter. // // False if "this" is definitely NOT prime. // //*********************************************************************** public bool RabinMillerTest(int confidence) { BigInteger thisVal; if ((this.data[maxLength - 1] & 0x80000000) != 0) // negative thisVal = -this; else thisVal = this; if (thisVal.dataLength == 1) { // test small numbers if (thisVal.data[0] == 0 || thisVal.data[0] == 1) return false; else if (thisVal.data[0] == 2 || thisVal.data[0] == 3) return true; } if ((thisVal.data[0] & 0x1) == 0) // even numbers return false; // calculate values of s and t BigInteger p_sub1 = thisVal - (new BigInteger(1)); int s = 0; for (int index = 0; index < p_sub1.dataLength; index++) { uint mask = 0x01; for (int i = 0; i < 32; i++) { if ((p_sub1.data[index] & mask) != 0) { index = p_sub1.dataLength; // to break the outer loop break; } mask <<= 1; s++; } } BigInteger t = p_sub1 >> s; int bits = thisVal.BitCount(); BigInteger a = new BigInteger(); StrongNumberProvider rand = new StrongNumberProvider(); for (int round = 0; round < confidence; round++) { bool done = false; while (!done) // generate a < n { int testBits = 0; // make sure "a" has at least 2 bits while (testBits < 2) testBits = (int)(rand.NextSingle() * bits); a.GenRandomBits(testBits, rand); int byteLen = a.dataLength; // make sure "a" is not 0 if (byteLen > 1 || (byteLen == 1 && a.data[0] != 1)) done = true; } // check whether a factor exists (fix for version 1.03) BigInteger gcdTest = a.Gcd(thisVal); if (gcdTest.dataLength == 1 && gcdTest.data[0] != 1) return false; BigInteger b = a.ModPow(t, thisVal); bool result = false; if (b.dataLength == 1 && b.data[0] == 1) // a^t mod p = 1 result = true; for (int j = 0; result == false && j < s; j++) { if (b == p_sub1) // a^((2^j)*t) mod p = p-1 for some 0 <= j <= s-1 { result = true; break; } b = (b * b) % thisVal; } if (result == false) return false; } return true; }
//*********************************************************************** // Probabilistic prime test based on Fermat's little theorem // // for any a < p (p does not divide a) if // a^(p-1) mod p != 1 then p is not prime. // // Otherwise, p is probably prime (pseudoprime to the chosen base). // // Returns // ------- // True if "this" is a pseudoprime to randomly chosen // bases. The number of chosen bases is given by the "confidence" // parameter. // // False if "this" is definitely NOT prime. // // Note - this method is fast but fails for Carmichael numbers except // when the randomly chosen base is a factor of the number. // //*********************************************************************** public bool FermatLittleTest(int confidence) { BigInteger thisVal; if ((this.data[maxLength - 1] & 0x80000000) != 0) // negative thisVal = -this; else thisVal = this; if (thisVal.dataLength == 1) { // test small numbers if (thisVal.data[0] == 0 || thisVal.data[0] == 1) return false; else if (thisVal.data[0] == 2 || thisVal.data[0] == 3) return true; } if ((thisVal.data[0] & 0x1) == 0) // even numbers return false; int bits = thisVal.BitCount(); BigInteger a = new BigInteger(); BigInteger p_sub1 = thisVal - (new BigInteger(1)); StrongNumberProvider rand = new StrongNumberProvider(); for (int round = 0; round < confidence; round++) { bool done = false; while (!done) // generate a < n { int testBits = 0; // make sure "a" has at least 2 bits while (testBits < 2) testBits = rand.NextInt() * bits; a.GenRandomBits(testBits, rand); int byteLen = a.dataLength; // make sure "a" is not 0 if (byteLen > 1 || (byteLen == 1 && a.data[0] != 1)) done = true; } // check whether a factor exists (fix for version 1.03) BigInteger gcdTest = a.Gcd(thisVal); if (gcdTest.dataLength == 1 && gcdTest.data[0] != 1) return false; // calculate a^(p-1) mod p BigInteger expResult = a.ModPow(p_sub1, thisVal); int resultLen = expResult.dataLength; // is NOT prime is a^(p-1) mod p != 1 if (resultLen > 1 || (resultLen == 1 && expResult.data[0] != 1)) { //Console.WriteLine("a = " + a.ToString()); return false; } } return true; }
//*********************************************************************** // Populates "this" with the specified amount of random bits //*********************************************************************** public void GenRandomBits(int bits, StrongNumberProvider rand) { int dwords = bits >> 5; int remBits = bits & 0x1F; if (remBits != 0) dwords++; if (dwords > maxLength) throw (new ArithmeticException("Number of required bits > maxLength.")); for (int i = 0; i < dwords; i++) data[i] = (uint)rand.NextUInt32(); for (int i = dwords; i < maxLength; i++) data[i] = 0; if (remBits != 0) { uint mask = (uint)(0x01 << (remBits - 1)); data[dwords - 1] |= mask; mask = (uint)(0xFFFFFFFF >> (32 - remBits)); data[dwords - 1] &= mask; } else data[dwords - 1] |= 0x80000000; dataLength = dwords; if (dataLength == 0) dataLength = 1; }