/** * * Based on "New Algorithm for Classical Modular Inverse" Róbert Lórencz. * LNCS 2523 (2002) * * @return a^(-1) mod m */ static BigInteger modInverseLorencz(BigInteger a, BigInteger modulo) { // PRE: a is coprime with modulo, a < modulo int max = System.Math.Max(a.numberLength, modulo.numberLength); int[] uDigits = new int[max + 1]; // enough place to make all the inplace operation int[] vDigits = new int[max + 1]; Array.Copy(modulo.digits, 0, uDigits, 0, modulo.numberLength); Array.Copy(a.digits, 0, vDigits, 0, a.numberLength); BigInteger u = new BigInteger(modulo.sign, modulo.numberLength, uDigits); BigInteger v = new BigInteger(a.sign, a.numberLength, vDigits); BigInteger r = new BigInteger(0, 1, new int[max + 1]); // BigInteger.ZERO; BigInteger s = new BigInteger(1, 1, new int[max + 1]); s.digits[0] = 1; // r == 0 && s == 1, but with enough place int coefU = 0, coefV = 0; int n = modulo.BitLength; int k; while (!isPowerOfTwo(u, coefU) && !isPowerOfTwo(v, coefV)) { // modification of original algorithm: I calculate how many times the algorithm will enter in the same branch of if k = howManyIterations(u, n); if (k != 0) { BitLevel.inplaceShiftLeft(u, k); if (coefU >= coefV) { BitLevel.inplaceShiftLeft(r, k); } else { BitLevel.inplaceShiftRight(s, System.Math.Min(coefV - coefU, k)); if (k - (coefV - coefU) > 0) { BitLevel.inplaceShiftLeft(r, k - coefV + coefU); } } coefU += k; } k = howManyIterations(v, n); if (k != 0) { BitLevel.inplaceShiftLeft(v, k); if (coefV >= coefU) { BitLevel.inplaceShiftLeft(s, k); } else { BitLevel.inplaceShiftRight(r, System.Math.Min(coefU - coefV, k)); if (k - (coefU - coefV) > 0) { BitLevel.inplaceShiftLeft(s, k - coefU + coefV); } } coefV += k; } if (u.Signum() == v.Signum()) { if (coefU <= coefV) { Elementary.completeInPlaceSubtract(u, v); Elementary.completeInPlaceSubtract(r, s); } else { Elementary.completeInPlaceSubtract(v, u); Elementary.completeInPlaceSubtract(s, r); } } else { if (coefU <= coefV) { Elementary.completeInPlaceAdd(u, v); Elementary.completeInPlaceAdd(r, s); } else { Elementary.completeInPlaceAdd(v, u); Elementary.completeInPlaceAdd(s, r); } } if (v.Signum() == 0 || u.Signum() == 0) { // math.19: BigInteger not invertible throw new ArithmeticException(Messages.math19); } } if (isPowerOfTwo(v, coefV)) { r = s; if (v.Signum() != u.Signum()) { u = u.Negate(); } } if (u.TestBit(n)) { if (r.Signum() < 0) { r = r.Negate(); } else { r = modulo.Subtract(r); } } if (r.Signum() < 0) { r = r.Add(modulo); } return(r); }
/** * Calculates a.modInverse(p) Based on: Savas, E; Koc, C "The Montgomery Modular * Inverse - Revised" */ internal static BigInteger modInverseMontgomery(BigInteger a, BigInteger p) { if (a.sign == 0) { // ZERO hasn't inverse // math.19: BigInteger not invertible throw new ArithmeticException(Messages.math19); } if (!p.TestBit(0)) { // montgomery inverse require even modulo return(modInverseLorencz(a, p)); } int m = p.numberLength * 32; // PRE: a \in [1, p - 1] BigInteger u, v, r, s; u = p.Copy(); // make copy to use inplace method v = a.Copy(); int max = System.Math.Max(v.numberLength, u.numberLength); r = new BigInteger(1, 1, new int[max + 1]); s = new BigInteger(1, 1, new int[max + 1]); s.digits[0] = 1; // s == 1 && v == 0 int k = 0; int lsbu = u.LowestSetBit; int lsbv = v.LowestSetBit; int toShift; if (lsbu > lsbv) { BitLevel.inplaceShiftRight(u, lsbu); BitLevel.inplaceShiftRight(v, lsbv); BitLevel.inplaceShiftLeft(r, lsbv); k += lsbu - lsbv; } else { BitLevel.inplaceShiftRight(u, lsbu); BitLevel.inplaceShiftRight(v, lsbv); BitLevel.inplaceShiftLeft(s, lsbu); k += lsbv - lsbu; } r.sign = 1; while (v.Signum() > 0) { // INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0)) while (u.CompareTo(v) > BigInteger.EQUALS) { Elementary.inplaceSubtract(u, v); toShift = u.LowestSetBit; BitLevel.inplaceShiftRight(u, toShift); Elementary.inplaceAdd(r, s); BitLevel.inplaceShiftLeft(s, toShift); k += toShift; } while (u.CompareTo(v) <= BigInteger.EQUALS) { Elementary.inplaceSubtract(v, u); if (v.Signum() == 0) { break; } toShift = v.LowestSetBit; BitLevel.inplaceShiftRight(v, toShift); Elementary.inplaceAdd(s, r); BitLevel.inplaceShiftLeft(r, toShift); k += toShift; } } if (!u.IsOne()) { // in u is stored the gcd // math.19: BigInteger not invertible. throw new ArithmeticException(Messages.math19); } if (r.CompareTo(p) >= BigInteger.EQUALS) { Elementary.inplaceSubtract(r, p); } r = p.Subtract(r); // Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module) int n1 = calcN(p); if (k > m) { r = monPro(r, BigInteger.One, p, n1); k = k - m; } r = monPro(r, BigInteger.GetPowerOfTwo(m - k), p, n1); return(r); }