public BigInteger modPow(BigInteger exponent, BigInteger m)
{
if (m.sign <= 0)
{
throw new ArithmeticException("BigInteger: modulus not positive");
}
BigInteger _base = this;
if (m.isOne() | (exponent.sign > 0 & _base.sign == 0))
{
return(BigInteger.ZERO);
}
if (_base.sign == 0 && exponent.sign == 0)
{
return(BigInteger.ONE);
}
if (exponent.sign < 0)
{
_base = modInverse(m);
exponent = exponent.negate();
}
// From now on: (m > 0) and (exponent >= 0)
BigInteger res = (m.testBit(0)) ? Division.oddModPow(_base.abs(),
exponent, m) : Division.evenModPow(_base.abs(), exponent, m);
if ((_base.sign < 0) && exponent.testBit(0))
{
// -b^e mod m == ((-1 mod m) * (b^e mod m)) mod m
res = m.subtract(BigInteger.ONE).multiply(res).mod(m);
}
// else exponent is even, so base^exp is positive
return(res);
}
internal static BigInteger evenModPow(BigInteger _base, BigInteger exponent,
BigInteger modulus)
{
// PRE: (base > 0), (exponent > 0), (modulus > 0) and (modulus even)
// STEP 1: Obtain the factorization 'modulus'= q * 2^j.
int j = modulus.getLowestSetBit();
BigInteger q = modulus.shiftRight(j);
// STEP 2: Compute x1 := base^exponent (mod q).
BigInteger x1 = oddModPow(_base, exponent, q);
// STEP 3: Compute x2 := base^exponent (mod 2^j).
BigInteger x2 = pow2ModPow(_base, exponent, j);
// STEP 4: Compute q^(-1) (mod 2^j) and y := (x2-x1) * q^(-1) (mod 2^j)
BigInteger qInv = modPow2Inverse(q, j);
BigInteger y = (x2.subtract(x1)).multiply(qInv);
inplaceModPow2(y, j);
if (y.sign < 0)
{
y = y.add(BigInteger.getPowerOfTwo(j));
}
// STEP 5: Compute and return: x1 + q * y
return(x1.add(q.multiply(y)));
}
public BigInteger modInverse(BigInteger m)
{
if (m.sign <= 0)
{
throw new ArithmeticException("BigInteger: modulus not positive");
}
// If both are even, no inverse exists
if (!(testBit(0) || m.testBit(0)))
{
throw new ArithmeticException("BigInteger not invertible.");
}
if (m.isOne())
{
return(ZERO);
}
// From now on: (m > 1)
BigInteger res = Division.modInverseMontgomery(abs().mod(m), m);
if (res.sign == 0)
{
throw new ArithmeticException("BigInteger not invertible.");
}
res = ((sign < 0) ? m.subtract(res) : res);
return(res);
}
public static BigInteger karatsuba(BigInteger op1, BigInteger op2)
{
BigInteger temp;
if (op2.numberLength > op1.numberLength) {
temp = op1;
op1 = op2;
op2 = temp;
}
if (op2.numberLength < whenUseKaratsuba) {
return multiplyPAP(op1, op2);
}
/* Karatsuba: u = u1*B + u0
* v = v1*B + v0
* u*v = (u1*v1)*B^2 + ((u1-u0)*(v0-v1) + u1*v1 + u0*v0)*B + u0*v0
*/
// ndiv2 = (op1.numberLength / 2) * 32
int ndiv2 = (int)(op1.numberLength & 0xFFFFFFFE) << 4;
BigInteger upperOp1 = op1.shiftRight(ndiv2);
BigInteger upperOp2 = op2.shiftRight(ndiv2);
BigInteger lowerOp1 = op1.subtract(upperOp1.shiftLeft(ndiv2));
BigInteger lowerOp2 = op2.subtract(upperOp2.shiftLeft(ndiv2));
BigInteger upper = karatsuba(upperOp1, upperOp2);
BigInteger lower = karatsuba(lowerOp1, lowerOp2);
BigInteger middle = karatsuba( upperOp1.subtract(lowerOp1),
lowerOp2.subtract(upperOp2));
middle = middle.add(upper).add(lower);
middle = middle.shiftLeft(ndiv2);
upper = upper.shiftLeft(ndiv2 << 1);
return upper.add(middle).add(lower);
}
private static bool millerRabin(BigInteger n, int t)
{
// PRE: n >= 0, t >= 0
BigInteger x; // x := UNIFORM{2...n-1}
BigInteger y; // y := x^(q * 2^j) mod n
BigInteger n_minus_1 = n.subtract(BigInteger.ONE); // n-1
int bitLength = n_minus_1.bitLength(); // ~ log2(n-1)
// (q,k) such that: n-1 = q * 2^k and q is odd
int k = n_minus_1.getLowestSetBit();
BigInteger q = n_minus_1.shiftRight(k);
Random rnd = new Random();
for (int i = 0; i < t; i++)
{
// To generate a witness 'x', first it use the primes of table
if (i < primes.Length)
{
x = BIprimes[i];
}
else /*
* It generates random witness only if it's necesssary. Note
* that all methods would call Miller-Rabin with t <= 50 so
* this part is only to do more robust the algorithm
*/
{
do
{
x = new BigInteger(bitLength, rnd);
} while ((x.compareTo(n) >= BigInteger.EQUALS) || (x.sign == 0) ||
x.isOne());
}
y = x.modPow(q, n);
if (y.isOne() || y.Equals(n_minus_1))
{
continue;
}
for (int j = 1; j < k; j++)
{
if (y.Equals(n_minus_1))
{
continue;
}
y = y.multiply(y).mod(n);
if (y.isOne())
{
return(false);
}
}
if (!y.Equals(n_minus_1))
{
return(false);
}
}
return(true);
}
public static BigInteger karatsuba(BigInteger op1, BigInteger op2)
{
BigInteger temp;
if (op2.numberLength > op1.numberLength)
{
temp = op1;
op1 = op2;
op2 = temp;
}
if (op2.numberLength < whenUseKaratsuba)
{
return(multiplyPAP(op1, op2));
}
/* Karatsuba: u = u1*B + u0
* v = v1*B + v0
* u*v = (u1*v1)*B^2 + ((u1-u0)*(v0-v1) + u1*v1 + u0*v0)*B + u0*v0
*/
// ndiv2 = (op1.numberLength / 2) * 32
int ndiv2 = (int)(op1.numberLength & 0xFFFFFFFE) << 4;
BigInteger upperOp1 = op1.shiftRight(ndiv2);
BigInteger upperOp2 = op2.shiftRight(ndiv2);
BigInteger lowerOp1 = op1.subtract(upperOp1.shiftLeft(ndiv2));
BigInteger lowerOp2 = op2.subtract(upperOp2.shiftLeft(ndiv2));
BigInteger upper = karatsuba(upperOp1, upperOp2);
BigInteger lower = karatsuba(lowerOp1, lowerOp2);
BigInteger middle = karatsuba(upperOp1.subtract(lowerOp1),
lowerOp2.subtract(upperOp2));
middle = middle.add(upper).add(lower);
middle = middle.shiftLeft(ndiv2);
upper = upper.shiftLeft(ndiv2 << 1);
return(upper.add(middle).add(lower));
}
private static bool millerRabin(BigInteger n, int t)
{
// PRE: n >= 0, t >= 0
BigInteger x; // x := UNIFORM{2...n-1}
BigInteger y; // y := x^(q * 2^j) mod n
BigInteger n_minus_1 = n.subtract(BigInteger.ONE); // n-1
int bitLength = n_minus_1.bitLength(); // ~ log2(n-1)
// (q,k) such that: n-1 = q * 2^k and q is odd
int k = n_minus_1.getLowestSetBit();
BigInteger q = n_minus_1.shiftRight(k);
Random rnd = new Random();
for (int i = 0; i < t; i++) {
// To generate a witness 'x', first it use the primes of table
if (i < primes.Length) {
x = BIprimes[i];
} else {/*
* It generates random witness only if it's necesssary. Note
* that all methods would call Miller-Rabin with t <= 50 so
* this part is only to do more robust the algorithm
*/
do {
x = new BigInteger(bitLength, rnd);
} while ((x.compareTo(n) >= BigInteger.EQUALS) || (x.sign == 0)
|| x.isOne());
}
y = x.modPow(q, n);
if (y.isOne() || y.Equals(n_minus_1)) {
continue;
}
for (int j = 1; j < k; j++) {
if (y.Equals(n_minus_1)) {
continue;
}
y = y.multiply(y).mod(n);
if (y.isOne()) {
return false;
}
}
if (!y.Equals(n_minus_1)) {
return false;
}
}
return true;
}
public BigInteger modPow(BigInteger exponent, BigInteger m)
{
if (m.sign <= 0) {
throw new ArithmeticException("BigInteger: modulus not positive");
}
BigInteger _base = this;
if (m.isOne() | (exponent.sign > 0 & _base.sign == 0)) {
return BigInteger.ZERO;
}
if (_base.sign == 0 && exponent.sign == 0) {
return BigInteger.ONE;
}
if (exponent.sign < 0) {
_base = modInverse(m);
exponent = exponent.negate();
}
// From now on: (m > 0) and (exponent >= 0)
BigInteger res = (m.testBit(0)) ? Division.oddModPow(_base.abs(),
exponent, m) : Division.evenModPow(_base.abs(), exponent, m);
if ((_base.sign < 0) && exponent.testBit(0)) {
// -b^e mod m == ((-1 mod m) * (b^e mod m)) mod m
res = m.subtract(BigInteger.ONE).multiply(res).mod(m);
}
// else exponent is even, so base^exp is positive
return res;
}
public BigInteger modInverse(BigInteger m)
{
if (m.sign <= 0) {
throw new ArithmeticException("BigInteger: modulus not positive");
}
// If both are even, no inverse exists
if (!(testBit(0) || m.testBit(0))) {
throw new ArithmeticException("BigInteger not invertible.");
}
if (m.isOne()) {
return ZERO;
}
// From now on: (m > 1)
BigInteger res = Division.modInverseMontgomery(abs().mod(m), m);
if (res.sign == 0) {
throw new ArithmeticException("BigInteger not invertible.");
}
res = ((sign < 0) ? m.subtract(res) : res);
return res;
}
internal static BigInteger modInverseMontgomery(BigInteger a, BigInteger p)
{
if (a.sign == 0){
// ZERO hasn't inverse
throw new ArithmeticException("BigInteger not invertible");
}
if (!p.testBit(0)){
// montgomery inverse require even modulo
return modInverseLorencz(a, p);
}
int m = p.numberLength * 32;
// PRE: a \in [1, p - 1]
BigInteger u, v, r, s;
u = p.copy(); // make copy to use inplace method
v = a.copy();
int max = Math.Max(v.numberLength, u.numberLength);
r = new BigInteger(1, 1, new int[max + 1]);
s = new BigInteger(1, 1, new int[max + 1]);
s.digits[0] = 1;
// s == 1 && v == 0
int k = 0;
int lsbu = u.getLowestSetBit();
int lsbv = v.getLowestSetBit();
int toShift;
if (lsbu > lsbv) {
BitLevel.inplaceShiftRight(u, lsbu);
BitLevel.inplaceShiftRight(v, lsbv);
BitLevel.inplaceShiftLeft(r, lsbv);
k += lsbu - lsbv;
} else {
BitLevel.inplaceShiftRight(u, lsbu);
BitLevel.inplaceShiftRight(v, lsbv);
BitLevel.inplaceShiftLeft(s, lsbu);
k += lsbv - lsbu;
}
r.sign = 1;
while (v.signum() > 0) {
// INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0))
while (u.compareTo(v) > BigInteger.EQUALS) {
Elementary.inplaceSubtract(u, v);
toShift = u.getLowestSetBit();
BitLevel.inplaceShiftRight(u, toShift);
Elementary.inplaceAdd(r, s);
BitLevel.inplaceShiftLeft(s, toShift);
k += toShift;
}
while (u.compareTo(v) <= BigInteger.EQUALS) {
Elementary.inplaceSubtract(v, u);
if (v.signum() == 0)
break;
toShift = v.getLowestSetBit();
BitLevel.inplaceShiftRight(v, toShift);
Elementary.inplaceAdd(s, r);
BitLevel.inplaceShiftLeft(r, toShift);
k += toShift;
}
}
if (!u.isOne()){
// in u is stored the gcd
throw new ArithmeticException("BigInteger not invertible.");
}
if (r.compareTo(p) >= BigInteger.EQUALS) {
Elementary.inplaceSubtract(r, p);
}
r = p.subtract(r);
// Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module)
int n1 = calcN(p);
if (k > m) {
r = monPro(r, BigInteger.ONE, p, n1);
k = k - m;
}
r = monPro(r, BigInteger.getPowerOfTwo(m - k), p, n1);
return r;
}
internal static BigInteger modInverseLorencz(BigInteger a, BigInteger modulo)
{
int max = Math.Max(a.numberLength, modulo.numberLength);
int[] uDigits = new int[max + 1]; // enough place to make all the inplace operation
int[] vDigits = new int[max + 1];
Array.Copy(modulo.digits, uDigits, modulo.numberLength);
Array.Copy(a.digits, vDigits, a.numberLength);
BigInteger u = new BigInteger(modulo.sign, modulo.numberLength,
uDigits);
BigInteger v = new BigInteger(a.sign, a.numberLength, vDigits);
BigInteger r = new BigInteger(0, 1, new int[max + 1]); // BigInteger.ZERO;
BigInteger s = new BigInteger(1, 1, new int[max + 1]);
s.digits[0] = 1;
// r == 0 && s == 1, but with enough place
int coefU = 0, coefV = 0;
int n = modulo.bitLength();
int k;
while (!isPowerOfTwo(u, coefU) && !isPowerOfTwo(v, coefV)) {
// modification of original algorithm: I calculate how many times the algorithm will enter in the same branch of if
k = howManyIterations(u, n);
if (k != 0) {
BitLevel.inplaceShiftLeft(u, k);
if (coefU >= coefV) {
BitLevel.inplaceShiftLeft(r, k);
} else {
BitLevel.inplaceShiftRight(s, Math.Min(coefV - coefU, k));
if (k - ( coefV - coefU ) > 0) {
BitLevel.inplaceShiftLeft(r, k - coefV + coefU);
}
}
coefU += k;
}
k = howManyIterations(v, n);
if (k != 0) {
BitLevel.inplaceShiftLeft(v, k);
if (coefV >= coefU) {
BitLevel.inplaceShiftLeft(s, k);
} else {
BitLevel.inplaceShiftRight(r, Math.Min(coefU - coefV, k));
if (k - ( coefU - coefV ) > 0) {
BitLevel.inplaceShiftLeft(s, k - coefU + coefV);
}
}
coefV += k;
}
if (u.signum() == v.signum()) {
if (coefU <= coefV) {
Elementary.completeInPlaceSubtract(u, v);
Elementary.completeInPlaceSubtract(r, s);
} else {
Elementary.completeInPlaceSubtract(v, u);
Elementary.completeInPlaceSubtract(s, r);
}
} else {
if (coefU <= coefV) {
Elementary.completeInPlaceAdd(u, v);
Elementary.completeInPlaceAdd(r, s);
} else {
Elementary.completeInPlaceAdd(v, u);
Elementary.completeInPlaceAdd(s, r);
}
}
if (v.signum() == 0 || u.signum() == 0){
throw new ArithmeticException("BigInteger not invertible");
}
}
if (isPowerOfTwo(v, coefV)) {
r = s;
if (v.signum() != u.signum())
u = u.negate();
}
if (u.testBit(n)) {
if (r.signum() < 0) {
r = r.negate();
} else {
r = modulo.subtract(r);
}
}
if (r.signum() < 0) {
r = r.add(modulo);
}
return r;
}
internal static BigInteger modInverseLorencz(BigInteger a, BigInteger modulo)
{
int max = Math.Max(a.numberLength, modulo.numberLength);
int[] uDigits = new int[max + 1]; // enough place to make all the inplace operation
int[] vDigits = new int[max + 1];
Array.Copy(modulo.digits, uDigits, modulo.numberLength);
Array.Copy(a.digits, vDigits, a.numberLength);
BigInteger u = new BigInteger(modulo.sign, modulo.numberLength,
uDigits);
BigInteger v = new BigInteger(a.sign, a.numberLength, vDigits);
BigInteger r = new BigInteger(0, 1, new int[max + 1]); // BigInteger.ZERO;
BigInteger s = new BigInteger(1, 1, new int[max + 1]);
s.digits[0] = 1;
// r == 0 && s == 1, but with enough place
int coefU = 0, coefV = 0;
int n = modulo.bitLength();
int k;
while (!isPowerOfTwo(u, coefU) && !isPowerOfTwo(v, coefV))
{
// modification of original algorithm: I calculate how many times the algorithm will enter in the same branch of if
k = howManyIterations(u, n);
if (k != 0)
{
BitLevel.inplaceShiftLeft(u, k);
if (coefU >= coefV)
{
BitLevel.inplaceShiftLeft(r, k);
}
else
{
BitLevel.inplaceShiftRight(s, Math.Min(coefV - coefU, k));
if (k - (coefV - coefU) > 0)
{
BitLevel.inplaceShiftLeft(r, k - coefV + coefU);
}
}
coefU += k;
}
k = howManyIterations(v, n);
if (k != 0)
{
BitLevel.inplaceShiftLeft(v, k);
if (coefV >= coefU)
{
BitLevel.inplaceShiftLeft(s, k);
}
else
{
BitLevel.inplaceShiftRight(r, Math.Min(coefU - coefV, k));
if (k - (coefU - coefV) > 0)
{
BitLevel.inplaceShiftLeft(s, k - coefU + coefV);
}
}
coefV += k;
}
if (u.signum() == v.signum())
{
if (coefU <= coefV)
{
Elementary.completeInPlaceSubtract(u, v);
Elementary.completeInPlaceSubtract(r, s);
}
else
{
Elementary.completeInPlaceSubtract(v, u);
Elementary.completeInPlaceSubtract(s, r);
}
}
else
{
if (coefU <= coefV)
{
Elementary.completeInPlaceAdd(u, v);
Elementary.completeInPlaceAdd(r, s);
}
else
{
Elementary.completeInPlaceAdd(v, u);
Elementary.completeInPlaceAdd(s, r);
}
}
if (v.signum() == 0 || u.signum() == 0)
{
throw new ArithmeticException("BigInteger not invertible");
}
}
if (isPowerOfTwo(v, coefV))
{
r = s;
if (v.signum() != u.signum())
{
u = u.negate();
}
}
if (u.testBit(n))
{
if (r.signum() < 0)
{
r = r.negate();
}
else
{
r = modulo.subtract(r);
}
}
if (r.signum() < 0)
{
r = r.add(modulo);
}
return(r);
}
internal static BigInteger modInverseMontgomery(BigInteger a, BigInteger p)
{
if (a.sign == 0)
{
// ZERO hasn't inverse
throw new ArithmeticException("BigInteger not invertible");
}
if (!p.testBit(0))
{
// montgomery inverse require even modulo
return(modInverseLorencz(a, p));
}
int m = p.numberLength * 32;
// PRE: a \in [1, p - 1]
BigInteger u, v, r, s;
u = p.copy(); // make copy to use inplace method
v = a.copy();
int max = Math.Max(v.numberLength, u.numberLength);
r = new BigInteger(1, 1, new int[max + 1]);
s = new BigInteger(1, 1, new int[max + 1]);
s.digits[0] = 1;
// s == 1 && v == 0
int k = 0;
int lsbu = u.getLowestSetBit();
int lsbv = v.getLowestSetBit();
int toShift;
if (lsbu > lsbv)
{
BitLevel.inplaceShiftRight(u, lsbu);
BitLevel.inplaceShiftRight(v, lsbv);
BitLevel.inplaceShiftLeft(r, lsbv);
k += lsbu - lsbv;
}
else
{
BitLevel.inplaceShiftRight(u, lsbu);
BitLevel.inplaceShiftRight(v, lsbv);
BitLevel.inplaceShiftLeft(s, lsbu);
k += lsbv - lsbu;
}
r.sign = 1;
while (v.signum() > 0)
{
// INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0))
while (u.compareTo(v) > BigInteger.EQUALS)
{
Elementary.inplaceSubtract(u, v);
toShift = u.getLowestSetBit();
BitLevel.inplaceShiftRight(u, toShift);
Elementary.inplaceAdd(r, s);
BitLevel.inplaceShiftLeft(s, toShift);
k += toShift;
}
while (u.compareTo(v) <= BigInteger.EQUALS)
{
Elementary.inplaceSubtract(v, u);
if (v.signum() == 0)
{
break;
}
toShift = v.getLowestSetBit();
BitLevel.inplaceShiftRight(v, toShift);
Elementary.inplaceAdd(s, r);
BitLevel.inplaceShiftLeft(r, toShift);
k += toShift;
}
}
if (!u.isOne())
{
// in u is stored the gcd
throw new ArithmeticException("BigInteger not invertible.");
}
if (r.compareTo(p) >= BigInteger.EQUALS)
{
Elementary.inplaceSubtract(r, p);
}
r = p.subtract(r);
// Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module)
int n1 = calcN(p);
if (k > m)
{
r = monPro(r, BigInteger.ONE, p, n1);
k = k - m;
}
r = monPro(r, BigInteger.getPowerOfTwo(m - k), p, n1);
return(r);
}
