/* * It requires that all parameters be positive. * * @return {@code base<sup>exponent</sup> mod (2<sup>j</sup>)}. * @see BigInteger#modPow(BigInteger, BigInteger) */ internal static BigInteger pow2ModPow(BigInteger baseJ, BigInteger exponent, int j) { // PRE: (base > 0), (exponent > 0) and (j > 0) BigInteger res = BigInteger.ONE; BigInteger e = exponent.copy(); BigInteger baseMod2toN = baseJ.copy(); BigInteger res2; /* * If 'base' is odd then it's coprime with 2^j and phi(2^j) = 2^(j-1); * so we can reduce reduce the exponent (mod 2^(j-1)). */ if (baseJ.testBit(0)) { inplaceModPow2(e, j - 1); } inplaceModPow2(baseMod2toN, j); for (int i = e.bitLength() - 1; i >= 0; i--) { res2 = res.copy(); inplaceModPow2(res2, j); res = res.multiply(res2); if (BitLevel.testBit(e, i)) { res = res.multiply(baseMod2toN); inplaceModPow2(res, j); } } inplaceModPow2(res, j); return(res); }
/* * Performs a<sup>2</sup> * @param a The number to square. * @param aLen The length of the number to square. */ internal static int[] square(int[] a, int aLen, int[] res) { long carry; for (int i = 0; i < aLen; i++) { carry = 0; for (int j = i + 1; j < aLen; j++) { carry = unsignedMultAddAdd(a[i], a[j], res[i + j], (int)carry); res[i + j] = (int)carry; carry = java.dotnet.lang.Operator.shiftRightUnsignet(carry, 32); } res[i + aLen] = (int)carry; } BitLevel.shiftLeftOneBit(res, res, aLen << 1); carry = 0; for (int i = 0, index = 0; i < aLen; i++, index++) { carry = unsignedMultAddAdd(a[i], a[i], res[index], (int)carry); res[index] = (int)carry; carry = java.dotnet.lang.Operator.shiftRightUnsignet(carry, 32); index++; carry += res[index] & 0xFFFFFFFFL; res[index] = (int)carry; carry = java.dotnet.lang.Operator.shiftRightUnsignet(carry, 32); } return(res); }
/*Implements the Montgomery modular exponentiation based in <i>The sliding windows algorithm and the Mongomery * Reduction</i>. *@ar.org.fitc.ref "A. Menezes,P. van Oorschot, S. Vanstone - Handbook of Applied Cryptography"; *@see #oddModPow(BigInteger, BigInteger, * BigInteger) */ internal static BigInteger slidingWindow(BigInteger x2, BigInteger a2, BigInteger exponent, BigInteger modulus, int n2) { // fill odd low pows of a2 BigInteger [] pows = new BigInteger[8]; BigInteger res = x2; int lowexp; BigInteger x3; int acc3; pows[0] = a2; x3 = monPro(a2, a2, modulus, n2); for (int i = 1; i <= 7; i++) { pows[i] = monPro(pows[i - 1], x3, modulus, n2); } for (int i = exponent.bitLength() - 1; i >= 0; i--) { if (BitLevel.testBit(exponent, i)) { lowexp = 1; acc3 = i; for (int j = java.lang.Math.max(i - 3, 0); j <= i - 1; j++) { if (BitLevel.testBit(exponent, j)) { if (j < acc3) { acc3 = j; lowexp = (lowexp << (i - j)) ^ 1; } else { lowexp = lowexp ^ (1 << (j - acc3)); } } } for (int j = acc3; j <= i; j++) { res = monPro(res, res, modulus, n2); } res = monPro(pows[(lowexp - 1) >> 1], res, modulus, n2); i = acc3; } else { res = monPro(res, res, modulus, n2); } } return(res); }
/** @see BigInteger#doubleValue() */ protected internal static double bigInteger2Double(BigInteger val) { // val.bitLength() < 64 if ((val.numberLength < 2) || ((val.numberLength == 2) && (val.digits[1] > 0))) { return(val.longValue()); } // val.bitLength() >= 33 * 32 > 1024 if (val.numberLength > 32) { return((val.sign > 0) ? java.lang.Double.POSITIVE_INFINITY : java.lang.Double.NEGATIVE_INFINITY); } int bitLen = val.abs().bitLength(); long exponent = bitLen - 1; int delta = bitLen - 54; // We need 54 top bits from this, the 53th bit is always 1 in lVal. long lVal = val.abs().shiftRight(delta).longValue(); /* * Take 53 bits from lVal to mantissa. The least significant bit is * needed for rounding. */ long mantissa = lVal & 0x1FFFFFFFFFFFFFL; if (exponent == 1023) { if (mantissa == 0X1FFFFFFFFFFFFFL) { return((val.sign > 0) ? java.lang.Double.POSITIVE_INFINITY : java.lang.Double.NEGATIVE_INFINITY); } if (mantissa == 0x1FFFFFFFFFFFFEL) { return((val.sign > 0) ? java.lang.Double.MAX_VALUE : -java.lang.Double.MAX_VALUE); } } // Round the mantissa if (((mantissa & 1) == 1) && (((mantissa & 2) == 2) || BitLevel.nonZeroDroppedBits(delta, val.digits))) { mantissa += 2; } mantissa >>= 1; // drop the rounding bit long resSign = (long)((val.sign < 0) ? 0x8000000000000000L : 0); exponent = ((1023 + exponent) << 52) & 0x7FF0000000000000L; long result = resSign | exponent | mantissa; return(java.lang.Double.longBitsToDouble(result)); }
internal static BigInteger squareAndMultiply(BigInteger x2, BigInteger a2, BigInteger exponent, BigInteger modulus, int n2) { BigInteger res = x2; for (int i = exponent.bitLength() - 1; i >= 0; i--) { res = monPro(res, res, modulus, n2); if (BitLevel.testBit(exponent, i)) { res = monPro(res, a2, modulus, n2); } } return(res); }
/* * @param x an odd positive number. * @param n the exponent by which 2 is raised. * @return {@code x<sup>-1</sup> (mod 2<sup>n</sup>)}. */ internal static BigInteger modPow2Inverse(BigInteger x, int n) { // PRE: (x > 0), (x is odd), and (n > 0) BigInteger y = new BigInteger(1, new int[1 << n]); y.numberLength = 1; y.digits[0] = 1; y.sign = 1; for (int i = 1; i < n; i++) { if (BitLevel.testBit(x.multiply(y), i)) { // Adding 2^i to y (setting the i-th bit) y.digits[i >> 5] |= (1 << (i & 31)); } } return(y); }
/* * Divides the array 'a' by the array 'b' and gets the quotient and the * remainder. Implements the Knuth's division algorithm. See D. Knuth, The * Art of Computer Programming, vol. 2. Steps D1-D8 correspond the steps in * the algorithm description. * * @param quot the quotient * @param quotLength the quotient's length * @param a the dividend * @param aLength the dividend's length * @param b the divisor * @param bLength the divisor's length * @return the remainder */ internal static int[] divide(int[] quot, int quotLength, int[] a, int aLength, int[] b, int bLength) { int[] normA = new int[aLength + 1]; // the normalized dividend // an extra byte is needed for correct shift int[] normB = new int[bLength + 1]; // the normalized divisor; int normBLength = bLength; /* * Step D1: normalize a and b and put the results to a1 and b1 the * normalized divisor's first digit must be >= 2^31 */ int divisorShift = java.lang.Integer.numberOfLeadingZeros(b[bLength - 1]); if (divisorShift != 0) { BitLevel.shiftLeft(normB, b, 0, divisorShift); BitLevel.shiftLeft(normA, a, 0, divisorShift); } else { java.lang.SystemJ.arraycopy(a, 0, normA, 0, aLength); java.lang.SystemJ.arraycopy(b, 0, normB, 0, bLength); } int firstDivisorDigit = normB[normBLength - 1]; // Step D2: set the quotient index int i = quotLength - 1; int j = aLength; while (i >= 0) { // Step D3: calculate a guess digit guessDigit int guessDigit = 0; if (normA[j] == firstDivisorDigit) { // set guessDigit to the largest unsigned int value guessDigit = -1; } else { long product = (((normA[j] & 0xffffffffL) << 32) + (normA[j - 1] & 0xffffffffL)); long res = Division.divideLongByInt(product, firstDivisorDigit); guessDigit = (int)res; // the quotient of divideLongByInt int rem = (int)(res >> 32); // the remainder of // divideLongByInt // decrease guessDigit by 1 while leftHand > rightHand if (guessDigit != 0) { long leftHand = 0; long rightHand = 0; bool rOverflowed = false; guessDigit++; // to have the proper value in the loop // below do { guessDigit--; if (rOverflowed) { break; } // leftHand always fits in an unsigned long leftHand = (guessDigit & 0xffffffffL) * (normB[normBLength - 2] & 0xffffffffL); /* * rightHand can overflow; in this case the loop * condition will be true in the next step of the loop */ rightHand = ((long)rem << 32) + (normA[j - 2] & 0xffffffffL); long longR = (rem & 0xffffffffL) + (firstDivisorDigit & 0xffffffffL); /* * checks that longR does not fit in an unsigned int; * this ensures that rightHand will overflow unsigned * long in the next step */ if (java.lang.Integer.numberOfLeadingZeros((int)(java.dotnet.lang.Operator.shiftRightUnsignet(longR, 32))) < 32) { rOverflowed = true; } else { rem = (int)longR; } } while (((((ulong)leftHand) ^ 0x8000000000000000L) > (((ulong)rightHand) ^ 0x8000000000000000L))); } } // Step D4: multiply normB by guessDigit and subtract the production // from normA. if (guessDigit != 0) { int borrow = Division.multiplyAndSubtract(normA, j - normBLength, normB, normBLength, guessDigit); // Step D5: check the borrow if (borrow != 0) { // Step D6: compensating addition guessDigit--; long carry = 0; for (int k = 0; k < normBLength; k++) { carry += (normA[j - normBLength + k] & 0xffffffffL) + (normB[k] & 0xffffffffL); normA[j - normBLength + k] = (int)carry; carry = java.dotnet.lang.Operator.shiftRightUnsignet(carry, 32); } } } if (quot != null) { quot[i] = guessDigit; } // Step D7 j--; i--; } /* * Step D8: we got the remainder in normA. Denormalize it id needed */ if (divisorShift != 0) { // reuse normB BitLevel.shiftRight(normB, normBLength, normA, 0, divisorShift); return(normB); } java.lang.SystemJ.arraycopy(normA, 0, normB, 0, bLength); return(normA); }
/* * Calculates a.modInverse(p) Based on: Savas, E; Koc, C "The Montgomery Modular * Inverse - Revised" */ internal static BigInteger modInverseMontgomery(BigInteger a, BigInteger p) { if (a.sign == 0) { // ZERO hasn't inverse // math.19: BigInteger not invertible throw new ArithmeticException("BigInteger not invertible"); } if (!p.testBit(0)) { // montgomery inverse require even modulo return(modInverseHars(a, p)); } int m = p.numberLength * 32; // PRE: a \in [1, p - 1] BigInteger u, v, r, s; u = p.copy(); // make copy to use inplace method v = a.copy(); int max = java.lang.Math.max(v.numberLength, u.numberLength); r = new BigInteger(1, 1, new int[max + 1]); s = new BigInteger(1, 1, new int[max + 1]); s.digits[0] = 1; // s == 1 && v == 0 int k = 0; int lsbu = u.getLowestSetBit(); int lsbv = v.getLowestSetBit(); int toShift; if (lsbu > lsbv) { BitLevel.inplaceShiftRight(u, lsbu); BitLevel.inplaceShiftRight(v, lsbv); BitLevel.inplaceShiftLeft(r, lsbv); k += lsbu - lsbv; } else { BitLevel.inplaceShiftRight(u, lsbu); BitLevel.inplaceShiftRight(v, lsbv); BitLevel.inplaceShiftLeft(s, lsbu); k += lsbv - lsbu; } r.sign = 1; while (v.signum() > 0) { // INV v >= 0, u >= 0, v odd, u odd (except last iteration when v is even (0)) while (u.compareTo(v) > BigInteger.EQUALS) { Elementary.inplaceSubtract(u, v); toShift = u.getLowestSetBit(); BitLevel.inplaceShiftRight(u, toShift); Elementary.inplaceAdd(r, s); BitLevel.inplaceShiftLeft(s, toShift); k += toShift; } while (u.compareTo(v) <= BigInteger.EQUALS) { Elementary.inplaceSubtract(v, u); if (v.signum() == 0) { break; } toShift = v.getLowestSetBit(); BitLevel.inplaceShiftRight(v, toShift); Elementary.inplaceAdd(s, r); BitLevel.inplaceShiftLeft(r, toShift); k += toShift; } } if (!u.isOne()) { // in u is stored the gcd // math.19: BigInteger not invertible. throw new ArithmeticException("BigInteger not invertible"); } if (r.compareTo(p) >= BigInteger.EQUALS) { Elementary.inplaceSubtract(r, p); } r = p.subtract(r); // Have pair: ((BigInteger)r, (Integer)k) where r == a^(-1) * 2^k mod (module) int n1 = calcN(p); if (k > m) { r = monPro(r, BigInteger.ONE, p, n1); k = k - m; } r = monPro(r, BigInteger.getPowerOfTwo(m - k), p, n1); return(r); }
/* * @param m a positive modulus * Return the greatest common divisor of op1 and op2, * * @param op1 * must be greater than zero * @param op2 * must be greater than zero * @see BigInteger#gcd(BigInteger) * @return {@code GCD(op1, op2)} */ internal static BigInteger gcdBinary(BigInteger op1, BigInteger op2) { // PRE: (op1 > 0) and (op2 > 0) /* * Divide both number the maximal possible times by 2 without rounding * gcd(2*a, 2*b) = 2 * gcd(a,b) */ int lsb1 = op1.getLowestSetBit(); int lsb2 = op2.getLowestSetBit(); int pow2Count = java.lang.Math.min(lsb1, lsb2); BitLevel.inplaceShiftRight(op1, lsb1); BitLevel.inplaceShiftRight(op2, lsb2); BigInteger swap; // I want op2 > op1 if (op1.compareTo(op2) == BigInteger.GREATER) { swap = op1; op1 = op2; op2 = swap; } do // INV: op2 >= op1 && both are odd unless op1 = 0 // Optimization for small operands // (op2.bitLength() < 64) implies by INV (op1.bitLength() < 64) { if ((op2.numberLength == 1) || ((op2.numberLength == 2) && (op2.digits[1] > 0))) { op2 = BigInteger.valueOf(Division.gcdBinary(op1.longValue(), op2.longValue())); break; } // Implements one step of the Euclidean algorithm // To reduce one operand if it's much smaller than the other one if (op2.numberLength > op1.numberLength * 1.2) { op2 = op2.remainder(op1); if (op2.signum() != 0) { BitLevel.inplaceShiftRight(op2, op2.getLowestSetBit()); } } else { // Use Knuth's algorithm of successive subtract and shifting do { Elementary.inplaceSubtract(op2, op1); // both are odd BitLevel.inplaceShiftRight(op2, op2.getLowestSetBit()); // op2 is even } while (op2.compareTo(op1) >= BigInteger.EQUALS); } // now op1 >= op2 swap = op2; op2 = op1; op1 = swap; } while (op1.sign != 0); return(op2.shiftLeft(pow2Count)); }