doxygen/primality_8cpp_source.html

/*

* (C) 2016,2018 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/internal/primality.h>

#include <botan/internal/monty_exp.h>

#include <botan/bigint.h>

#include <botan/internal/monty.h>

#include <botan/reducer.h>

#include <botan/rng.h>

#include <algorithm>


namespace Botan {


bool is_lucas_probable_prime(const BigInt& C, const Modular_Reducer& mod_C)

   {

   if(C == 2 || C == 3 || C == 5 || C == 7 || C == 11 || C == 13)

      return true;


   if(C <= 1 || C.is_even())

      return false;


   BigInt D = BigInt::from_word(5);


   for(;;)

      {

      int32_t j = jacobi(D, C);

      if(j == 0)

         return false;


      if(j == -1)

         break;


      // Check 5, -7, 9, -11, 13, -15, 17, ...

      if(D.is_negative())

         {

         D.flip_sign();

         D += 2;

         }

      else

         {

         D += 2;

         D.flip_sign();

         }


      if(D == 17 && is_perfect_square(C).is_nonzero())

         return false;

      }


   const BigInt K = C + 1;

   const size_t K_bits = K.bits() - 1;


   BigInt U = BigInt::one();

   BigInt V = BigInt::one();


   BigInt Ut, Vt, U2, V2;


   for(size_t i = 0; i != K_bits; ++i)

      {

      const bool k_bit = K.get_bit(K_bits - 1 - i);


      Ut = mod_C.multiply(U, V);


      Vt = mod_C.reduce(mod_C.square(V) + mod_C.multiply(D, mod_C.square(U)));

      Vt.ct_cond_add(Vt.is_odd(), C);

      Vt >>= 1;

      Vt = mod_C.reduce(Vt);


      U = Ut;

      V = Vt;


      U2 = mod_C.reduce(Ut + Vt);

      U2.ct_cond_add(U2.is_odd(), C);

      U2 >>= 1;


      V2 = mod_C.reduce(Vt + Ut*D);

      V2.ct_cond_add(V2.is_odd(), C);

      V2 >>= 1;


      U.ct_cond_assign(k_bit, U2);

      V.ct_cond_assign(k_bit, V2);

      }


   return (U == 0);

   }


bool is_bailie_psw_probable_prime(const BigInt& n, const Modular_Reducer& mod_n)

   {

   if(n == 2)

      return true;

   else if(n <= 1 || n.is_even())

      return false;


   auto monty_n = std::make_shared<Montgomery_Params>(n, mod_n);

   const auto base = BigInt::from_word(2);

   return passes_miller_rabin_test(n, mod_n, monty_n, base) && is_lucas_probable_prime(n, mod_n);

   }


bool is_bailie_psw_probable_prime(const BigInt& n)

   {

   Modular_Reducer mod_n(n);

   return is_bailie_psw_probable_prime(n, mod_n);

   }


bool passes_miller_rabin_test(const BigInt& n,

                              const Modular_Reducer& mod_n,

                              const std::shared_ptr<Montgomery_Params>& monty_n,

                              const BigInt& a)

   {

   if(n < 3 || n.is_even())

      return false;


   BOTAN_ASSERT_NOMSG(n > 1);


   const BigInt n_minus_1 = n - 1;

   const size_t s = low_zero_bits(n_minus_1);

   const BigInt nm1_s = n_minus_1 >> s;

   const size_t n_bits = n.bits();


   const size_t powm_window = 4;


   auto powm_a_n = monty_precompute(monty_n, a, powm_window);


   BigInt y = monty_execute(*powm_a_n, nm1_s, n_bits);


   if(y == 1 || y == n_minus_1)

      return true;


   for(size_t i = 1; i != s; ++i)

      {

      y = mod_n.square(y);


      if(y == 1) // found a non-trivial square root

         return false;


      /*

      -1 is the trivial square root of unity, so ``a`` is not a

      witness for this number - give up

      */

      if(y == n_minus_1)

         return true;

      }


   return false;

   }


bool is_miller_rabin_probable_prime(const BigInt& n,

                                    const Modular_Reducer& mod_n,

                                    RandomNumberGenerator& rng,

                                    size_t test_iterations)

   {

   if(n < 3 || n.is_even())

      return false;


   auto monty_n = std::make_shared<Montgomery_Params>(n, mod_n);


   for(size_t i = 0; i != test_iterations; ++i)

      {

      const BigInt a = BigInt::random_integer(rng, BigInt::from_word(2), n);


      if(!passes_miller_rabin_test(n, mod_n, monty_n, a))

         return false;

      }


   // Failed to find a counterexample

   return true;

   }


size_t miller_rabin_test_iterations(size_t n_bits, size_t prob, bool random)

   {

   const size_t base = (prob + 2) / 2; // worst case 4^-t error rate


   /*

   * If the candidate prime was maliciously constructed, we can't rely

   * on arguments based on p being random.

   */

   if(random == false)

      return base;


   /*

   * For randomly chosen numbers we can use the estimates from

   * http://www.math.dartmouth.edu/~carlp/PDF/paper88.pdf

   *

   * These values are derived from the inequality for p(k,t) given on

   * the second page.

   */

   if(prob <= 128)

      {

      if(n_bits >= 1536)

         return 4; // < 2^-133

      if(n_bits >= 1024)

         return 6; // < 2^-133

      if(n_bits >= 512)

         return 12; // < 2^-129

      if(n_bits >= 256)

         return 29; // < 2^-128

      }


   /*

   If the user desires a smaller error probability than we have

   precomputed error estimates for, just fall back to using the worst

   case error rate.

   */

   return base;

   }


}

y
static SIMD_4x64 y
Definition: argon2_avx2.cpp:135

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67

Botan::BigInt
Definition: bigint.h:25

Botan::BigInt::ct_cond_add
void ct_cond_add(bool predicate, const BigInt &value)
Definition: bigint.cpp:454

Botan::BigInt::is_odd
bool is_odd() const
Definition: bigint.h:422

Botan::BigInt::random_integer
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:45

Botan::BigInt::ct_cond_assign
void ct_cond_assign(bool predicate, const BigInt &other)
Definition: bigint.cpp:487

Botan::BigInt::flip_sign
void flip_sign()
Definition: bigint.h:583

Botan::BigInt::one
static BigInt one()
Definition: bigint.h:50

Botan::BigInt::bits
size_t bits() const
Definition: bigint.cpp:312

Botan::BigInt::is_even
bool is_even() const
Definition: bigint.h:416

Botan::BigInt::from_word
static BigInt from_word(word n)
Definition: bigint.cpp:43

Botan::BigInt::is_negative
bool is_negative() const
Definition: bigint.h:556

Botan::BigInt::get_bit
bool get_bit(size_t n) const
Definition: bigint.h:483

Botan::Modular_Reducer
Definition: reducer.h:19

Botan::Modular_Reducer::square
BigInt square(const BigInt &x) const
Definition: reducer.h:46

Botan::Modular_Reducer::multiply
BigInt multiply(const BigInt &x, const BigInt &y) const
Definition: reducer.h:31

Botan::Modular_Reducer::reduce
BigInt reduce(const BigInt &x) const
Definition: reducer.cpp:37

Botan::RandomNumberGenerator
Definition: rng.h:31

Botan
Definition: alg_id.cpp:12

Botan::low_zero_bits
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:181

Botan::passes_miller_rabin_test
bool passes_miller_rabin_test(const BigInt &n, const Modular_Reducer &mod_n, const std::shared_ptr< Montgomery_Params > &monty_n, const BigInt &a)
Definition: primality.cpp:107

Botan::is_miller_rabin_probable_prime
bool is_miller_rabin_probable_prime(const BigInt &n, const Modular_Reducer &mod_n, RandomNumberGenerator &rng, size_t test_iterations)
Definition: primality.cpp:149

Botan::is_bailie_psw_probable_prime
bool is_bailie_psw_probable_prime(const BigInt &n, const Modular_Reducer &mod_n)
Definition: primality.cpp:89

Botan::is_perfect_square
BigInt is_perfect_square(const BigInt &C)
Definition: numthry.cpp:338

Botan::miller_rabin_test_iterations
size_t miller_rabin_test_iterations(size_t n_bits, size_t prob, bool random)
Definition: primality.cpp:172

Botan::jacobi
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition: numthry.cpp:130

Botan::is_lucas_probable_prime
bool is_lucas_probable_prime(const BigInt &C, const Modular_Reducer &mod_C)
Definition: primality.cpp:17

Botan::monty_execute
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
Definition: monty_exp.cpp:162

Botan::monty_precompute
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(const std::shared_ptr< const Montgomery_Params > &params, const BigInt &g, size_t window_bits, bool const_time)
Definition: monty_exp.cpp:154