doxygen/primality_8cpp_source.html

/*

* (C) 2016,2018 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/internal/primality.h>


#include <botan/bigint.h>

#include <botan/reducer.h>

#include <botan/rng.h>

#include <botan/internal/monty.h>

#include <botan/internal/monty_exp.h>

#include <algorithm>


namespace Botan {


bool is_lucas_probable_prime(const BigInt& C, const Modular_Reducer& mod_C) {

   if(C == 2 || C == 3 || C == 5 || C == 7 || C == 11 || C == 13) {

      return true;

   }


   if(C <= 1 || C.is_even()) {

      return false;

   }


   BigInt D = BigInt::from_word(5);


   for(;;) {

      int32_t j = jacobi(D, C);

      if(j == 0) {

         return false;

      }


      if(j == -1) {

         break;

      }


      // Check 5, -7, 9, -11, 13, -15, 17, ...

      if(D.is_negative()) {

         D.flip_sign();

         D += 2;

      } else {

         D += 2;

         D.flip_sign();

      }


      if(D == 17 && is_perfect_square(C).is_nonzero()) {

         return false;

      }

   }


   const BigInt K = C + 1;

   const size_t K_bits = K.bits() - 1;


   BigInt U = BigInt::one();

   BigInt V = BigInt::one();


   BigInt Ut, Vt, U2, V2;


   for(size_t i = 0; i != K_bits; ++i) {

      const bool k_bit = K.get_bit(K_bits - 1 - i);


      Ut = mod_C.multiply(U, V);


      Vt = mod_C.reduce(mod_C.square(V) + mod_C.multiply(D, mod_C.square(U)));

      Vt.ct_cond_add(Vt.is_odd(), C);

      Vt >>= 1;

      Vt = mod_C.reduce(Vt);


      U = Ut;

      V = Vt;


      U2 = mod_C.reduce(Ut + Vt);

      U2.ct_cond_add(U2.is_odd(), C);

      U2 >>= 1;


      V2 = mod_C.reduce(Vt + Ut * D);

      V2.ct_cond_add(V2.is_odd(), C);

      V2 >>= 1;


      U.ct_cond_assign(k_bit, U2);

      V.ct_cond_assign(k_bit, V2);

   }


   return (U == 0);

}


bool is_bailie_psw_probable_prime(const BigInt& n, const Modular_Reducer& mod_n) {

   if(n == 2) {

      return true;

   } else if(n <= 1 || n.is_even()) {

      return false;

   }


   auto monty_n = std::make_shared<Montgomery_Params>(n, mod_n);

   const auto base = BigInt::from_word(2);

   return passes_miller_rabin_test(n, mod_n, monty_n, base) && is_lucas_probable_prime(n, mod_n);

}


bool is_bailie_psw_probable_prime(const BigInt& n) {

   Modular_Reducer mod_n(n);

   return is_bailie_psw_probable_prime(n, mod_n);

}


bool passes_miller_rabin_test(const BigInt& n,

                              const Modular_Reducer& mod_n,

                              const std::shared_ptr<Montgomery_Params>& monty_n,

                              const BigInt& a) {

   if(n < 3 || n.is_even()) {

      return false;

   }


   BOTAN_ASSERT_NOMSG(n > 1);


   const BigInt n_minus_1 = n - 1;

   const size_t s = low_zero_bits(n_minus_1);

   const BigInt nm1_s = n_minus_1 >> s;

   const size_t n_bits = n.bits();


   const size_t powm_window = 4;


   auto powm_a_n = monty_precompute(monty_n, a, powm_window);


   BigInt y = monty_execute(*powm_a_n, nm1_s, n_bits);


   if(y == 1 || y == n_minus_1) {

      return true;

   }


   for(size_t i = 1; i != s; ++i) {

      y = mod_n.square(y);


      if(y == 1) {  // found a non-trivial square root

         return false;

      }


      /*

      -1 is the trivial square root of unity, so ``a`` is not a

      witness for this number - give up

      */

      if(y == n_minus_1) {

         return true;

      }

   }


   return false;

}


bool is_miller_rabin_probable_prime(const BigInt& n,

                                    const Modular_Reducer& mod_n,

                                    RandomNumberGenerator& rng,

                                    size_t test_iterations) {

   if(n < 3 || n.is_even()) {

      return false;

   }


   auto monty_n = std::make_shared<Montgomery_Params>(n, mod_n);


   for(size_t i = 0; i != test_iterations; ++i) {

      const BigInt a = BigInt::random_integer(rng, BigInt::from_word(2), n);


      if(!passes_miller_rabin_test(n, mod_n, monty_n, a)) {

         return false;

      }

   }


   // Failed to find a counterexample

   return true;

}


size_t miller_rabin_test_iterations(size_t n_bits, size_t prob, bool random) {

   const size_t base = (prob + 2) / 2;  // worst case 4^-t error rate


   /*

   * If the candidate prime was maliciously constructed, we can't rely

   * on arguments based on p being random.

   */

   if(random == false) {

      return base;

   }


   /*

   * For randomly chosen numbers we can use the estimates from

   * http://www.math.dartmouth.edu/~carlp/PDF/paper88.pdf

   *

   * These values are derived from the inequality for p(k,t) given on

   * the second page.

   */

   if(prob <= 128) {

      if(n_bits >= 1536) {

         return 4;  // < 2^-133

      }

      if(n_bits >= 1024) {

         return 6;  // < 2^-133

      }

      if(n_bits >= 512) {

         return 12;  // < 2^-129

      }

      if(n_bits >= 256) {

         return 29;  // < 2^-128

      }

   }


   /*

   If the user desires a smaller error probability than we have

   precomputed error estimates for, just fall back to using the worst

   case error rate.

   */

   return base;

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

Botan::BigInt
Definition bigint.h:26

Botan::BigInt::ct_cond_add
void ct_cond_add(bool predicate, const BigInt &value)
Definition bigint.cpp:424

Botan::BigInt::is_odd
bool is_odd() const
Definition bigint.h:416

Botan::BigInt::random_integer
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition big_rand.cpp:43

Botan::BigInt::ct_cond_assign
void ct_cond_assign(bool predicate, const BigInt &other)
Definition bigint.cpp:487

Botan::BigInt::flip_sign
void flip_sign()
Definition bigint.h:555

Botan::BigInt::one
static BigInt one()
Definition bigint.h:51

Botan::BigInt::bits
size_t bits() const
Definition bigint.cpp:290

Botan::BigInt::is_even
bool is_even() const
Definition bigint.h:410

Botan::BigInt::from_word
static BigInt from_word(word n)
Definition bigint.cpp:42

Botan::BigInt::is_negative
bool is_negative() const
Definition bigint.h:528

Botan::Modular_Reducer
Definition reducer.h:18

Botan::Modular_Reducer::square
BigInt square(const BigInt &x) const
Definition reducer.h:43

Botan::Modular_Reducer::multiply
BigInt multiply(const BigInt &x, const BigInt &y) const
Definition reducer.h:30

Botan::Modular_Reducer::reduce
BigInt reduce(const BigInt &x) const
Definition reducer.cpp:37

Botan::RandomNumberGenerator
Definition rng.h:30

Botan
Definition alg_id.cpp:13

Botan::low_zero_bits
size_t low_zero_bits(const BigInt &n)
Definition numthry.cpp:167

Botan::passes_miller_rabin_test
bool passes_miller_rabin_test(const BigInt &n, const Modular_Reducer &mod_n, const std::shared_ptr< Montgomery_Params > &monty_n, const BigInt &a)
Definition primality.cpp:106

Botan::is_miller_rabin_probable_prime
bool is_miller_rabin_probable_prime(const BigInt &n, const Modular_Reducer &mod_n, RandomNumberGenerator &rng, size_t test_iterations)
Definition primality.cpp:150

Botan::is_bailie_psw_probable_prime
bool is_bailie_psw_probable_prime(const BigInt &n, const Modular_Reducer &mod_n)
Definition primality.cpp:89

Botan::is_perfect_square
BigInt is_perfect_square(const BigInt &C)
Definition numthry.cpp:323

Botan::miller_rabin_test_iterations
size_t miller_rabin_test_iterations(size_t n_bits, size_t prob, bool random)
Definition primality.cpp:172

Botan::jacobi
int32_t jacobi(const BigInt &a, const BigInt &n)
Definition numthry.cpp:116

Botan::is_lucas_probable_prime
bool is_lucas_probable_prime(const BigInt &C, const Modular_Reducer &mod_C)
Definition primality.cpp:18

Botan::monty_execute
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
Definition monty_exp.cpp:150

Botan::monty_precompute
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(const std::shared_ptr< const Montgomery_Params > &params, const BigInt &g, size_t window_bits, bool const_time)
Definition monty_exp.cpp:145