We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
ladybird
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1e95c08db5
Branches Tags
ladybird
/
Userland
/
Libraries
/
LibCrypto
/
NumberTheory
/
ModularFunctions.cpp

ModularFunctions.cpp 8.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241 
  1. /*
    2. 

  2.  * Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
    3. 

  3.  *
    4. 

  4.  * SPDX-License-Identifier: BSD-2-Clause
    5. 

  5.  */
    6. 

  6. 

  7. #include <AK/Debug.h>
    8. 

  8. #include <LibCrypto/BigInt/Algorithms/UnsignedBigIntegerAlgorithms.h>
    9. 

  9. #include <LibCrypto/NumberTheory/ModularFunctions.h>
    10. 

  10. 

  11. namespace Crypto::NumberTheory {
    12. 

  12. 

  13. UnsignedBigInteger Mod(UnsignedBigInteger const& a, UnsignedBigInteger const& b)
    14. 

  14. {
    15. 

  15.     UnsignedBigInteger result;
    16. 

  16.     result.set_to(a);
    17. 

  17.     result.set_to(result.divided_by(b).remainder);
    18. 

  18.     return result;
    19. 

  19. }
    20. 

  20. 

  21. UnsignedBigInteger ModularInverse(UnsignedBigInteger const& a_, UnsignedBigInteger const& b)
    22. 

  22. {
    23. 

  23.     if (b == 1)
    24. 

  24.         return { 1 };
    25. 

  25. 

  26.     UnsignedBigInteger temp_1;
    27. 

  27.     UnsignedBigInteger temp_2;
    28. 

  28.     UnsignedBigInteger temp_3;
    29. 

  29.     UnsignedBigInteger temp_4;
    30. 

  30.     UnsignedBigInteger temp_minus;
    31. 

  31.     UnsignedBigInteger temp_quotient;
    32. 

  32.     UnsignedBigInteger temp_d;
    33. 

  33.     UnsignedBigInteger temp_u;
    34. 

  34.     UnsignedBigInteger temp_v;
    35. 

  35.     UnsignedBigInteger temp_x;
    36. 

  36.     UnsignedBigInteger result;
    37. 

  37. 

  38.     UnsignedBigIntegerAlgorithms::modular_inverse_without_allocation(a_, b, temp_1, temp_2, temp_3, temp_4, temp_minus, temp_quotient, temp_d, temp_u, temp_v, temp_x, result);
    39. 

  39.     return result;
    40. 

  40. }
    41. 

  41. 

  42. UnsignedBigInteger ModularPower(UnsignedBigInteger const& b, UnsignedBigInteger const& e, UnsignedBigInteger const& m)
    43. 

  43. {
    44. 

  44.     if (m == 1)
    45. 

  45.         return 0;
    46. 

  46. 

  47.     if (m.is_odd()) {
    48. 

  48.         UnsignedBigInteger temp_z0 { 0 };
    49. 

  49.         UnsignedBigInteger temp_rr { 0 };
    50. 

  50.         UnsignedBigInteger temp_one { 0 };
    51. 

  51.         UnsignedBigInteger temp_z { 0 };
    52. 

  52.         UnsignedBigInteger temp_zz { 0 };
    53. 

  53.         UnsignedBigInteger temp_x { 0 };
    54. 

  54.         UnsignedBigInteger temp_extra { 0 };
    55. 

  55. 

  56.         UnsignedBigInteger result;
    57. 

  57.         UnsignedBigIntegerAlgorithms::montgomery_modular_power_with_minimal_allocations(b, e, m, temp_z0, temp_rr, temp_one, temp_z, temp_zz, temp_x, temp_extra, result);
    58. 

  58.         return result;
    59. 

  59.     }
    60. 

  60. 

  61.     UnsignedBigInteger ep { e };
    62. 

  62.     UnsignedBigInteger base { b };
    63. 

  63. 

  64.     UnsignedBigInteger result;
    65. 

  65.     UnsignedBigInteger temp_1;
    66. 

  66.     UnsignedBigInteger temp_2;
    67. 

  67.     UnsignedBigInteger temp_3;
    68. 

  68.     UnsignedBigInteger temp_4;
    69. 

  69.     UnsignedBigInteger temp_multiply;
    70. 

  70.     UnsignedBigInteger temp_quotient;
    71. 

  71.     UnsignedBigInteger temp_remainder;
    72. 

  72. 

  73.     UnsignedBigIntegerAlgorithms::destructive_modular_power_without_allocation(ep, base, m, temp_1, temp_2, temp_3, temp_4, temp_multiply, temp_quotient, temp_remainder, result);
    74. 

  74. 

  75.     return result;
    76. 

  76. }
    77. 

  77. 

  78. UnsignedBigInteger GCD(UnsignedBigInteger const& a, UnsignedBigInteger const& b)
    79. 

  79. {
    80. 

  80.     UnsignedBigInteger temp_a { a };
    81. 

  81.     UnsignedBigInteger temp_b { b };
    82. 

  82.     UnsignedBigInteger temp_1;
    83. 

  83.     UnsignedBigInteger temp_2;
    84. 

  84.     UnsignedBigInteger temp_3;
    85. 

  85.     UnsignedBigInteger temp_4;
    86. 

  86.     UnsignedBigInteger temp_quotient;
    87. 

  87.     UnsignedBigInteger temp_remainder;
    88. 

  88.     UnsignedBigInteger output;
    89. 

  89. 

  90.     UnsignedBigIntegerAlgorithms::destructive_GCD_without_allocation(temp_a, temp_b, temp_1, temp_2, temp_3, temp_4, temp_quotient, temp_remainder, output);
    91. 

  91. 

  92.     return output;
    93. 

  93. }
    94. 

  94. 

  95. UnsignedBigInteger LCM(UnsignedBigInteger const& a, UnsignedBigInteger const& b)
    96. 

  96. {
    97. 

  97.     UnsignedBigInteger temp_a { a };
    98. 

  98.     UnsignedBigInteger temp_b { b };
    99. 

  99.     UnsignedBigInteger temp_1;
    100. 

  100.     UnsignedBigInteger temp_2;
    101. 

  101.     UnsignedBigInteger temp_3;
    102. 

  102.     UnsignedBigInteger temp_4;
    103. 

  103.     UnsignedBigInteger temp_quotient;
    104. 

  104.     UnsignedBigInteger temp_remainder;
    105. 

  105.     UnsignedBigInteger gcd_output;
    106. 

  106.     UnsignedBigInteger output { 0 };
    107. 

  107. 

  108.     UnsignedBigIntegerAlgorithms::destructive_GCD_without_allocation(temp_a, temp_b, temp_1, temp_2, temp_3, temp_4, temp_quotient, temp_remainder, gcd_output);
    109. 

  109.     if (gcd_output == 0) {
    110. 

  110.         dbgln_if(NT_DEBUG, "GCD is zero");
    111. 

  111.         return output;
    112. 

  112.     }
    113. 

  113. 

  114.     // output = (a / gcd_output) * b
    115. 

  115.     UnsignedBigIntegerAlgorithms::divide_without_allocation(a, gcd_output, temp_1, temp_2, temp_3, temp_4, temp_quotient, temp_remainder);
    116. 

  116.     UnsignedBigIntegerAlgorithms::multiply_without_allocation(temp_quotient, b, temp_1, temp_2, temp_3, output);
    117. 

  117. 

  118.     dbgln_if(NT_DEBUG, "quot: {} rem: {} out: {}", temp_quotient, temp_remainder, output);
    119. 

  119. 

  120.     return output;
    121. 

  121. }
    122. 

  122. 

  123. static bool MR_primality_test(UnsignedBigInteger n, Vector<UnsignedBigInteger, 256> const& tests)
    124. 

  124. {
    125. 

  125.     // Written using Wikipedia:
    126. 

  126.     // https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test#Miller%E2%80%93Rabin_test
    127. 

  127.     VERIFY(!(n < 4));
    128. 

  128.     auto predecessor = n.minus({ 1 });
    129. 

  129.     auto d = predecessor;
    130. 

  130.     size_t r = 0;
    131. 

  131. 

  132.     {
    133. 

  133.         auto div_result = d.divided_by(2);
    134. 

  134.         while (div_result.remainder == 0) {
    135. 

  135.             d = div_result.quotient;
    136. 

  136.             div_result = d.divided_by(2);
    137. 

  137.             ++r;
    138. 

  138.         }
    139. 

  139.     }
    140. 

  140.     if (r == 0) {
    141. 

  141.         // n - 1 is odd, so n was even. But there is only one even prime:
    142. 

  142.         return n == 2;
    143. 

  143.     }
    144. 

  144. 

  145.     for (auto& a : tests) {
    146. 

  146.         // Technically: VERIFY(2 <= a && a <= n - 2)
    147. 

  147.         VERIFY(a < n);
    148. 

  148.         auto x = ModularPower(a, d, n);
    149. 

  149.         if (x == 1 || x == predecessor)
    150. 

  150.             continue;
    151. 

  151.         bool skip_this_witness = false;
    152. 

  152.         // r − 1 iterations.
    153. 

  153.         for (size_t i = 0; i < r - 1; ++i) {
    154. 

  154.             x = ModularPower(x, 2, n);
    155. 

  155.             if (x == predecessor) {
    156. 

  156.                 skip_this_witness = true;
    157. 

  157.                 break;
    158. 

  158.             }
    159. 

  159.         }
    160. 

  160.         if (skip_this_witness)
    161. 

  161.             continue;
    162. 

  162.         return false; // "composite"
    163. 

  163.     }
    164. 

  164. 

  165.     return true; // "probably prime"
    166. 

  166. }
    167. 

  167. 

  168. UnsignedBigInteger random_number(UnsignedBigInteger const& min, UnsignedBigInteger const& max_excluded)
    169. 

  169. {
    170. 

  170.     VERIFY(min < max_excluded);
    171. 

  171.     auto range = max_excluded.minus(min);
    172. 

  172.     UnsignedBigInteger base;
    173. 

  173.     auto size = range.trimmed_length() * sizeof(u32) + 2;
    174. 

  174.     // "+2" is intentional (see below).
    175. 

  175.     auto buffer = ByteBuffer::create_uninitialized(size).release_value_but_fixme_should_propagate_errors(); // FIXME: Handle possible OOM situation.
    176. 

  176.     auto* buf = buffer.data();
    177. 

  177. 

  178.     fill_with_random(buffer);
    179. 

  179.     UnsignedBigInteger random { buf, size };
    180. 

  180.     // At this point, `random` is a large number, in the range [0, 256^size).
    181. 

  181.     // To get down to the actual range, we could just compute random % range.
    182. 

  182.     // This introduces "modulo bias". However, since we added 2 to `size`,
    183. 

  183.     // we know that the generated range is at least 65536 times as large as the
    184. 

  184.     // required range! This means that the modulo bias is only 0.0015%, if all
    185. 

  185.     // inputs are chosen adversarially. Let's hope this is good enough.
    186. 

  186.     auto divmod = random.divided_by(range);
    187. 

  187.     // The proper way to fix this is to restart if `divmod.quotient` is maximal.
    188. 

  188.     return divmod.remainder.plus(min);
    189. 

  189. }
    190. 

  190. 

  191. bool is_probably_prime(UnsignedBigInteger const& p)
    192. 

  192. {
    193. 

  193.     // Is it a small number?
    194. 

  194.     if (p < 49) {
    195. 

  195.         u32 p_value = p.words()[0];
    196. 

  196.         // Is it a very small prime?
    197. 

  197.         if (p_value == 2 || p_value == 3 || p_value == 5 || p_value == 7)
    198. 

  198.             return true;
    199. 

  199.         // Is it the multiple of a very small prime?
    200. 

  200.         if (p_value % 2 == 0 || p_value % 3 == 0 || p_value % 5 == 0 || p_value % 7 == 0)
    201. 

  201.             return false;
    202. 

  202.         // Then it must be a prime, but not a very small prime, like 37.
    203. 

  203.         return true;
    204. 

  204.     }
    205. 

  205. 

  206.     Vector<UnsignedBigInteger, 256> tests;
    207. 

  207.     // Make some good initial guesses that are guaranteed to find all primes < 2^64.
    208. 

  208.     tests.append(UnsignedBigInteger(2));
    209. 

  209.     tests.append(UnsignedBigInteger(3));
    210. 

  210.     tests.append(UnsignedBigInteger(5));
    211. 

  211.     tests.append(UnsignedBigInteger(7));
    212. 

  212.     tests.append(UnsignedBigInteger(11));
    213. 

  213.     tests.append(UnsignedBigInteger(13));
    214. 

  214.     UnsignedBigInteger seventeen { 17 };
    215. 

  215.     for (size_t i = tests.size(); i < 256; ++i) {
    216. 

  216.         tests.append(random_number(seventeen, p.minus(2)));
    217. 

  217.     }
    218. 

  218.     // Miller-Rabin's "error" is 8^-k. In adversarial cases, it's 4^-k.
    219. 

  219.     // With 200 random numbers, this would mean an error of about 2^-400.
    220. 

  220.     // So we don't need to worry too much about the quality of the random numbers.
    221. 

  221. 

  222.     return MR_primality_test(p, tests);
    223. 

  223. }
    224. 

  224. 

  225. UnsignedBigInteger random_big_prime(size_t bits)
    226. 

  226. {
    227. 

  227.     VERIFY(bits >= 33);
    228. 

  228.     UnsignedBigInteger min = "6074001000"_bigint.shift_left(bits - 33);
    229. 

  229.     UnsignedBigInteger max = UnsignedBigInteger { 1 }.shift_left(bits).minus(1);
    230. 

  230.     for (;;) {
    231. 

  231.         auto p = random_number(min, max);
    232. 

  232.         if ((p.words()[0] & 1) == 0) {
    233. 

  233.             // An even number is definitely not a large prime.
    234. 

  234.             continue;
    235. 

  235.         }
    236. 

  236.         if (is_probably_prime(p))
    237. 

  237.             return p;
    238. 

  238.     }
    239. 

  239. }
    240. 

  240. 

  241. }
    242.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5