Crypto++  8.6
Free C++ class library of cryptographic schemes
nbtheory.h
Go to the documentation of this file.
1 // nbtheory.h - originally written and placed in the public domain by Wei Dai
2 
3 /// \file nbtheory.h
4 /// \brief Classes and functions for number theoretic operations
5 
6 #ifndef CRYPTOPP_NBTHEORY_H
7 #define CRYPTOPP_NBTHEORY_H
8 
9 #include "cryptlib.h"
10 #include "integer.h"
11 #include "algparam.h"
12 
13 NAMESPACE_BEGIN(CryptoPP)
14 
15 /// \brief The Small Prime table
16 /// \details GetPrimeTable obtains pointer to small prime table and provides the size of the table.
17 CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size);
18 
19 // ************ primality testing ****************
20 
21 /// \brief Generates a provable prime
22 /// \param rng a RandomNumberGenerator to produce random material
23 /// \param bits the number of bits in the prime number
24 /// \return Integer() meeting Maurer's tests for primality
25 CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
26 
27 /// \brief Generates a provable prime
28 /// \param rng a RandomNumberGenerator to produce random material
29 /// \param bits the number of bits in the prime number
30 /// \return Integer() meeting Mihailescu's tests for primality
31 /// \details Mihailescu's methods performs a search using algorithmic progressions.
32 CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
33 
34 /// \brief Tests whether a number is a small prime
35 /// \param p a candidate prime to test
36 /// \return true if p is a small prime, false otherwise
37 /// \details Internally, the library maintains a table of the first 32719 prime numbers
38 /// in sorted order. IsSmallPrime searches the table and returns true if p is
39 /// in the table.
40 CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p);
41 
42 /// \brief Tests whether a number is divisible by a small prime
43 /// \return true if p is divisible by some prime less than bound.
44 /// \details TrialDivision() returns <tt>true</tt> if <tt>p</tt> is divisible by some prime less
45 /// than <tt>bound</tt>. <tt>bound</tt> should not be greater than the largest entry in the
46 /// prime table, which is 32719.
47 CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound);
48 
49 /// \brief Tests whether a number is divisible by a small prime
50 /// \return true if p is NOT divisible by small primes.
51 /// \details SmallDivisorsTest() returns <tt>true</tt> if <tt>p</tt> is NOT divisible by some
52 /// prime less than 32719.
53 CRYPTOPP_DLL bool CRYPTOPP_API SmallDivisorsTest(const Integer &p);
54 
55 /// \brief Determine if a number is probably prime
56 /// \param n the number to test
57 /// \param b the base to exponentiate
58 /// \return true if the number n is probably prime, false otherwise.
59 /// \details IsFermatProbablePrime raises <tt>b</tt> to the <tt>n-1</tt> power and checks if
60 /// the result is congruent to 1 modulo <tt>n</tt>.
61 /// \details These is no reason to use IsFermatProbablePrime, use IsStrongProbablePrime or
62 /// IsStrongLucasProbablePrime instead.
63 /// \sa IsStrongProbablePrime, IsStrongLucasProbablePrime
64 CRYPTOPP_DLL bool CRYPTOPP_API IsFermatProbablePrime(const Integer &n, const Integer &b);
65 
66 /// \brief Determine if a number is probably prime
67 /// \param n the number to test
68 /// \return true if the number n is probably prime, false otherwise.
69 /// \details These is no reason to use IsLucasProbablePrime, use IsStrongProbablePrime or
70 /// IsStrongLucasProbablePrime instead.
71 /// \sa IsStrongProbablePrime, IsStrongLucasProbablePrime
72 CRYPTOPP_DLL bool CRYPTOPP_API IsLucasProbablePrime(const Integer &n);
73 
74 /// \brief Determine if a number is probably prime
75 /// \param n the number to test
76 /// \param b the base to exponentiate
77 /// \return true if the number n is probably prime, false otherwise.
78 CRYPTOPP_DLL bool CRYPTOPP_API IsStrongProbablePrime(const Integer &n, const Integer &b);
79 
80 /// \brief Determine if a number is probably prime
81 /// \param n the number to test
82 /// \return true if the number n is probably prime, false otherwise.
83 CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n);
84 
85 /// \brief Determine if a number is probably prime
86 /// \param rng a RandomNumberGenerator to produce random material
87 /// \param n the number to test
88 /// \param rounds the number of tests to perform
89 /// \details This is the Rabin-Miller primality test, i.e. repeating the strong probable prime
90 /// test for several rounds with random bases
91 /// \sa <A HREF="https://crypto.stackexchange.com/q/17707/10496">Trial divisions before
92 /// Miller-Rabin checks?</A> on Crypto Stack Exchange
93 CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &n, unsigned int rounds);
94 
95 /// \brief Verifies a number is probably prime
96 /// \param p a candidate prime to test
97 /// \return true if p is a probable prime, false otherwise
98 /// \details IsPrime() is suitable for testing candidate primes when creating them. Internally,
99 /// IsPrime() utilizes SmallDivisorsTest(), IsStrongProbablePrime() and IsStrongLucasProbablePrime().
100 CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p);
101 
102 /// \brief Verifies a number is probably prime
103 /// \param rng a RandomNumberGenerator for randomized testing
104 /// \param p a candidate prime to test
105 /// \param level the level of thoroughness of testing
106 /// \return true if p is a strong probable prime, false otherwise
107 /// \details VerifyPrime() is suitable for testing candidate primes created by others. Internally,
108 /// VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candidate passes and
109 /// level is greater than 1, then 10 round RabinMillerTest() primality testing is performed.
110 CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1);
111 
112 /// \brief Application callback to signal suitability of a cabdidate prime
113 class CRYPTOPP_DLL PrimeSelector
114 {
115 public:
116  virtual ~PrimeSelector() {}
117  const PrimeSelector *GetSelectorPointer() const {return this;}
118  virtual bool IsAcceptable(const Integer &candidate) const =0;
119 };
120 
121 /// \brief Finds a random prime of special form
122 /// \param p an Integer reference to receive the prime
123 /// \param max the maximum value
124 /// \param equiv the equivalence class based on the parameter mod
125 /// \param mod the modulus used to reduce the equivalence class
126 /// \param pSelector pointer to a PrimeSelector function for the application to signal suitability
127 /// \return true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime()
128 /// returns false, then no such prime exists and the value of p is undefined
129 /// \details FirstPrime() uses a fast sieve to find the first probable prime
130 /// in <tt>{x | p<=x<=max and x%mod==equiv}</tt>
131 CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector);
132 
133 CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max);
134 
135 CRYPTOPP_DLL AlgorithmParameters CRYPTOPP_API MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength);
136 
137 // ********** other number theoretic functions ************
138 
139 /// \brief Calculate the greatest common divisor
140 /// \param a the first term
141 /// \param b the second term
142 /// \return the greatest common divisor if one exists, 0 otherwise.
143 inline Integer GCD(const Integer &a, const Integer &b)
144  {return Integer::Gcd(a,b);}
145 
146 /// \brief Determine relative primality
147 /// \param a the first term
148 /// \param b the second term
149 /// \return true if <tt>a</tt> and <tt>b</tt> are relatively prime, false otherwise.
150 inline bool RelativelyPrime(const Integer &a, const Integer &b)
151  {return Integer::Gcd(a,b) == Integer::One();}
152 
153 /// \brief Calculate the least common multiple
154 /// \param a the first term
155 /// \param b the second term
156 /// \return the least common multiple of <tt>a</tt> and <tt>b</tt>.
157 inline Integer LCM(const Integer &a, const Integer &b)
158  {return a/Integer::Gcd(a,b)*b;}
159 
160 /// \brief Calculate multiplicative inverse
161 /// \param a the number to test
162 /// \param b the modulus
163 /// \return an Integer <tt>(a ^ -1) % n</tt> or 0 if none exists.
164 /// \details EuclideanMultiplicativeInverse returns the multiplicative inverse of the Integer
165 /// <tt>*a</tt> modulo the Integer <tt>b</tt>. If no Integer exists then Integer 0 is returned.
167  {return a.InverseMod(b);}
168 
169 
170 /// \brief Chinese Remainder Theorem
171 /// \param xp the first number, mod p
172 /// \param p the first prime modulus
173 /// \param xq the second number, mod q
174 /// \param q the second prime modulus
175 /// \param u inverse of p mod q
176 /// \return the CRT value of the parameters
177 /// \details CRT uses the Chinese Remainder Theorem to calculate <tt>x</tt> given
178 /// <tt>x mod p</tt> and <tt>x mod q</tt>, and <tt>u</tt> the inverse of <tt>p mod q</tt>.
179 CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u);
180 
181 /// \brief Calculate the Jacobi symbol
182 /// \param a the first term
183 /// \param b the second term
184 /// \return the Jacobi symbol.
185 /// \details Jacobi symbols are calculated using the following rules:
186 /// -# if <tt>b</tt> is prime, then <tt>Jacobi(a, b)</tt>, then return 0
187 /// -# if <tt>a%b</tt>==0 AND <tt>a</tt> is quadratic residue <tt>mod b</tt>, then return 1
188 /// -# return -1 otherwise
189 /// \details Refer to a number theory book for what Jacobi symbol means when <tt>b</tt> is not prime.
190 CRYPTOPP_DLL int CRYPTOPP_API Jacobi(const Integer &a, const Integer &b);
191 
192 /// \brief Calculate the Lucas value
193 /// \return the Lucas value
194 /// \details Lucas() calculates the Lucas function <tt>V_e(p, 1) mod n</tt>.
195 CRYPTOPP_DLL Integer CRYPTOPP_API Lucas(const Integer &e, const Integer &p, const Integer &n);
196 
197 /// \brief Calculate the inverse Lucas value
198 /// \return the inverse Lucas value
199 /// \details InverseLucas() calculates <tt>x</tt> such that <tt>m==Lucas(e, x, p*q)</tt>,
200 /// <tt>p q</tt> primes, <tt>u</tt> is inverse of <tt>p mod q</tt>.
201 CRYPTOPP_DLL Integer CRYPTOPP_API InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u);
202 
203 /// \brief Modular multiplication
204 /// \param x the first term
205 /// \param y the second term
206 /// \param m the modulus
207 /// \return an Integer <tt>(x * y) % m</tt>.
208 inline Integer ModularMultiplication(const Integer &x, const Integer &y, const Integer &m)
209  {return a_times_b_mod_c(x, y, m);}
210 
211 /// \brief Modular exponentiation
212 /// \param x the base
213 /// \param e the exponent
214 /// \param m the modulus
215 /// \return an Integer <tt>(a ^ b) % m</tt>.
216 inline Integer ModularExponentiation(const Integer &x, const Integer &e, const Integer &m)
217  {return a_exp_b_mod_c(x, e, m);}
218 
219 /// \brief Extract a modular square root
220 /// \param a the number to extract square root
221 /// \param p the prime modulus
222 /// \return the modular square root if it exists
223 /// \details ModularSquareRoot returns <tt>x</tt> such that <tt>x*x%p == a</tt>, <tt>p</tt> prime
224 CRYPTOPP_DLL Integer CRYPTOPP_API ModularSquareRoot(const Integer &a, const Integer &p);
225 
226 /// \brief Extract a modular root
227 /// \return a modular root if it exists
228 /// \details ModularRoot returns <tt>x</tt> such that <tt>a==ModularExponentiation(x, e, p*q)</tt>,
229 /// <tt>p</tt> <tt>q</tt> primes, and <tt>e</tt> relatively prime to <tt>(p-1)*(q-1)</tt>,
230 /// <tt>dp=d%(p-1)</tt>, <tt>dq=d%(q-1)</tt>, (d is inverse of <tt>e mod (p-1)*(q-1)</tt>)
231 /// and <tt>u=inverse of p mod q</tt>.
232 CRYPTOPP_DLL Integer CRYPTOPP_API ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, const Integer &p, const Integer &q, const Integer &u);
233 
234 /// \brief Solve a Modular Quadratic Equation
235 /// \param r1 the first residue
236 /// \param r2 the second residue
237 /// \param a the first coefficient
238 /// \param b the second coefficient
239 /// \param c the third constant
240 /// \param p the prime modulus
241 /// \return true if solutions exist
242 /// \details SolveModularQuadraticEquation() finds <tt>r1</tt> and <tt>r2</tt> such that <tt>ax^2 +
243 /// bx + c == 0 (mod p)</tt> for x in <tt>{r1, r2}</tt>, <tt>p</tt> prime.
244 CRYPTOPP_DLL bool CRYPTOPP_API SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p);
245 
246 /// \brief Estimate work factor
247 /// \param bitlength the size of the number, in bits
248 /// \return the estimated work factor, in operations
249 /// \details DiscreteLogWorkFactor returns log base 2 of estimated number of operations to
250 /// calculate discrete log or factor a number.
251 CRYPTOPP_DLL unsigned int CRYPTOPP_API DiscreteLogWorkFactor(unsigned int bitlength);
252 
253 /// \brief Estimate work factor
254 /// \param bitlength the size of the number, in bits
255 /// \return the estimated work factor, in operations
256 /// \details FactoringWorkFactor returns log base 2 of estimated number of operations to
257 /// calculate discrete log or factor a number.
258 CRYPTOPP_DLL unsigned int CRYPTOPP_API FactoringWorkFactor(unsigned int bitlength);
259 
260 // ********************************************************
261 
262 /// \brief Generator of prime numbers of special forms
263 class CRYPTOPP_DLL PrimeAndGenerator
264 {
265 public:
266  /// \brief Construct a PrimeAndGenerator
268 
269  /// \brief Construct a PrimeAndGenerator
270  /// \param delta +1 or -1
271  /// \param rng a RandomNumberGenerator derived class
272  /// \param pbits the number of bits in the prime p
273  /// \details PrimeAndGenerator() generates a random prime p of the form <tt>2*q+delta</tt>, where delta is 1 or -1 and q is
274  /// also prime. Internally the constructor calls <tt>Generate(delta, rng, pbits, pbits-1)</tt>.
275  /// \pre <tt>pbits > 5</tt>
276  /// \warning This PrimeAndGenerator() is slow because primes of this form are harder to find.
277  PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits)
278  {Generate(delta, rng, pbits, pbits-1);}
279 
280  /// \brief Construct a PrimeAndGenerator
281  /// \param delta +1 or -1
282  /// \param rng a RandomNumberGenerator derived class
283  /// \param pbits the number of bits in the prime p
284  /// \param qbits the number of bits in the prime q
285  /// \details PrimeAndGenerator() generates a random prime p of the form <tt>2*r*q+delta</tt>, where q is also prime.
286  /// Internally the constructor calls <tt>Generate(delta, rng, pbits, qbits)</tt>.
287  /// \pre <tt>qbits > 4 && pbits > qbits</tt>
288  PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits)
289  {Generate(delta, rng, pbits, qbits);}
290 
291  /// \brief Generate a Prime and Generator
292  /// \param delta +1 or -1
293  /// \param rng a RandomNumberGenerator derived class
294  /// \param pbits the number of bits in the prime p
295  /// \param qbits the number of bits in the prime q
296  /// \details Generate() generates a random prime p of the form <tt>2*r*q+delta</tt>, where q is also prime.
297  void Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits);
298 
299  /// \brief Retrieve first prime
300  /// \return Prime() returns the prime p.
301  const Integer& Prime() const {return p;}
302 
303  /// \brief Retrieve second prime
304  /// \return SubPrime() returns the prime q.
305  const Integer& SubPrime() const {return q;}
306 
307  /// \brief Retrieve the generator
308  /// \return Generator() returns the generator g.
309  const Integer& Generator() const {return g;}
310 
311 private:
312  Integer p, q, g;
313 };
314 
315 NAMESPACE_END
316 
317 #endif
AlgorithmParameters
An object that implements NameValuePairs.
Definition: algparam.h:425
PrimeAndGenerator::SubPrime
const Integer & SubPrime() const
Retrieve second prime.
Definition: nbtheory.h:305
FactoringWorkFactor
CRYPTOPP_DLL unsigned int FactoringWorkFactor(unsigned int bitlength)
Estimate work factor.
IsStrongProbablePrime
CRYPTOPP_DLL bool IsStrongProbablePrime(const Integer &n, const Integer &b)
Determine if a number is probably prime.
PrimeAndGenerator::PrimeAndGenerator
PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits)
Construct a PrimeAndGenerator.
Definition: nbtheory.h:277
Jacobi
CRYPTOPP_DLL int Jacobi(const Integer &a, const Integer &b)
Calculate the Jacobi symbol.
PrimeAndGenerator::PrimeAndGenerator
PrimeAndGenerator()
Construct a PrimeAndGenerator.
Definition: nbtheory.h:267
DiscreteLogWorkFactor
CRYPTOPP_DLL unsigned int DiscreteLogWorkFactor(unsigned int bitlength)
Estimate work factor.
EuclideanMultiplicativeInverse
Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b)
Calculate multiplicative inverse.
Definition: nbtheory.h:166
MaurerProvablePrime
CRYPTOPP_DLL Integer MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits)
Generates a provable prime.
ModularSquareRoot
CRYPTOPP_DLL Integer ModularSquareRoot(const Integer &a, const Integer &p)
Extract a modular square root.
PrimeAndGenerator::Generator
const Integer & Generator() const
Retrieve the generator.
Definition: nbtheory.h:309
GetPrimeTable
const CRYPTOPP_DLL word16 * GetPrimeTable(unsigned int &size)
The Small Prime table.
CRT
CRYPTOPP_DLL Integer CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u)
Chinese Remainder Theorem.
Lucas
CRYPTOPP_DLL Integer Lucas(const Integer &e, const Integer &p, const Integer &n)
Calculate the Lucas value.
IsSmallPrime
CRYPTOPP_DLL bool IsSmallPrime(const Integer &p)
Tests whether a number is a small prime.
ModularExponentiation
Integer ModularExponentiation(const Integer &x, const Integer &e, const Integer &m)
Modular exponentiation.
Definition: nbtheory.h:216
IsLucasProbablePrime
CRYPTOPP_DLL bool IsLucasProbablePrime(const Integer &n)
Determine if a number is probably prime.
ModularMultiplication
Integer ModularMultiplication(const Integer &x, const Integer &y, const Integer &m)
Modular multiplication.
Definition: nbtheory.h:208
RandomNumberGenerator
Interface for random number generators.
Definition: cryptlib.h:1434
ModularRoot
CRYPTOPP_DLL Integer ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, const Integer &p, const Integer &q, const Integer &u)
Extract a modular root.
FirstPrime
CRYPTOPP_DLL bool FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector)
Finds a random prime of special form.
PrimeSelector
Application callback to signal suitability of a cabdidate prime.
Definition: nbtheory.h:113
GCD
Integer GCD(const Integer &a, const Integer &b)
Calculate the greatest common divisor.
Definition: nbtheory.h:143
PrimeAndGenerator
Generator of prime numbers of special forms.
Definition: nbtheory.h:263
IsFermatProbablePrime
CRYPTOPP_DLL bool IsFermatProbablePrime(const Integer &n, const Integer &b)
Determine if a number is probably prime.
IsStrongLucasProbablePrime
CRYPTOPP_DLL bool IsStrongLucasProbablePrime(const Integer &n)
Determine if a number is probably prime.
LCM
Integer LCM(const Integer &a, const Integer &b)
Calculate the least common multiple.
Definition: nbtheory.h:157
TrialDivision
CRYPTOPP_DLL bool TrialDivision(const Integer &p, unsigned bound)
Tests whether a number is divisible by a small prime.
CryptoPP
Crypto++ library namespace.
PrimeAndGenerator::PrimeAndGenerator
PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits)
Construct a PrimeAndGenerator.
Definition: nbtheory.h:288
CRYPTOPP_API
#define CRYPTOPP_API
Win32 calling convention.
Definition: config_dll.h:119
MihailescuProvablePrime
CRYPTOPP_DLL Integer MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits)
Generates a provable prime.
IsPrime
CRYPTOPP_DLL bool IsPrime(const Integer &p)
Verifies a number is probably prime.
SolveModularQuadraticEquation
CRYPTOPP_DLL bool SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p)
Solve a Modular Quadratic Equation.
InverseLucas
CRYPTOPP_DLL Integer InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u)
Calculate the inverse Lucas value.
SmallDivisorsTest
CRYPTOPP_DLL bool SmallDivisorsTest(const Integer &p)
Tests whether a number is divisible by a small prime.
RelativelyPrime
bool RelativelyPrime(const Integer &a, const Integer &b)
Determine relative primality.
Definition: nbtheory.h:150
PrimeAndGenerator::Prime
const Integer & Prime() const
Retrieve first prime.
Definition: nbtheory.h:301
VerifyPrime
CRYPTOPP_DLL bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level=1)
Verifies a number is probably prime.
Integer::One
static const Integer & One()
Integer representing 1.
word16
unsigned short word16
16-bit unsigned datatype
Definition: config_int.h:59
cryptlib.h
Abstract base classes that provide a uniform interface to this library.
Integer::Gcd
static Integer Gcd(const Integer &a, const Integer &n)
Calculate greatest common divisor.
algparam.h
Classes for working with NameValuePairs.
integer.h
Multiple precision integer with arithmetic operations.
RabinMillerTest
CRYPTOPP_DLL bool RabinMillerTest(RandomNumberGenerator &rng, const Integer &n, unsigned int rounds)
Determine if a number is probably prime.
Integer
Multiple precision integer with arithmetic operations.
Definition: integer.h:49