3 * $Id: mpmont.c,v 1.6 1999/12/10 23:18:39 mdw Exp $
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.6 1999/12/10 23:18:39 mdw
34 * Change interface for suggested destinations.
36 * Revision 1.5 1999/11/22 13:58:40 mdw
37 * Add an option to disable Montgomery reduction, so that performance
38 * comparisons can be done.
40 * Revision 1.4 1999/11/21 12:27:06 mdw
41 * Remove a division from the Montgomery setup by calculating
42 * %$R^2 \bmod m$% first and then %$R \bmod m$% by Montgomery reduction of
45 * Revision 1.3 1999/11/21 11:35:10 mdw
46 * Performance improvement: use @mp_sqr@ and @mpmont_reduce@ instead of
47 * @mpmont_mul@ for squaring in exponentiation.
49 * Revision 1.2 1999/11/19 13:17:26 mdw
50 * Add extra interface to exponentiation which returns a Montgomerized
53 * Revision 1.1 1999/11/17 18:02:16 mdw
54 * New multiprecision integer arithmetic suite.
58 /*----- Header files ------------------------------------------------------*/
63 /*----- Tweakables --------------------------------------------------------*/
65 /* --- @MPMONT_DISABLE@ --- *
67 * Replace all the clever Montgomery reduction with good old-fashioned long
71 /* #define MPMONT_DISABLE */
73 /*----- Main code ---------------------------------------------------------*/
75 /* --- @mpmont_create@ --- *
77 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
78 * @mp *m@ = modulus to use
82 * Use: Initializes a Montgomery reduction context ready for use.
83 * The argument @m@ must be a positive odd integer.
88 void mpmont_create(mpmont
*mm
, mp
*m
)
98 void mpmont_create(mpmont
*mm
, mp
*m
)
100 /* --- Validate the arguments --- */
102 assert(((void)"Montgomery modulus must be positive",
103 (m
->f
& MP_NEG
) == 0));
104 assert(((void)"Montgomery modulus must be odd", m
->v
[0] & 1));
106 /* --- Take a copy of the modulus --- */
111 /* --- Find the magic value @mi@ --- *
113 * This is a slightly grungy way of solving the problem, but it does work.
117 mpw av
[2] = { 0, 1 };
122 mp_build(&a
, av
, av
+ 2);
123 mp_build(&b
, m
->v
, m
->v
+ 1);
124 mp_gcd(0, 0, &i
, &a
, &b
);
126 if (!(i
->f
& MP_NEG
))
132 /* --- Discover the values %$R \bmod m$% and %$R^2 \bmod m$% --- */
135 size_t l
= MP_LEN(m
);
136 mp
*r
= mp_create(2 * l
+ 1);
138 mm
->shift
= l
* MPW_BITS
;
139 MPX_ZERO(r
->v
, r
->vl
- 1);
142 mp_div(0, &mm
->r2
, r
, m
);
143 mm
->r
= mpmont_reduce(mm
, MP_NEW
, mm
->r2
);
150 /* --- @mpmont_destroy@ --- *
152 * Arguments: @mpmont *mm@ = pointer to a Montgomery reduction context
156 * Use: Disposes of a context when it's no longer of any use to
160 void mpmont_destroy(mpmont
*mm
)
167 /* --- @mpmont_reduce@ --- *
169 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
170 * @mp *d@ = destination
171 * @mp *a@ = source, assumed positive
173 * Returns: Result, %$a R^{-1} \bmod m$%.
176 #ifdef MPMONT_DISABLE
178 mp
*mpmont_reduce(mpmont
*mm
, mp
*d
, mp
*a
)
180 mp_div(0, &d
, a
, mm
->m
);
186 mp
*mpmont_reduce(mpmont
*mm
, mp
*d
, mp
*a
)
192 /* --- Initial conditioning of the arguments --- */
197 MP_MODIFY(d
, 2 * n
+ 1);
199 MP_MODIFY(d
, 2 * n
+ 1);
200 memcpy(d
->v
, a
->v
, MPWS(MP_LEN(a
)));
201 memset(d
->v
+ MP_LEN(a
), 0, MPWS(MP_LEN(d
) - MP_LEN(a
)));
204 dv
= d
->v
; dvl
= d
->vl
;
205 mv
= mm
->m
->v
; mvl
= mm
->m
->vl
;
207 /* --- Let's go to work --- */
210 mpw u
= MPW(*dv
* mm
->mi
);
211 MPX_UMLAN(dv
, dvl
, mv
, mvl
, u
);
217 memmove(d
->v
, dv
, MPWS(dvl
- dv
));
220 d
->f
= a
->f
& MP_BURN
;
221 if (MP_CMP(d
, >=, mm
->m
))
222 d
= mp_sub(d
, d
, mm
->m
);
228 /* --- @mpmont_mul@ --- *
230 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
231 * @mp *d@ = destination
232 * @mp *a, *b@ = sources, assumed positive
234 * Returns: Result, %$a b R^{-1} \bmod m$%.
237 #ifdef MPMONT_DISABLE
239 mp
*mpmont_mul(mpmont
*mm
, mp
*d
, mp
*a
, mp
*b
)
242 mp_div(0, &d
, d
, mm
->m
);
248 mp
*mpmont_mul(mpmont
*mm
, mp
*d
, mp
*a
, mp
*b
)
250 if (MP_LEN(a
) > KARATSUBA_CUTOFF
&& MP_LEN(b
) > KARATSUBA_CUTOFF
) {
252 d
= mpmont_reduce(mm
, d
, d
);
261 /* --- Initial conditioning of the arguments --- */
263 if (MP_LEN(a
) > MP_LEN(b
)) {
264 mp
*t
= a
; a
= b
; b
= t
;
270 MP_MODIFY(d
, 2 * n
+ 1);
271 dv
= d
->v
; dvl
= d
->vl
;
273 av
= a
->v
; avl
= a
->vl
;
274 bv
= b
->v
; bvl
= b
->vl
;
275 mv
= mm
->m
->v
; mvl
= mm
->m
->vl
;
278 /* --- Montgomery multiplication phase --- */
281 while (i
< n
&& av
< avl
) {
283 mpw u
= MPW((*dv
+ x
* y
) * mm
->mi
);
284 MPX_UMLAN(dv
, dvl
, bv
, bvl
, x
);
285 MPX_UMLAN(dv
, dvl
, mv
, mvl
, u
);
290 /* --- Simpler Montgomery reduction phase --- */
293 mpw u
= MPW(*dv
* mm
->mi
);
294 MPX_UMLAN(dv
, dvl
, mv
, mvl
, u
);
301 memmove(d
->v
, dv
, MPWS(dvl
- dv
));
304 d
->f
= (a
->f
| b
->f
) & MP_BURN
;
305 if (MP_CMP(d
, >=, mm
->m
))
306 d
= mp_sub(d
, d
, mm
->m
);
316 /* --- @mpmont_expr@ --- *
318 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
319 * @mp *d@ = fake destination
323 * Returns: Result, %$a^e R \bmod m$%.
326 mp
*mpmont_expr(mpmont
*mm
, mp
*d
, mp
*a
, mp
*e
)
329 mp
*ar
= mpmont_mul(mm
, MP_NEW
, a
, mm
->r2
);
330 mp
*x
= MP_COPY(mm
->r
);
341 dd
= mp_sqr(spare
, ar
);
342 dd
= mpmont_reduce(mm
, dd
, dd
);
346 dd
= mpmont_mul(mm
, spare
, x
, ar
);
362 /* --- @mpmont_exp@ --- *
364 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
365 * @mp *d@ = fake destination
369 * Returns: Result, %$a^e \bmod m$%.
372 mp
*mpmont_exp(mpmont
*mm
, mp
*d
, mp
*a
, mp
*e
)
374 d
= mpmont_expr(mm
, d
, a
, e
);
375 d
= mpmont_reduce(mm
, d
, d
);
379 /*----- Test rig ----------------------------------------------------------*/
383 static int tcreate(dstr
*v
)
385 mp
*m
= *(mp
**)v
[0].buf
;
386 mp
*mi
= *(mp
**)v
[1].buf
;
387 mp
*r
= *(mp
**)v
[2].buf
;
388 mp
*r2
= *(mp
**)v
[3].buf
;
393 mpmont_create(&mm
, m
);
395 if (mm
.mi
!= mi
->v
[0]) {
396 fprintf(stderr
, "\n*** bad mi: found %lu, expected %lu",
397 (unsigned long)mm
.mi
, (unsigned long)mi
->v
[0]);
398 fputs("\nm = ", stderr
); mp_writefile(m
, stderr
, 10);
403 if (MP_CMP(mm
.r
, !=, r
)) {
404 fputs("\n*** bad r", stderr
);
405 fputs("\nm = ", stderr
); mp_writefile(m
, stderr
, 10);
406 fputs("\nexpected ", stderr
); mp_writefile(r
, stderr
, 10);
407 fputs("\n found ", stderr
); mp_writefile(mm
.r
, stderr
, 10);
412 if (MP_CMP(mm
.r2
, !=, r2
)) {
413 fputs("\n*** bad r2", stderr
);
414 fputs("\nm = ", stderr
); mp_writefile(m
, stderr
, 10);
415 fputs("\nexpected ", stderr
); mp_writefile(r2
, stderr
, 10);
416 fputs("\n found ", stderr
); mp_writefile(mm
.r2
, stderr
, 10);
426 assert(mparena_count(MPARENA_GLOBAL
) == 0);
430 static int tmul(dstr
*v
)
432 mp
*m
= *(mp
**)v
[0].buf
;
433 mp
*a
= *(mp
**)v
[1].buf
;
434 mp
*b
= *(mp
**)v
[2].buf
;
435 mp
*r
= *(mp
**)v
[3].buf
;
439 mpmont_create(&mm
, m
);
442 mp
*qr
= mp_mul(MP_NEW
, a
, b
);
443 mp_div(0, &qr
, qr
, m
);
445 if (MP_CMP(qr
, !=, r
)) {
446 fputs("\n*** classical modmul failed", stderr
);
447 fputs("\n m = ", stderr
); mp_writefile(m
, stderr
, 10);
448 fputs("\n a = ", stderr
); mp_writefile(a
, stderr
, 10);
449 fputs("\n b = ", stderr
); mp_writefile(b
, stderr
, 10);
450 fputs("\n r = ", stderr
); mp_writefile(r
, stderr
, 10);
451 fputs("\nqr = ", stderr
); mp_writefile(qr
, stderr
, 10);
460 mp
*ar
= mpmont_mul(&mm
, MP_NEW
, a
, mm
.r2
);
461 mp
*br
= mpmont_mul(&mm
, MP_NEW
, b
, mm
.r2
);
462 mp
*mr
= mpmont_mul(&mm
, MP_NEW
, ar
, br
);
463 mr
= mpmont_reduce(&mm
, mr
, mr
);
464 if (MP_CMP(mr
, !=, r
)) {
465 fputs("\n*** montgomery modmul failed", stderr
);
466 fputs("\n m = ", stderr
); mp_writefile(m
, stderr
, 10);
467 fputs("\n a = ", stderr
); mp_writefile(a
, stderr
, 10);
468 fputs("\n b = ", stderr
); mp_writefile(b
, stderr
, 10);
469 fputs("\n r = ", stderr
); mp_writefile(r
, stderr
, 10);
470 fputs("\nmr = ", stderr
); mp_writefile(mr
, stderr
, 10);
474 MP_DROP(ar
); MP_DROP(br
);
484 assert(mparena_count(MPARENA_GLOBAL
) == 0);
488 static int texp(dstr
*v
)
490 mp
*m
= *(mp
**)v
[0].buf
;
491 mp
*a
= *(mp
**)v
[1].buf
;
492 mp
*b
= *(mp
**)v
[2].buf
;
493 mp
*r
= *(mp
**)v
[3].buf
;
498 mpmont_create(&mm
, m
);
500 mr
= mpmont_exp(&mm
, MP_NEW
, a
, b
);
502 if (MP_CMP(mr
, !=, r
)) {
503 fputs("\n*** montgomery modexp failed", stderr
);
504 fputs("\n m = ", stderr
); mp_writefile(m
, stderr
, 10);
505 fputs("\n a = ", stderr
); mp_writefile(a
, stderr
, 10);
506 fputs("\n e = ", stderr
); mp_writefile(b
, stderr
, 10);
507 fputs("\n r = ", stderr
); mp_writefile(r
, stderr
, 10);
508 fputs("\nmr = ", stderr
); mp_writefile(mr
, stderr
, 10);
519 assert(mparena_count(MPARENA_GLOBAL
) == 0);
524 static test_chunk tests
[] = {
525 { "create", tcreate
, { &type_mp
, &type_mp
, &type_mp
, &type_mp
, 0 } },
526 { "mul", tmul
, { &type_mp
, &type_mp
, &type_mp
, &type_mp
, 0 } },
527 { "exp", texp
, { &type_mp
, &type_mp
, &type_mp
, &type_mp
, 0 } },
531 int main(int argc
, char *argv
[])
534 test_run(argc
, argv
, tests
, SRCDIR
"/tests/mpmont");
540 /*----- That's all, folks -------------------------------------------------*/
projects / u / mdw / catacomb / blob