/* -*-c-*-
*
- * $Id: gfreduce.c,v 1.3 2004/03/23 15:19:32 mdw Exp $
+ * $Id$
*
* Efficient reduction modulo sparse binary polynomials
*
* (c) 2004 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfreduce.c,v $
- * Revision 1.3 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
* words to demonstrate what I'm talking about.
*
* xxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
- * 001ppppp pppppppp pppppppp pppppppp
- * |<rp>|
- * |<------------ bp ------------->|
- * |<------------ nw --------------->|
+ * 001ppppp pppppppp pppppppp pppppppp
+ * |<rp>|
+ * |<------------ bp ------------->|
+ * |<------------ nw --------------->|
*
* The trick of taking whole words off of @X@ stops working when there are
* only @nw@ words left. Then we have to mask off the bottom bits of @w@
void gfreduce_create(gfreduce *r, mp *p)
{
instr_v iv = DA_INIT;
- unsigned long d, dw;
+ unsigned long d;
+ unsigned dw;
mpscan sc;
unsigned long i;
gfreduce_instr *ip;
unsigned f = 0;
- size_t w, ww, wi, wl, ll;
+ size_t w, ww, wi, wl, ll, bb;
/* --- Sort out the easy stuff --- */
wi = DA_LEN(&iv);
f = 0;
ll = 0;
+ bb = MPW_BITS - dw;
for (i = 0, mp_scan(&sc, p); mp_step(&sc) && i < d; i++) {
if (!mp_bit(&sc))
continue;
w = ww;
wi = DA_LEN(&iv);
}
- INSTR(GFRI_LSL, (i - d)%MPW_BITS);
- if ((i - d)%MPW_BITS)
+ INSTR(GFRI_LSL, (bb + i)%MPW_BITS);
+ if ((bb + i)%MPW_BITS)
f |= f_lsr;
}
wl = DA_LEN(&iv);
y = gfreduce_do(r, t, t);
y = gf_add(y, y, x);
}
- rc = !MP_ISZERO(y);
+ rc = !MP_ZEROP(y);
mp_drop(spare);
mp_drop(y);
return (rc);
z = gf_add(z, z, t);
w = gf_add(w, w, rho);
}
- if (!MP_ISZERO(w))
+ if (!MP_ZEROP(w))
break;
MP_DROP(z);
MP_DROP(w);
/* --- @gfreduce_exp@ --- *
*
* Arguments: @gfreduce *gr@ = pointer to reduction context
- * @mp *d@ = fake destination
- * @mp *a@ = base
- * @mp *e@ = exponent
+ * @mp *d@ = fake destination
+ * @mp *a@ = base
+ * @mp *e@ = exponent
*
- * Returns: Result, %$a^e \bmod m$%.
+ * Returns: Result, %$a^e \bmod m$%.
*/
mp *gfreduce_exp(gfreduce *gr, mp *d, mp *a, mp *e)
mp *spare = (e->f & MP_BURN) ? MP_NEWSEC : MP_NEW;
MP_SHRINK(e);
- if (!MP_LEN(e))
+ MP_COPY(a);
+ if (MP_ZEROP(e))
;
- else if (MP_LEN(e) < EXP_THRESH)
- EXP_SIMPLE(x, a, e);
- else
- EXP_WINDOW(x, a, e);
+ else {
+ if (MP_NEGP(e))
+ a = gf_modinv(a, a, gr->p);
+ if (MP_LEN(e) < EXP_THRESH)
+ EXP_SIMPLE(x, a, e);
+ else
+ EXP_WINDOW(x, a, e);
+ }
mp_drop(d);
+ mp_drop(a);
mp_drop(spare);
return (x);
}
ok = 0;
}
gfreduce_destroy(&rr);
- mp_drop(p); mp_drop(x);
+ mp_drop(p); mp_drop(x);
assert(mparena_count(MPARENA_GLOBAL) == 0);
return (ok);
}