aboutsummaryrefslogtreecommitdiffstats
path: root/moon-abe/pbc-0.5.14/guru/indexcalculus.c
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2015-09-04 07:35:06 +0000
committerGerrit Code Review <gerrit@172.30.200.206>2015-09-04 07:35:06 +0000
commitca6aa8198d2335f8c326c3dd4d26bf5899064214 (patch)
tree6274a2d971fc0cac0896efe8583927d0190e3d20 /moon-abe/pbc-0.5.14/guru/indexcalculus.c
parent92fd2dbfb672d7b2b1cdfd5dd5cf89f7716b3e12 (diff)
parent3baeb11a8fbcfcdbc31976d421f17b85503b3ecd (diff)
Merge "init attribute-based encryption"
Diffstat (limited to 'moon-abe/pbc-0.5.14/guru/indexcalculus.c')
-rw-r--r--moon-abe/pbc-0.5.14/guru/indexcalculus.c869
1 files changed, 869 insertions, 0 deletions
diff --git a/moon-abe/pbc-0.5.14/guru/indexcalculus.c b/moon-abe/pbc-0.5.14/guru/indexcalculus.c
new file mode 100644
index 00000000..4ef5e4ea
--- /dev/null
+++ b/moon-abe/pbc-0.5.14/guru/indexcalculus.c
@@ -0,0 +1,869 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h> // for intptr_t
+#include <string.h>
+#include <math.h>
+#include <gmp.h>
+#include "pbc.h"
+#include "pbc_utils.h"
+
+struct cell_s {
+ int ind;
+ mpz_t data;
+};
+typedef struct cell_s *cell_ptr;
+
+static cell_ptr newcell(void)
+{
+ cell_ptr res;
+ res = pbc_malloc(sizeof(struct cell_s));
+ //res->data = pbc_malloc(sizeof(mpz_t));
+ //mpz_init(res->data);
+ mpz_init(res->data);
+ return res;
+}
+
+static void delcell(void *p)
+{
+ cell_ptr cp = p;
+ mpz_clear(cp->data);
+ pbc_free(p);
+}
+
+static int is_gen(mpz_t x, mpz_t q, darray_ptr fac, darray_ptr mul) {
+ int result = 1;
+ mpz_t z;
+ mpz_t q1;
+ int i;
+ UNUSED_VAR(mul);
+
+ mpz_init(z);
+ mpz_init(q1);
+
+ mpz_sub_ui(q1, q, 1);
+ for (i=0; i<fac->count; i++) {
+ mpz_divexact(z, q1, fac->item[i]);
+ mpz_powm(z, x, z, q);
+ if (!mpz_cmp_ui(z, 1)) {
+ result = 0;
+ break;
+ }
+ }
+
+ mpz_clear(q1);
+ mpz_clear(z);
+ return result;
+}
+
+// Garner's Algorithm.
+// See Algorithm 14.71, Handbook of Cryptography.
+static void CRT(mpz_t x, mpz_ptr *v, mpz_ptr *m, int t) {
+ mpz_t u;
+ mpz_t C[t];
+ int i, j;
+
+ mpz_init(u);
+ for (i=1; i<t; i++) {
+ mpz_init(C[i]);
+ mpz_set_ui(C[i], 1);
+ for (j=0; j<i; j++) {
+ mpz_invert(u, m[j], m[i]);
+ mpz_mul(C[i], C[i], u);
+ mpz_mod(C[i], C[i], m[i]);
+ }
+ }
+ mpz_set(u, v[0]);
+ mpz_set(x, u);
+ for (i=1; i<t; i++) {
+ mpz_sub(u, v[i], x);
+ mpz_mul(u, u, C[i]);
+ mpz_mod(u, u, m[i]);
+ for (j=0; j<i; j++) {
+ mpz_mul(u, u, m[j]);
+ }
+ mpz_add(x, x, u);
+ }
+
+ for (i=1; i<t; i++) mpz_clear(C[i]);
+ mpz_clear(u);
+}
+
+//TODO: http://www.cecm.sfu.ca/CAG/abstracts/aaron27Jan06.pdf
+//TODO: don't need to store last element of list in row[i]
+//TODO: linked lists might be better than dynamic arrays (avoids memmove())
+//TODO: allow holes in the table
+//(if drought lasts too long)
+void index_calculus_step1(mpz_t *ind, int r, mpz_t g, mpz_t q,
+ darray_ptr fac, darray_ptr mul) {
+ int count = 0;
+ int i, j;
+ mpz_t z, z0, z1;
+ int relcount;
+ unsigned int *prime = pbc_malloc(sizeof(unsigned int) * r);
+ int bundlecount = (r - 10 + 19) / 20;
+ mpz_t *bundle = pbc_malloc(sizeof(mpz_t) * bundlecount);
+ int faci;
+ mpz_t k, km;
+
+ cell_ptr *rel = pbc_malloc(sizeof(cell_ptr) * r);
+ cell_ptr *relm = pbc_malloc(sizeof(cell_ptr) * r);
+ //''matrix'' is actually a list of matrices
+ //(we solve over different moduli and combine using CRT)
+ //darray_t **matrix = pbc_malloc(sizeof(darray_t *) * fac->count);
+ darray_t *matrix[fac->count];
+ int minfound[fac->count];
+
+ for (i=0; i<r; i++) {
+ rel[i] = newcell();
+ relm[i] = newcell();
+ }
+ for (i=0; i<fac->count; i++) {
+ //similarly ''row'' refers to a list of rows
+ darray_t *row = pbc_malloc(sizeof(darray_t) * r);
+ for (j=0; j<r; j++) {
+ darray_init(row[j]);
+ }
+ matrix[i] = row;
+ minfound[i] = 0;
+ }
+
+ mpz_init(k);
+ mpz_init(km);
+ mpz_init(z);
+ mpz_init(z1);
+ mpz_init(z0);
+
+ printf("building prime table...\n");
+ prime[0] = 2;
+ mpz_set_ui(z, 2);
+ for (i=1; i<r; i++) {
+ mpz_nextprime(z, z);
+ prime[i] = mpz_get_ui(z);
+ }
+
+ for (i=0; i<bundlecount; i++) {
+ mpz_init(bundle[i]);
+ mpz_set_ui(bundle[i], 1);
+ for (j=0; j<20; j++) {
+ int jj = 10 + 20 * i + j;
+ if (jj >= r) break;
+ mpz_mul_ui(bundle[i], bundle[i], prime[jj]);
+ }
+ element_printf("bundle %d: %Zd\n", i, bundle[i]);
+ }
+ printf("searching for r-smooth numbers\n");
+
+ mpz_set_ui(z, 1);
+ mpz_init(k);
+ int try = 0;
+ do {
+ mpz_mul(z, z, g);
+ mpz_mod(z, z, q);
+ mpz_add_ui(k, k, 1);
+
+ /*
+ pbc_mpz_random(k, q);
+ mpz_powm(z, g, k, q);
+ */
+
+ try++;
+
+ mpz_set(z1, z);
+ relcount = 0;
+ for (i=0; i<10; i++) {
+ if (i >= r) break;
+ j = 0;
+ while (mpz_divisible_ui_p(z1, prime[i])) {
+ mpz_divexact_ui(z1, z1, prime[i]);
+ j++;
+ }
+ if (j) {
+ rel[relcount]->ind = i;
+ mpz_set_ui(rel[relcount]->data, j);
+ relcount++;
+ if (!mpz_cmp_ui(z1, 1)) goto found;
+ }
+ }
+ for (i=0; i<bundlecount; i++) {
+ mpz_gcd(z0, bundle[i], z1);
+ if (mpz_cmp_ui(z0, 1)) {
+ int ii;
+ for (ii = 0; ii < 20; ii++) {
+ int jj = 10 + i * 20 + ii;
+ if (jj >= r) break;
+ j = 0;
+ while (mpz_divisible_ui_p(z1, prime[jj])) {
+ mpz_divexact_ui(z1, z1, prime[jj]);
+ j++;
+ }
+ if (j) {
+ rel[relcount]->ind = jj;
+ mpz_set_ui(rel[relcount]->data, j);
+ relcount++;
+ if (!mpz_cmp_ui(z1, 1)) goto found;
+ }
+ }
+ }
+ }
+ continue;
+found:
+
+/*
+ printf("found r-smooth number after %d tries\n", try);
+
+ gmp_printf("g^%Zd = %Zd:", k, z);
+ for (i=0; i<relcount; i++) {
+ gmp_printf(" %u:%Zd", rel[i]->ind, rel[i]->data);
+ }
+ printf("\n");
+*/
+ try = 0;
+
+ for (faci=0; faci<fac->count; faci++) {
+ darray_t *row = matrix[faci];
+ mpz_ptr order = fac->item[faci];
+ int relmcount = 0;
+ mpz_mod(km, k, order);
+
+ //gmp_printf("mod %Zd\n", order);
+ for (i=0; i<relcount; i++) {
+ mpz_mod(z0, rel[i]->data, order);
+ if (mpz_sgn(z0)) {
+ mpz_set(relm[relmcount]->data, z0);
+ relm[relmcount]->ind = rel[i]->ind;
+ relmcount++;
+ }
+ }
+
+ while (relmcount) {
+ //start from the sparse end
+ int rind = relm[relmcount - 1]->ind;
+ darray_ptr rp = row[rind];
+
+ if (rind < minfound[faci]) break;
+
+ mpz_set(z0, relm[relmcount - 1]->data);
+ if (!rp->count) {
+ mpz_invert(z0, z0, order);
+ cell_ptr cnew = newcell();
+ cnew->ind = -1;
+ mpz_mul(z1, km, z0);
+ mpz_mod(cnew->data, z1, order);
+ darray_append(rp, cnew);
+ for (j=0; j<relmcount; j++) {
+ cnew = newcell();
+ cnew->ind = relm[j]->ind;
+ mpz_mul(z1, relm[j]->data, z0);
+ mpz_mod(cnew->data, z1, order);
+ darray_append(rp, cnew);
+ }
+ count++;
+printf("%d / %d\n", count, r * fac->count);
+/*
+for (i=1; i<rp->count; i++) {
+ cnew = rp->item[i];
+ gmp_printf(" %u:%Zd", cnew->ind, cnew->data);
+}
+cnew = rp->item[0];
+gmp_printf(" %Zd\n", cnew->data);
+*/
+
+ if (rind == minfound[faci]) {
+ do {
+ if (!minfound[faci]) {
+ printf("found log p_%d\n", minfound[faci]);
+ cnew = rp->item[0];
+ gmp_printf("km = %Zd mod %Zd\n", cnew->data, order);
+ }
+ minfound[faci]++;
+ if (minfound[faci] >= r) break;
+ rp = row[minfound[faci]];
+ } while (rp->count);
+ }
+ break;
+
+ }
+
+/*
+{
+//gmp_printf("mod = %Zd\n", order);
+printf("before:");
+for (i=0; i<relmcount; i++) {
+ gmp_printf(" %u:%Zd", relm[i]->ind, relm[i]->data);
+}
+gmp_printf(" %Zd\n", km);
+cell_ptr cp;
+printf("sub %d:", rind);
+for (i=1; i<rp->count; i++) {
+ cp = rp->item[i];
+ gmp_printf(" %u:%Zd", cp->ind, cp->data);
+}
+cp = rp->item[0];
+gmp_printf(" %Zd\n", cp->data);
+}
+*/
+ cell_ptr cpi, cpj;
+ relmcount--;
+ i=0; j=1;
+ while (i<relmcount && j<rp->count - 1) {
+ cpi = relm[i];
+ cpj = rp->item[j];
+ if (cpi->ind == cpj->ind) {
+ mpz_mul(z1, z0, cpj->data);
+ mpz_mod(z1, z1, order);
+ int res = mpz_cmp(z1, cpi->data);
+ if (!res) {
+ memmove(&relm[i], &relm[i + 1], (relmcount - i - 1) * sizeof(cell_ptr));
+ relm[relmcount - 1] = cpi;
+ relmcount--;
+ j++;
+ } else if (res > 0) {
+ mpz_sub(z1, order, z1);
+ mpz_add(cpi->data, cpi->data, z1);
+ i++;
+ j++;
+ } else {
+ mpz_sub(cpi->data, cpi->data, z1);
+ i++;
+ j++;
+ }
+ } else if (cpi->ind > cpj->ind) {
+ cpi = relm[relmcount];
+ memmove(&relm[i + 1], &relm[i], (relmcount - i) * sizeof(cell_ptr));
+ relm[i] = cpi;
+ relmcount++;
+
+ cpi->ind = cpj->ind;
+ mpz_mul(z1, z0, cpj->data);
+ mpz_mod(z1, z1, order);
+ mpz_sub(cpi->data, order, z1);
+ //cpi->data = order - ((u0 * cpj->data) % order);
+ i++;
+ j++;
+ } else {
+ i++;
+ }
+ }
+
+ if (i == relmcount) {
+ while (j < rp->count - 1) {
+ cpi = relm[relmcount];
+ cpj = rp->item[j];
+ cpi->ind = cpj->ind;
+ mpz_mul(z1, z0, cpj->data);
+ mpz_mod(z1, z1, order);
+ mpz_sub(cpi->data, order, z1);
+ //cpi->data = order - ((u0 * cpj->data) % order);
+ relmcount++;
+ j++;
+ }
+ }
+
+ cpj = rp->item[0];
+ mpz_mul(z1, z0, cpj->data);
+ mpz_mod(z1, z1, order);
+ //u1 = (u0 * cpj->data) % order;
+ if (mpz_cmp(km, z1) >= 0) {
+ mpz_sub(km, km, z1);
+ } else {
+ mpz_sub(z1, order, z1);
+ mpz_add(km, km, z1);
+ }
+
+/*
+printf("after:");
+for (i=0; i<relmcount; i++) {
+ gmp_printf(" %u:%Zd", relm[i]->ind, relm[i]->data);
+}
+gmp_printf(" %Zd\n", km);
+*/
+ }
+ }
+
+ } while (count < r * fac->count);
+
+ for (faci=0; faci<fac->count; faci++) {
+ darray_t *row = matrix[faci];
+ mpz_ptr order = fac->item[faci];
+ for (i=1; i<r; i++) {
+ darray_ptr rp = row[i];
+ cell_ptr c0 = rp->item[0];
+ for (j=1; j<rp->count-1; j++) {
+ cell_ptr cp = rp->item[j];
+ darray_ptr r2 = row[cp->ind];
+ cell_ptr c2 = r2->item[0];
+ mpz_mul(z0, cp->data, c2->data);
+ mpz_sub(c0->data, c0->data, z0);
+ mpz_mod(c0->data, c0->data, order);
+ }
+ }
+ }
+
+ mpz_ptr *tmp = pbc_malloc(sizeof(mpz_ptr) * fac->count);
+ for (i=0; i<fac->count; i++) {
+ tmp[i] = pbc_malloc(sizeof(mpz_t));
+ mpz_init(tmp[i]);
+ mpz_pow_ui(fac->item[i], fac->item[i], (unsigned int) mul->item[i]);
+ }
+
+ for (i=0; i<r; i++) {
+ for (faci=0; faci<fac->count; faci++) {
+ darray_t *row = matrix[faci];
+ cell_ptr cp = row[i]->item[0];
+ mpz_set(tmp[faci], cp->data);
+ }
+ CRT(ind[i], tmp, (mpz_ptr *) fac->item, fac->count);
+ }
+
+ for (i=0; i<fac->count; i++) {
+ mpz_clear(tmp[i]);
+ }
+ pbc_free(tmp);
+
+ for (faci=0; i<fac->count; faci++) {
+ //similarly ''row'' refers to a list of rows
+ darray_t *row = matrix[faci];
+ for (j=0; j<r; j++) {
+ darray_forall(row[j], delcell);
+ darray_clear(row[j]);
+ }
+ pbc_free(matrix[faci]);
+ }
+
+ for (i=0; i<r; i++) {
+ delcell(rel[i]);
+ delcell(relm[i]);
+ }
+
+ pbc_free(prime);
+ pbc_free(rel);
+ pbc_free(relm);
+ mpz_clear(k);
+ mpz_clear(km);
+ mpz_clear(z);
+ mpz_clear(z0);
+ mpz_clear(z1);
+}
+
+// Brute-force: does not use the fact that matrices are sparse.
+void slow_index_calculus_step1(mpz_t *ind, int r, mpz_t g, mpz_t q,
+ darray_ptr fac, darray_ptr mul) {
+ int count = 0;
+ int i, j;
+ mpz_t z, z0, z1;
+ //mpz_t rel[r + 1];
+ //mpz_t relm[r + 1];
+ mpz_t *rel = pbc_malloc(sizeof(mpz_t) * (r + 1));
+ mpz_t *relm = pbc_malloc(sizeof(mpz_t) * (r + 1));
+ unsigned int *prime = pbc_malloc(sizeof(unsigned int) * r);
+ darray_t matrix;
+ int faci;
+ mpz_t k;
+ int minfound[fac->count];
+
+ for (i=0; i<r+1; i++) mpz_init(rel[i]);
+ for (i=0; i<r+1; i++) mpz_init(relm[i]);
+
+ mpz_init(k);
+ mpz_init(z);
+ mpz_init(z1);
+ mpz_init(z0);
+
+ darray_init(matrix);
+
+ for (i=0; i<fac->count; i++) {
+ darray_append(matrix, pbc_malloc(r * sizeof(mpz_t *)));
+ minfound[i] = 0;
+ }
+
+ for (j=0; j<fac->count; j++) {
+ mpz_t **row = matrix->item[j];
+ for (i=0; i<r; i++) row[i] = NULL;
+ }
+
+ printf("building prime table...\n");
+ prime[0] = 2;
+ mpz_set_ui(z, 2);
+ for (i=1; i<r; i++) {
+ mpz_nextprime(z, z);
+ prime[i] = mpz_get_ui(z);
+ }
+ printf("searching for r-smooth numbers\n");
+
+ mpz_set_ui(z, 1);
+ mpz_init(k);
+ int try = 0;
+ do {
+ mpz_mul(z, z, g);
+ mpz_mod(z, z, q);
+
+ mpz_add_ui(k, k, 1);
+ /*
+ pbc_mpz_random(k, q);
+ mpz_powm(z, g, k, q);
+ */
+
+ try++;
+
+ mpz_set(z1, z);
+ for (i=0; i<r; i++) {
+ mpz_set_ui(rel[i], 0);
+ while (mpz_divisible_ui_p(z1, prime[i])) {
+ mpz_add_ui(rel[i], rel[i], 1);
+ mpz_divexact_ui(z1, z1, prime[i]);
+ }
+ }
+ if (mpz_cmp_ui(z1, 1)) {
+ continue;
+ }
+ mpz_set(rel[r], k);
+
+/*
+ printf("found r-smooth number after %d tries\n", try);
+ gmp_printf("g^%Zd = %Zd:", rel[r], z);
+ for (i=0; i<r; i++) {
+ if (mpz_sgn(rel[i])) {
+ gmp_printf(" %u:%Zd", i, rel[i]);
+ }
+ }
+ printf("\n");
+*/
+
+ try = 0;
+
+ for (faci=0; faci<fac->count; faci++) {
+ mpz_t **row = matrix->item[faci];
+ mpz_ptr order = fac->item[faci];
+ //gmp_printf("mod %Zd\n", order);
+ for (i=0; i<r+1; i++) {
+ mpz_mod(relm[i], rel[i], order);
+ }
+
+ for (;;) {
+ /*
+ for (i=0; i<r && !mpz_sgn(relm[i]); i++);
+ if (i == r) {
+ //printf("redundant relation\n");
+ break;
+ }
+ */
+ for (i=r-1; i>=0 && !mpz_sgn(relm[i]); i--);
+ if (i < 0) {
+ //printf("redundant relation\n");
+ break;
+ }
+ if (i < minfound[faci]) {
+ break;
+ }
+ mpz_set(z0, relm[i]);
+ if (!row[i]) {
+ row[i] = pbc_malloc(sizeof(mpz_t) * (r + 1));
+ mpz_invert(z1, z0, order);
+ for (j=0; j<r+1; j++) {
+ mpz_init(row[i][j]);
+ mpz_mul(row[i][j], z1, relm[j]);
+ mpz_mod(row[i][j], row[i][j], order);
+ }
+ count++;
+printf("%d / %d\n", count, r * fac->count);
+/*
+for (j=0; j<r; j++) {
+ if (mpz_sgn(row[i][j])) {
+ gmp_printf(" %d:%Zd", j, row[i][j]);
+ }
+}
+gmp_printf(" %Zd\n", row[i][j]);
+*/
+
+ if (i == minfound[faci]) {
+ do {
+ if (!minfound[faci]) {
+ printf("found log p_%d\n", minfound[faci]);
+ gmp_printf("km = %Zd mod %Zd\n", row[i][r], order);
+ }
+ minfound[faci]++;
+ if (minfound[faci] >= r) break;
+ } while (row[minfound[faci]]);
+ }
+ break;
+ }
+
+ /*
+ printf("before:");
+ for (j=0; j<r; j++) {
+ if (mpz_sgn(relm[j])) {
+ gmp_printf(" %d:%Zd", j, relm[j]);
+ }
+ }
+ gmp_printf(" %Zd\n", relm[j]);
+
+ printf("sub %d:", i);
+ for (j=0; j<r; j++) {
+ if (mpz_sgn(row[i][j])) {
+ gmp_printf(" %d:%Zd", j, row[i][j]);
+ }
+ }
+ gmp_printf(" %Zd\n", row[i][j]);
+ */
+
+ for (j=0; j<r+1; j++) {
+ mpz_mul(z1, z0, row[i][j]);
+ mpz_sub(relm[j], relm[j], z1);
+ mpz_mod(relm[j], relm[j], order);
+ }
+
+ /*
+ printf("after:");
+ for (j=0; j<r; j++) {
+ if (mpz_sgn(relm[j])) {
+ gmp_printf(" %d:%Zd", j, relm[j]);
+ }
+ }
+ gmp_printf(" %Zd\n", relm[j]);
+ */
+ }
+ }
+
+ } while (count < r * fac->count);
+
+ for (faci=0; faci<fac->count; faci++) {
+ mpz_t **row = matrix->item[faci];
+ mpz_ptr order = fac->item[faci];
+ /*
+ gmp_printf("mod %Zd:\n", order);
+ for (i=0; i<r; i++) {
+ for (j=0; j<r+1; j++) {
+ gmp_printf(" %Zd", row[i][j]);
+ }
+ printf("\n");
+ }
+ printf("\n");
+ */
+
+ for (i=1; i<r; i++) {
+ for (j=0; j<i; j++) {
+ if (mpz_sgn(row[i][j])) {
+ mpz_mul(z0, row[i][j], row[j][r]);
+ mpz_sub(row[i][r], row[i][r], z0);
+ mpz_mod(row[i][r], row[i][r], order);
+ }
+ }
+ }
+ /*
+ for (i=r-2; i>=0; i--) {
+ for (j=i+1; j<r; j++) {
+ if (mpz_sgn(row[i][j])) {
+ mpz_mul(z0, row[i][j], row[j][r]);
+ mpz_sub(row[i][r], row[i][r], z0);
+ mpz_mod(row[i][r], row[i][r], order);
+ }
+ }
+ }
+ */
+
+ /*
+ for (i=0; i<r; i++) {
+ mpz_set(rel[i], row[i][r]);
+ gmp_printf(" %Zd", row[i][r]);
+ printf("\n");
+ }
+ */
+ }
+
+ mpz_ptr *tmp = pbc_malloc(sizeof(mpz_ptr) * fac->count);
+ for (i=0; i<fac->count; i++) {
+ tmp[i] = pbc_malloc(sizeof(mpz_t));
+ mpz_init(tmp[i]);
+ mpz_pow_ui(fac->item[i], fac->item[i], (unsigned int) mul->item[i]);
+ }
+
+ for (i=0; i<r; i++) {
+ for (faci=0; faci<fac->count; faci++) {
+ mpz_t **row = matrix->item[faci];
+ mpz_set(tmp[faci], row[i][r]);
+ }
+ CRT(ind[i], tmp, (mpz_ptr *) fac->item, fac->count);
+ }
+
+ for (i=0; i<fac->count; i++) {
+ mpz_clear(tmp[i]);
+ }
+ pbc_free(tmp);
+
+ for (faci=0; faci<matrix->count; faci++) {
+ mpz_t **row = matrix->item[faci];
+ for (j=0; j<r; j++) {
+ for (i=0; i<r+1; i++) {
+ mpz_clear(row[j][i]);
+ }
+ pbc_free(row[j]);
+ }
+ pbc_free(row);
+ }
+ darray_clear(matrix);
+ for (i=0; i<r+1; i++) mpz_clear(rel[i]);
+ for (i=0; i<r+1; i++) mpz_clear(relm[i]);
+ pbc_free(prime);
+ pbc_free(rel);
+ pbc_free(relm);
+ mpz_clear(k);
+ mpz_clear(z);
+ mpz_clear(z0);
+ mpz_clear(z1);
+
+ printf("step 1 completed\n");
+ for (i=0; i<r; i++) element_printf(" %Zd", ind[i]);
+ printf("\n");
+}
+
+static void index_calculus_step2(mpz_t x, mpz_t *ind, int r,
+ mpz_t g, mpz_t h, mpz_t q) {
+ mpz_t prime;
+ mpz_t s;
+ mpz_t z, z1;
+ mpz_t rel[r];
+ int i;
+
+ mpz_init(z);
+ mpz_init(z1);
+ mpz_init(s);
+ mpz_init(prime);
+ for (i=0; i<r; i++) mpz_init(rel[i]);
+
+ mpz_set(z, h);
+
+ for (;;) {
+ mpz_mul(z, z, g);
+ mpz_mod(z, z, q);
+ mpz_add_ui(s, s, 1);
+
+ mpz_set(z1, z);
+ mpz_set_ui(prime, 1);
+ for (i=0; i<r; i++) {
+ mpz_set_ui(rel[i], 0);
+ mpz_nextprime(prime, prime);
+ while (mpz_divisible_p(z1, prime)) {
+ mpz_add_ui(rel[i], rel[i], 1);
+ mpz_divexact(z1, z1, prime);
+ }
+ }
+ if (mpz_cmp_ui(z1, 1)) continue;
+ element_printf("found r-smooth number on try #%Zd\n", s);
+ mpz_set_ui(x, 0);
+ for (i=0; i<r; i++) {
+ mpz_mul(z, rel[i], ind[i]);
+ mpz_add(x, x, z);
+ }
+ mpz_sub(x, x, s);
+ mpz_sub_ui(z, q, 1);
+ mpz_mod(x, x, z);
+ break;
+ }
+}
+
+static void mpzclear(void *p) {
+ mpz_clear(p);
+ pbc_free(p);
+}
+
+struct addfm_scope_var {
+ darray_ptr fac, mul;
+};
+
+static int addfm(mpz_t f, unsigned int m, struct addfm_scope_var *v) {
+ darray_append(v->fac, f);
+ darray_append(v->mul, int_to_voidp(m));
+ return 0;
+}
+
+void pbc_mpz_index_calculus(mpz_t x, mpz_t g, mpz_t h, mpz_t q) {
+ int i, r;
+ mpz_t q1, z0;
+
+ mpz_init(q1);
+ mpz_init(z0);
+
+ mpz_sub_ui(q1, q, 1);
+ mpz_setbit(z0, 6);
+
+ darray_t fac, mul;
+ darray_init(fac);
+ darray_init(mul);
+ struct addfm_scope_var v = {.fac = fac, .mul = mul};
+ pbc_trial_divide((int(*)(mpz_t,unsigned,void*))addfm, &v, q1, z0);
+
+ for (i=0; i<mul->count; i++) {
+ unsigned int m = (unsigned int) mul->item[i];
+ if (m != 1) {
+ //TODO
+ printf("p-adics not implemented yet\n");
+ return;
+ }
+ }
+
+ {
+ double dq = mpz_get_d(q);
+ //r = exp(sqrt(log(dq)*log(log(dq))));
+ //printf("r = %d\n", r);
+ r = exp(1.2 * sqrt(log(dq)));
+ printf("r = %d\n", r);
+ }
+ mpz_t *ind = pbc_malloc(sizeof(mpz_t) * r);
+ for (i=0; i<r; i++) mpz_init(ind[i]);
+
+ if (is_gen(g, q, fac, mul)) {
+
+ index_calculus_step1(ind, r, g, q, fac, mul);
+
+ index_calculus_step2(x, ind, r, g, h, q);
+ } else {
+ mpz_t y, z;
+ mpz_t d;
+
+ mpz_init(d);
+ mpz_init(y);
+ mpz_init(z);
+ do {
+ pbc_mpz_random(z, q);
+ } while (!is_gen(z, q, fac, mul));
+
+ gmp_printf("new gen: %Zd\n", z);
+
+ index_calculus_step1(ind, r, z, q, fac, mul);
+ //slow_index_calculus_step1(ind, r, z, q, fac, mul);
+
+ index_calculus_step2(x, ind, r, z, g, q);
+ index_calculus_step2(y, ind, r, z, h, q);
+ //want y / x mod q-1
+ mpz_gcd(d, x, q1);
+ mpz_divexact(q1, q1, d);
+ mpz_divexact(x, x, d);
+ //if y not divisible by d there is no solution
+ mpz_divexact(y, y, d);
+ mpz_invert(x, x, q1);
+ mpz_mul(x, y, x);
+ mpz_mod(x, x, q1);
+
+ do {
+ mpz_powm(z0, g, x, q);
+ if (!mpz_cmp(z0, h)) {
+ break;
+ }
+ mpz_add(x, x, q1);
+ mpz_sub_ui(d, d, 1);
+ } while (mpz_sgn(d));
+
+ mpz_clear(d);
+ mpz_clear(y);
+ mpz_clear(z);
+ }
+
+ for (i=0; i<r; i++) mpz_clear(ind[i]);
+ pbc_free(ind);
+
+ darray_forall(fac, mpzclear);
+ darray_clear(mul);
+ darray_clear(fac);
+ mpz_clear(q1);
+ mpz_clear(z0);
+}