From fca74d4bc3569506a6659880a89aa009dc11f552 Mon Sep 17 00:00:00 2001 From: wukong Date: Mon, 23 Nov 2015 17:48:48 +0100 Subject: moon-abe cleanup Change-Id: Ie1259856db03f0b9e80de3e967ec6bd1f03191b3 --- moon-abe/pbc-0.5.14/arith/dlog.c | 187 --- moon-abe/pbc-0.5.14/arith/fasterfp.c | 546 ------- moon-abe/pbc-0.5.14/arith/fastfp.c | 382 ----- moon-abe/pbc-0.5.14/arith/field.c | 889 ---------- moon-abe/pbc-0.5.14/arith/fieldquadratic.c | 692 -------- moon-abe/pbc-0.5.14/arith/fp.c | 49 - moon-abe/pbc-0.5.14/arith/init_random.c | 18 - moon-abe/pbc-0.5.14/arith/init_random.win32.c | 52 - moon-abe/pbc-0.5.14/arith/montfp.c | 596 ------- moon-abe/pbc-0.5.14/arith/multiz.c | 589 ------- moon-abe/pbc-0.5.14/arith/naivefp.c | 270 --- moon-abe/pbc-0.5.14/arith/poly.c | 1724 -------------------- moon-abe/pbc-0.5.14/arith/random.c | 87 - .../pbc-0.5.14/arith/ternary_extension_field.c | 950 ----------- moon-abe/pbc-0.5.14/arith/tinyfp.c | 304 ---- moon-abe/pbc-0.5.14/arith/z.c | 263 --- 16 files changed, 7598 deletions(-) delete mode 100644 moon-abe/pbc-0.5.14/arith/dlog.c delete mode 100644 moon-abe/pbc-0.5.14/arith/fasterfp.c delete mode 100644 moon-abe/pbc-0.5.14/arith/fastfp.c delete mode 100644 moon-abe/pbc-0.5.14/arith/field.c delete mode 100644 moon-abe/pbc-0.5.14/arith/fieldquadratic.c delete mode 100644 moon-abe/pbc-0.5.14/arith/fp.c delete mode 100644 moon-abe/pbc-0.5.14/arith/init_random.c delete mode 100644 moon-abe/pbc-0.5.14/arith/init_random.win32.c delete mode 100644 moon-abe/pbc-0.5.14/arith/montfp.c delete mode 100644 moon-abe/pbc-0.5.14/arith/multiz.c delete mode 100644 moon-abe/pbc-0.5.14/arith/naivefp.c delete mode 100644 moon-abe/pbc-0.5.14/arith/poly.c delete mode 100644 moon-abe/pbc-0.5.14/arith/random.c delete mode 100644 moon-abe/pbc-0.5.14/arith/ternary_extension_field.c delete mode 100644 moon-abe/pbc-0.5.14/arith/tinyfp.c delete mode 100644 moon-abe/pbc-0.5.14/arith/z.c (limited to 'moon-abe/pbc-0.5.14/arith') diff --git a/moon-abe/pbc-0.5.14/arith/dlog.c b/moon-abe/pbc-0.5.14/arith/dlog.c deleted file mode 100644 index f77df1b7..00000000 --- a/moon-abe/pbc-0.5.14/arith/dlog.c +++ /dev/null @@ -1,187 +0,0 @@ -// Brute force and Pollard rho discrete log algorithms. - -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_memory.h" -#include "misc/darray.h" - -struct snapshot_s { - element_t a; - element_t b; - element_t snark; -}; -typedef struct snapshot_s *snapshot_ptr; - -static void record(element_t asum, element_t bsum, element_t snark, - darray_t hole, mpz_t counter) { - snapshot_ptr ss = pbc_malloc(sizeof(struct snapshot_s)); - element_init_same_as(ss->a, asum); - element_init_same_as(ss->b, bsum); - element_init_same_as(ss->snark, snark); - element_set(ss->a, asum); - element_set(ss->b, bsum); - element_set(ss->snark, snark); - darray_append(hole, ss); - element_printf("snark %Zd: %B\n", counter, snark); -} - -// g, h in some group of order r -// finds x such that g^x = h -// will hang if no such x exists -// x in some field_t that set_mpz makes sense for -void element_dlog_brute_force(element_t x, element_t g, element_t h) { - element_t g0; - mpz_t count; - - mpz_init(count); - element_init_same_as(g0, g); - - element_set(g0, g); - mpz_set_ui(count, 1); - while (element_cmp(g0, h)) { - element_mul(g0, g0, g); -//element_printf("g0^%Zd = %B\n", count, g0); - mpz_add_ui(count, count, 1); - } - element_set_mpz(x, count); - mpz_clear(count); - element_clear(g0); -} - -// x in Z_r, g, h in some group of order r -// finds x such that g^x = h -void element_dlog_pollard_rho(element_t x, element_t g, element_t h) { -// see Blake, Seroussi and Smart -// only one snark for this implementation - int i, s = 20; - field_ptr Zr = x->field, G = g->field; - element_t asum; - element_t bsum; - element_t a[s]; - element_t b[s]; - element_t m[s]; - element_t g0, snark; - darray_t hole; - int interval = 5; - mpz_t counter; - int found = 0; - - mpz_init(counter); - element_init(g0, G); - element_init(snark, G); - element_init(asum, Zr); - element_init(bsum, Zr); - darray_init(hole); - //set up multipliers - for (i = 0; i < s; i++) { - element_init(a[i], Zr); - element_init(b[i], Zr); - element_init(m[i], G); - element_random(a[i]); - element_random(b[i]); - element_pow_zn(g0, g, a[i]); - element_pow_zn(m[i], h, b[i]); - element_mul(m[i], m[i], g0); - } - - element_random(asum); - element_random(bsum); - element_pow_zn(g0, g, asum); - element_pow_zn(snark, h, bsum); - element_mul(snark, snark, g0); - - record(asum, bsum, snark, hole, counter); - for (;;) { - int len = element_length_in_bytes(snark); - unsigned char *buf = pbc_malloc(len); - unsigned char hash = 0; - - element_to_bytes(buf, snark); - for (i = 0; i < len; i++) { - hash += buf[i]; - } - i = hash % s; - pbc_free(buf); - - element_mul(snark, snark, m[i]); - element_add(asum, asum, a[i]); - element_add(bsum, bsum, b[i]); - - for (i = 0; i < hole->count; i++) { - snapshot_ptr ss = hole->item[i]; - if (!element_cmp(snark, ss->snark)) { - element_sub(bsum, bsum, ss->b); - element_sub(asum, ss->a, asum); - //answer is x such that x * bsum = asum - //complications arise if gcd(bsum, r) > 1 - //which can happen if r is not prime - if (!mpz_probab_prime_p(Zr->order, 10)) { - mpz_t za, zb, zd, zm; - - mpz_init(za); - mpz_init(zb); - mpz_init(zd); - mpz_init(zm); - - element_to_mpz(za, asum); - element_to_mpz(zb, bsum); - mpz_gcd(zd, zb, Zr->order); - mpz_divexact(zm, Zr->order, zd); - mpz_divexact(zb, zb, zd); - //if zd does not divide za there is no solution - mpz_divexact(za, za, zd); - mpz_invert(zb, zb, zm); - mpz_mul(zb, za, zb); - mpz_mod(zb, zb, zm); - do { - element_pow_mpz(g0, g, zb); - if (!element_cmp(g0, h)) { - element_set_mpz(x, zb); - break; - } - mpz_add(zb, zb, zm); - mpz_sub_ui(zd, zd, 1); - } while (mpz_sgn(zd)); - mpz_clear(zm); - mpz_clear(za); - mpz_clear(zb); - mpz_clear(zd); - } else { - element_div(x, asum, bsum); - } - found = 1; - break; - } - } - if (found) break; - - mpz_add_ui(counter, counter, 1); - if (mpz_tstbit(counter, interval)) { - record(asum, bsum, snark, hole, counter); - interval++; - } - } - - for (i = 0; i < s; i++) { - element_clear(a[i]); - element_clear(b[i]); - element_clear(m[i]); - } - element_clear(g0); - element_clear(snark); - for (i = 0; i < hole->count; i++) { - snapshot_ptr ss = hole->item[i]; - element_clear(ss->a); - element_clear(ss->b); - element_clear(ss->snark); - pbc_free(ss); - } - darray_clear(hole); - element_clear(asum); - element_clear(bsum); - mpz_clear(counter); -} diff --git a/moon-abe/pbc-0.5.14/arith/fasterfp.c b/moon-abe/pbc-0.5.14/arith/fasterfp.c deleted file mode 100644 index 5ce8243a..00000000 --- a/moon-abe/pbc-0.5.14/arith/fasterfp.c +++ /dev/null @@ -1,546 +0,0 @@ -// Naive implementation of F_p. -// It uses lowlevel GMP routines (mpn_* functions) like fastfp.c, but also -// has a flag for the value 0, avoiding many memsets. -// -// I'm thinking of using the flag to also represent 1, -1, -// but that complicates the logic even more, and I believe I need more -// control than GMP is willing to give in order to avoid expensive -// checks for 1, -1 everywhere. -// -// NOTE: does not work for moduli of the form: -// 2^(something * 8 * sizeof(mp_limb_t)) -// See comments in add, double code. -// (This kind of integer mod ring deserves its own implementation anyway.) - -#include -#include -#include // for intptr_t -#include -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" - -struct fp_field_data_s { - size_t limbs; - size_t bytes; - mp_limb_t *primelimbs; -}; -typedef struct fp_field_data_s fp_field_data_t[1]; -typedef struct fp_field_data_s *fp_field_data_ptr; - -struct data_s { - int flag; - mp_limb_t *d; -}; -typedef struct data_s *dataptr; - -static void fp_init(element_ptr e) { - fp_field_data_ptr p = e->field->data; - dataptr dp = e->data = pbc_malloc(sizeof(struct data_s)); - dp->flag = 0; - dp->d = pbc_malloc(p->bytes); -} - -static void fp_clear(element_ptr e) { - dataptr dp = e->data; - pbc_free(dp->d); - pbc_free(e->data); -} - -//assumes z is nonzero -static inline void from_mpz(element_ptr e, mpz_ptr z) { - fp_field_data_ptr p = e->field->data; - size_t count; - dataptr dp = e->data; - mpz_export(dp->d, &count, -1, sizeof(mp_limb_t), 0, 0, z); - memset((void *) (((unsigned char *) dp->d) + count * sizeof(mp_limb_t)), - 0, (p->limbs - count) * sizeof(mp_limb_t)); -} - -static void fp_set_mpz(element_ptr e, mpz_ptr z) { - dataptr dp = e->data; - if (!mpz_sgn(z)) { - dp->flag = 0; - } else { - mpz_t tmp; - mpz_init(tmp); - mpz_mod(tmp, z, e->field->order); - from_mpz(e, tmp); - mpz_clear(tmp); - dp->flag = 2; - } -} - -static void fp_set_si(element_ptr e, signed long int op) { - dataptr dp = e->data; - if (!op) { - dp->flag = 0; - } else { - const fp_field_data_ptr p = e->field->data; - const size_t t = p->limbs; - if (op < 0) { - mpn_sub_1(dp->d, p->primelimbs, t, -op); - } else { - dp->d[0] = op; - memset(&dp->d[1], 0, sizeof(mp_limb_t) * (t - 1)); - } - dp->flag = 2; - } -} - -static void fp_to_mpz(mpz_ptr z, element_ptr e) { - dataptr dp = e->data; - if (!dp->flag) { - mpz_set_ui(z, 0); - } else { - fp_field_data_ptr p = e->field->data; - mpz_import(z, p->limbs, -1, sizeof(mp_limb_t), 0, 0, dp->d); - } -} - -static void fp_set0(element_ptr e) { - dataptr dp = e->data; - dp->flag = 0; -} - -static void fp_set1(element_ptr e) { - fp_field_data_ptr p = e->field->data; - dataptr dp = e->data; - dp->flag = 2; - memset(&dp->d[1], 0, p->bytes - sizeof(mp_limb_t)); - dp->d[0] = 1; -} - -static int fp_is1(element_ptr e) { - dataptr dp = e->data; - if (!dp->flag) return 0; - else { - fp_field_data_ptr p = e->field->data; - size_t i, t = p->limbs; - if (dp->d[0] != 1) return 0; - for (i = 1; i < t; i++) if (dp->d[i]) return 0; - return 1; - } -} - -static int fp_is0(element_ptr e) { - dataptr dp = e->data; - return !dp->flag; -} - -static size_t fp_out_str(FILE * stream, int base, element_ptr e) { - size_t result; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, e); - result = mpz_out_str(stream, base, z); - mpz_clear(z); - return result; -} - -static void fp_set(element_ptr c, element_ptr a) { - dataptr ad = a->data; - dataptr cd = c->data; - if (a == c) return; - if (!ad->flag) { - cd->flag = 0; - } else { - fp_field_data_ptr p = a->field->data; - - //Assembly is faster here, but I don't want to stoop to that level. - //Instead of calling slower memcpy, wrap stuff so that GMP assembly - //gets called. - /* - memcpy(cd->d, ad->d, p->bytes); - */ - mpz_t z1, z2; - z1->_mp_d = cd->d; - z2->_mp_d = ad->d; - z1->_mp_size = z1->_mp_alloc = z2->_mp_size = z2->_mp_alloc = p->limbs; - mpz_set(z1, z2); - - cd->flag = 2; - } -} - -static void fp_add(element_ptr c, element_ptr a, element_ptr b) { - dataptr ad = a->data, bd = b->data; - - if (!ad->flag) { - fp_set(c, b); - } else if (!bd->flag) { - fp_set(c, a); - } else { - dataptr cd = c->data; - fp_field_data_ptr p = a->field->data; - const size_t t = p->limbs; - mp_limb_t carry; - carry = mpn_add_n(cd->d, ad->d, bd->d, t); - - if (carry) { - //assumes result of following sub is not zero, - //i.e. modulus cannot be 2^(n * bits_per_limb) - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - cd->flag = 2; - } else { - int i = mpn_cmp(cd->d, p->primelimbs, t); - if (!i) { - cd->flag = 0; - } else { - cd->flag = 2; - if (i > 0) { - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - } - } - } - } -} - -static void fp_double(element_ptr c, element_ptr a) { - dataptr ad = a->data, cd = c->data; - if (!ad->flag) { - cd->flag = 0; - } else { - fp_field_data_ptr p = c->field->data; - const size_t t = p->limbs; - if (mpn_lshift(cd->d, ad->d, t, 1)) { - cd->flag = 2; - //again, assumes result is not zero: - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - } else { - int i = mpn_cmp(cd->d, p->primelimbs, t); - if (!i) { - cd->flag = 0; - } else { - cd->flag = 2; - if (i > 0) { - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - } - } - } - } -} - -static void fp_halve(element_ptr c, element_ptr a) { - dataptr ad = a->data, cd = c->data; - if (!ad->flag) { - cd->flag = 0; - } else { - fp_field_data_ptr p = c->field->data; - const size_t t = p->limbs; - int carry = 0; - mp_limb_t *alimb = ad->d; - mp_limb_t *climb = cd->d; - if (alimb[0] & 1) { - carry = mpn_add_n(climb, alimb, p->primelimbs, t); - } else fp_set(c, a); - - mpn_rshift(climb, climb, t, 1); - if (carry) climb[t - 1] |= ((mp_limb_t) 1) << (sizeof(mp_limb_t) * 8 - 1); - } -} - -static void fp_neg(element_ptr c, element_ptr a) { - dataptr ad = a->data, cd = c->data; - if (!ad->flag) cd->flag = 0; - else { - fp_field_data_ptr p = a->field->data; - mpn_sub_n(cd->d, p->primelimbs, ad->d, p->limbs); - cd->flag = 2; - } -} - -static void fp_sub(element_ptr c, element_ptr a, element_ptr b) { - dataptr ad = a->data, bd = b->data; - - if (!ad->flag) { - fp_neg(c, b); - } else if (!bd->flag) { - fp_set(c, a); - } else { - fp_field_data_ptr p = c->field->data; - size_t t = p->limbs; - dataptr cd = c->data; - int i = mpn_cmp(ad->d, bd->d, t); - - if (i == 0) { - cd->flag = 0; - } else { - cd->flag = 2; - mpn_sub_n(cd->d, ad->d, bd->d, t); - if (i < 0) { - mpn_add_n(cd->d, cd->d, p->primelimbs, t); - } - } - } -} - -static void fp_mul(element_ptr c, element_ptr a, element_ptr b) { - dataptr ad = a->data, bd = b->data; - dataptr cd = c->data; - - if (!ad->flag || !bd->flag) { - cd->flag = 0; - } else { - fp_field_data_ptr p = c->field->data; - size_t t = p->limbs; - //mp_limb_t tmp[3 * t + 1]; - //mp_limb_t *qp = &tmp[2 * t]; - mp_limb_t tmp[2 * t]; - mp_limb_t qp[t + 1]; - //static mp_limb_t tmp[2 * 100]; - //static mp_limb_t qp[100 + 1]; - - mpn_mul_n(tmp, ad->d, bd->d, t); - - mpn_tdiv_qr(qp, cd->d, 0, tmp, 2 * t, p->primelimbs, t); - cd->flag = 2; - } -} - -static void fp_square(element_ptr c, element_ptr a) { - const fp_field_data_ptr p = c->field->data; - mpz_t z1, z2; - size_t diff; - dataptr ad = a->data; - dataptr cd = c->data; - - if (!ad->flag) { - cd->flag = 0; - } else { - cd->flag = 2; - z1->_mp_d = cd->d; - z1->_mp_size = z1->_mp_alloc = p->limbs; - if (c == a) { - mpz_powm_ui(z1, z1, 2, c->field->order); - } else { - z2->_mp_d = ad->d; - z2->_mp_size = z2->_mp_alloc = p->limbs; - mpz_powm_ui(z1, z2, 2, c->field->order); - } - - diff = p->limbs - z1->_mp_size; - if (diff) memset(&z1->_mp_d[z1->_mp_size], 0, diff * sizeof(mp_limb_t)); - - //mpn_sqr_n() might make the code below faster than the code above - //but GMP doesn't expose this function - /* - const fp_field_data_ptr p = c->field->data; - const size_t t = p->limbs; - mp_limb_t tmp[2 * t]; - mp_limb_t qp[t + 1]; - - mpn_mul_n(tmp, ad->d, ad->d, t); - - mpn_tdiv_qr(qp, cd->d, 0, tmp, 2 * t, p->primelimbs, t); - */ - } -} - -static void fp_mul_si(element_ptr c, element_ptr a, signed long int op) { - dataptr ad = a->data; - dataptr cd = c->data; - - if (!ad->flag || !op) { - cd->flag = 0; - } else { - cd->flag = 2; - fp_field_data_ptr p = a->field->data; - size_t t = p->limbs; - mp_limb_t tmp[t + 1]; - mp_limb_t qp[2]; - - tmp[t] = mpn_mul_1(tmp, ad->d, t, labs(op)); - mpn_tdiv_qr(qp, cd->d, 0, tmp, t + 1, p->primelimbs, t); - if (op < 0) { //TODO: don't need to check c != 0 this time - fp_neg(c, c); - } - } -} - -static void fp_pow_mpz(element_ptr c, element_ptr a, mpz_ptr op) { - dataptr ad = a->data; - dataptr cd = c->data; - if (!ad->flag) cd->flag = 0; - else { - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_powm(z, z, op, a->field->order); - from_mpz(c, z); - mpz_clear(z); - cd->flag = 2; - } -} - -static void fp_invert(element_ptr c, element_ptr a) { - //assumes a is invertible - dataptr cd = c->data; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_invert(z, z, a->field->order); - from_mpz(c, z); - mpz_clear(z); - cd->flag = 2; -} - -static void fp_random(element_ptr a) { - dataptr ad = a->data; - mpz_t z; - mpz_init(z); - pbc_mpz_random(z, a->field->order); - if (mpz_sgn(z)) { - from_mpz(a, z); - ad->flag = 2; - } else { - ad->flag = 0; - } - mpz_clear(z); -} - -static void fp_from_hash(element_ptr a, void *data, int len) { - mpz_t z; - - mpz_init(z); - pbc_mpz_from_hash(z, a->field->order, data, len); - fp_set_mpz(a, z); - mpz_clear(z); -} - -static int fp_cmp(element_ptr a, element_ptr b) { - dataptr ad = a->data, bd = b->data; - if (!ad->flag) { - return bd->flag; - } else { - fp_field_data_ptr p = a->field->data; - return mpn_cmp(ad->d, bd->d, p->limbs); - //return memcmp(ad->d, bd->d, p->limbs); - } -} - -static int fp_sgn_odd(element_ptr a) { - dataptr ad = a->data; - if (!ad->flag) return 0; - return ad->d[0] & 1 ? 1 : -1; -} - -static int fp_sgn_even(element_ptr a) { - fp_field_data_ptr p = a->field->data; - dataptr ad = a->data; - if (!ad->flag) return 0; - mp_limb_t sum[p->limbs]; - - int carry = mpn_add_n(sum, ad->d, ad->d, p->limbs); - if (carry) return 1; - return mpn_cmp(sum, p->primelimbs, p->limbs); -} - - -static int fp_is_sqr(element_ptr a) { - dataptr ad = a->data; - int res; - mpz_t z; - mpz_init(z); - //0 is a square - if (!ad->flag) return 1; - fp_to_mpz(z, a); - res = mpz_legendre(z, a->field->order) == 1; - mpz_clear(z); - return res; -} - -static int fp_to_bytes(unsigned char *data, element_t a) { - dataptr ad = a->data; - int n = a->field->fixed_length_in_bytes; - if (!ad->flag) { - memset(data, 0, n); - } else { - mpz_t z; - - mpz_init(z); - fp_to_mpz(z, a); - pbc_mpz_out_raw_n(data, n, z); - mpz_clear(z); - } - return n; -} - -static int fp_from_bytes(element_t a, unsigned char *data) { - dataptr ad = a->data; - int n; - mpz_t z; - - mpz_init(z); - - n = a->field->fixed_length_in_bytes; - mpz_import(z, n, 1, 1, 1, 0, data); - if (!mpz_sgn(z)) ad->flag = 0; - else { - ad->flag = 2; - from_mpz(a, z); - } - mpz_clear(z); - return n; -} - -static void fp_out_info(FILE* str, field_ptr f) { - element_fprintf(str, "GF(%Zd): zero flag + mpn", f->order); -} - -static void fp_field_clear(field_t f) { - fp_field_data_ptr p = f->data; - pbc_free(p->primelimbs); - pbc_free(p); -} - -void field_init_faster_fp(field_ptr f, mpz_t prime) { - PBC_ASSERT(!mpz_fits_ulong_p(prime), "modulus too small"); - fp_field_data_ptr p; - field_init(f); - f->init = fp_init; - f->clear = fp_clear; - f->set_si = fp_set_si; - f->set_mpz = fp_set_mpz; - f->out_str = fp_out_str; - f->add = fp_add; - f->sub = fp_sub; - f->set = fp_set; - f->mul = fp_mul; - f->mul_si = fp_mul_si; - f->square = fp_square; - f->doub = fp_double; - f->halve = fp_halve; - f->pow_mpz = fp_pow_mpz; - f->neg = fp_neg; - f->cmp = fp_cmp; - f->sign = mpz_odd_p(prime) ? fp_sgn_odd : fp_sgn_even; - f->invert = fp_invert; - f->random = fp_random; - f->from_hash = fp_from_hash; - f->is1 = fp_is1; - f->is0 = fp_is0; - f->set0 = fp_set0; - f->set1 = fp_set1; - f->is_sqr = fp_is_sqr; - f->sqrt = element_tonelli; - f->field_clear = fp_field_clear; - f->to_bytes = fp_to_bytes; - f->from_bytes = fp_from_bytes; - f->to_mpz = fp_to_mpz; - - f->out_info = fp_out_info; - - p = f->data = pbc_malloc(sizeof(fp_field_data_t)); - p->limbs = mpz_size(prime); - p->bytes = p->limbs * sizeof(mp_limb_t); - p->primelimbs = pbc_malloc(p->bytes); - mpz_export(p->primelimbs, &p->limbs, -1, sizeof(mp_limb_t), 0, 0, prime); - - mpz_set(f->order, prime); - f->fixed_length_in_bytes = (mpz_sizeinbase(prime, 2) + 7) / 8; -} diff --git a/moon-abe/pbc-0.5.14/arith/fastfp.c b/moon-abe/pbc-0.5.14/arith/fastfp.c deleted file mode 100644 index 13c6fb87..00000000 --- a/moon-abe/pbc-0.5.14/arith/fastfp.c +++ /dev/null @@ -1,382 +0,0 @@ -// Naive implementation of F_p. -// Uses lowlevel GMP routines (mpn_* functions). -// -// Within an element_t, ''data'' field of element holds pointer to array of -// mp_limb_t, which is allocated on init and freed on clear. -// Its size is fixed and determined by the number of limbs in the modulus. -// This simplifies code but is inefficient for storing values like 0 and 1. - -#include -#include -#include // for intptr_t -#include -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" - -struct fp_field_data_s { - size_t limbs; - size_t bytes; - mp_limb_t *primelimbs; -}; -typedef struct fp_field_data_s fp_field_data_t[1]; -typedef struct fp_field_data_s *fp_field_data_ptr; - -static void fp_init(element_ptr e) { - fp_field_data_ptr p = e->field->data; - e->data = pbc_malloc(p->bytes); - memset(e->data, 0, p->bytes); - // e->data = pbc_calloc(sizeof(mp_limb_t), p->limbs); -} - -static void fp_clear(element_ptr e) { - pbc_free(e->data); -} - -static inline void from_mpz(element_ptr e, mpz_ptr z) { - fp_field_data_ptr p = e->field->data; - size_t count; - mpz_export(e->data, &count, -1, sizeof(mp_limb_t), 0, 0, z); - memset((void *) (((unsigned char *) e->data) + count * sizeof(mp_limb_t)), 0, - (p->limbs - count) * sizeof(mp_limb_t)); -} - -static void fp_set_mpz(element_ptr e, mpz_ptr z) { - mpz_t tmp; - mpz_init(tmp); - mpz_mod(tmp, z, e->field->order); - from_mpz(e, tmp); - mpz_clear(tmp); -} - -static void fp_set_si(element_ptr e, signed long int op) { - const fp_field_data_ptr p = e->field->data; - const size_t t = p->limbs; - mp_limb_t *d = e->data; - if (op < 0) { - mpn_sub_1(d, p->primelimbs, t, -op); - } else { - d[0] = op; - memset(&d[1], 0, sizeof(mp_limb_t) * (t - 1)); - } -} - -static void fp_to_mpz(mpz_ptr z, element_ptr a) { - fp_field_data_ptr p = a->field->data; - mpz_import(z, p->limbs, -1, sizeof(mp_limb_t), 0, 0, a->data); -} - -static void fp_set0(element_ptr e) { - fp_field_data_ptr p = e->field->data; - memset(e->data, 0, p->bytes); -} - -static void fp_set1(element_ptr e) { - fp_field_data_ptr p = e->field->data; - mp_limb_t *d = e->data; - memset(&d[1], 0, p->bytes - sizeof(mp_limb_t)); - d[0] = 1; -} - -static int fp_is1(element_ptr e) { - fp_field_data_ptr p = e->field->data; - size_t i, t = p->limbs; - mp_limb_t *d = e->data; - if (d[0] != 1) return 0; - for (i = 1; i < t; i++) if (d[i]) return 0; - return 1; -} - -static int fp_is0(element_ptr e) { - fp_field_data_ptr p = e->field->data; - size_t i, t = p->limbs; - mp_limb_t *d = e->data; - for (i = 0; i < t; i++) if (d[i]) return 0; - return 1; -} - -static size_t fp_out_str(FILE * stream, int base, element_ptr e) { - size_t result; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, e); - result = mpz_out_str(stream, base, z); - mpz_clear(z); - return result; -} - -static void fp_add(element_ptr r, element_ptr a, element_ptr b) { - fp_field_data_ptr p = r->field->data; - const size_t t = p->limbs; - mp_limb_t carry; - carry = mpn_add_n(r->data, a->data, b->data, t); - - if (carry || mpn_cmp(r->data, p->primelimbs, t) >= 0) { - mpn_sub_n(r->data, r->data, p->primelimbs, t); - } -} - -static void fp_double(element_ptr r, element_ptr a) { - fp_field_data_ptr p = r->field->data; - const size_t t = p->limbs; - if (mpn_lshift(r->data, a->data, t, 1) - || mpn_cmp(r->data, p->primelimbs, t) >= 0) { - mpn_sub_n(r->data, r->data, p->primelimbs, t); - } -} - -static void fp_set(element_ptr c, element_ptr a) { - fp_field_data_ptr p = a->field->data; - if (c == a) return; - - // Assembly is faster here, but I don't want to stoop to that level. - // Instead of calling slower memcpy, wrap stuff so that GMP assembly - // gets called. - /* - memcpy(c->data, a->data, p->bytes); - */ - mpz_t z1, z2; - z1->_mp_d = c->data; - z2->_mp_d = a->data; - z1->_mp_size = z1->_mp_alloc = z2->_mp_size = z2->_mp_alloc = p->limbs; - mpz_set(z1, z2); -} - -static void fp_halve(element_ptr r, element_ptr a) { - fp_field_data_ptr p = r->field->data; - const size_t t = p->limbs; - int carry = 0; - mp_limb_t *alimb = a->data; - mp_limb_t *rlimb = r->data; - if (alimb[0] & 1) carry = mpn_add_n(rlimb, alimb, p->primelimbs, t); - else fp_set(r, a); - - mpn_rshift(rlimb, rlimb, t, 1); - if (carry) rlimb[t - 1] |= ((mp_limb_t) 1) << (sizeof(mp_limb_t) * 8 - 1); -} - -static void fp_sub(element_ptr r, element_ptr a, element_ptr b) { - fp_field_data_ptr p = r->field->data; - size_t t = p->limbs; - if (mpn_sub_n(r->data, a->data, b->data, t)) { - mpn_add_n(r->data, r->data, p->primelimbs, t); - } -} - -static void fp_mul(element_ptr c, element_ptr a, element_ptr b) { - fp_field_data_ptr p = c->field->data; - size_t t = p->limbs; - //mp_limb_t tmp[3 * t + 1]; - //mp_limb_t *qp = &tmp[2 * t]; - mp_limb_t tmp[2 * t]; - mp_limb_t qp[t + 1]; - //static mp_limb_t tmp[2 * 100]; - //static mp_limb_t qp[100 + 1]; - - mpn_mul_n(tmp, a->data, b->data, t); - - mpn_tdiv_qr(qp, c->data, 0, tmp, 2 * t, p->primelimbs, t); -} - -static void fp_square(element_ptr c, element_ptr a) { - const fp_field_data_ptr r = c->field->data; - mpz_t z1, z2; - size_t diff; - - z1->_mp_d = c->data; - z1->_mp_size = z1->_mp_alloc = r->limbs; - if (c == a) { - mpz_powm_ui(z1, z1, 2, c->field->order); - } else { - z2->_mp_d = a->data; - z2->_mp_size = z2->_mp_alloc = r->limbs; - mpz_powm_ui(z1, z2, 2, c->field->order); - } - - diff = r->limbs - z1->_mp_size; - if (diff) memset(&z1->_mp_d[z1->_mp_size], 0, diff * sizeof(mp_limb_t)); - - //mpn_sqr_n() might make the code below faster than the code above - //but GMP doesn't expose this function - /* - const fp_field_data_ptr r = c->field->data; - const size_t t = r->limbs; - mp_limb_t tmp[2 * t]; - mp_limb_t qp[t + 1]; - - mpn_mul_n(tmp, a->data, a->data, t); - - mpn_tdiv_qr(qp, c->data, 0, tmp, 2 * t, r->primelimbs, t); - */ -} - -static void fp_neg(element_ptr n, element_ptr a) { - if (fp_is0(a)) { - fp_set0(n); - } else { - fp_field_data_ptr p = a->field->data; - mpn_sub_n(n->data, p->primelimbs, a->data, p->limbs); - } -} - -static void fp_mul_si(element_ptr e, element_ptr a, signed long int op) { - fp_field_data_ptr p = e->field->data; - size_t t = p->limbs; - mp_limb_t tmp[t + 1]; - mp_limb_t qp[2]; - - tmp[t] = mpn_mul_1(tmp, a->data, t, labs(op)); - mpn_tdiv_qr(qp, e->data, 0, tmp, t + 1, p->primelimbs, t); - if (op < 0) { - fp_neg(e, e); - } -} - -static void fp_pow_mpz(element_ptr c, element_ptr a, mpz_ptr op) { - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_powm(z, z, op, c->field->order); - from_mpz(c, z); - mpz_clear(z); -} - -static void fp_invert(element_ptr e, element_ptr a) { - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_invert(z, z, e->field->order); - from_mpz(e, z); - mpz_clear(z); -} - -static void fp_random(element_ptr a) { - mpz_t z; - mpz_init(z); - pbc_mpz_random(z, a->field->order); - from_mpz(a, z); - mpz_clear(z); -} - -static void fp_from_hash(element_ptr a, void *data, int len) { - mpz_t z; - - mpz_init(z); - pbc_mpz_from_hash(z, a->field->order, data, len); - fp_set_mpz(a, z); - mpz_clear(z); -} - -static int fp_cmp(element_ptr a, element_ptr b) { - fp_field_data_ptr p = a->field->data; - return mpn_cmp(a->data, b->data, p->limbs); - //return memcmp(a->data, b->data, p->limbs); -} - -static int fp_sgn_odd(element_ptr a) { - if (fp_is0(a)) return 0; - mp_limb_t *lp = a->data; - return lp[0] & 1 ? 1 : -1; -} - -static int fp_sgn_even(element_ptr a) { - fp_field_data_ptr p = a->field->data; - if (fp_is0(a)) return 0; - mp_limb_t sum[p->limbs]; - - int carry = mpn_add_n(sum, a->data, a->data, p->limbs); - if (carry) return 1; - return mpn_cmp(sum, p->primelimbs, p->limbs); -} - -static int fp_is_sqr(element_ptr a) { - int res; - mpz_t z; - mpz_init(z); - //0 is a square - if (fp_is0(a)) return 1; - fp_to_mpz(z, a); - res = mpz_legendre(z, a->field->order) == 1; - mpz_clear(z); - return res; -} - -static int fp_to_bytes(unsigned char *data, element_t e) { - mpz_t z; - int n; - - mpz_init(z); - fp_to_mpz(z, e); - n = e->field->fixed_length_in_bytes; - pbc_mpz_out_raw_n(data, n, z); - mpz_clear(z); - return n; -} - -static int fp_from_bytes(element_t e, unsigned char *data) { - int n; - mpz_t z; - - mpz_init(z); - - n = e->field->fixed_length_in_bytes; - mpz_import(z, n, 1, 1, 1, 0, data); - fp_set_mpz(e, z); - mpz_clear(z); - return n; -} - -static void fp_field_clear(field_t f) { - fp_field_data_ptr p = f->data; - pbc_free(p->primelimbs); - pbc_free(p); -} - -void field_init_fast_fp(field_ptr f, mpz_t prime) { - PBC_ASSERT(!mpz_fits_ulong_p(prime), "modulus too small"); - fp_field_data_ptr p; - field_init(f); - f->init = fp_init; - f->clear = fp_clear; - f->set_si = fp_set_si; - f->set_mpz = fp_set_mpz; - f->out_str = fp_out_str; - f->add = fp_add; - f->sub = fp_sub; - f->set = fp_set; - f->mul = fp_mul; - f->mul_si = fp_mul_si; - f->square = fp_square; - f->doub = fp_double; - f->halve = fp_halve; - f->pow_mpz = fp_pow_mpz; - f->neg = fp_neg; - f->cmp = fp_cmp; - f->sign = mpz_odd_p(prime) ? fp_sgn_odd : fp_sgn_even; - f->invert = fp_invert; - f->random = fp_random; - f->from_hash = fp_from_hash; - f->is1 = fp_is1; - f->is0 = fp_is0; - f->set0 = fp_set0; - f->set1 = fp_set1; - f->is_sqr = fp_is_sqr; - f->sqrt = element_tonelli; - f->field_clear = fp_field_clear; - f->to_bytes = fp_to_bytes; - f->from_bytes = fp_from_bytes; - f->to_mpz = fp_to_mpz; - - p = f->data = pbc_malloc(sizeof(fp_field_data_t)); - p->limbs = mpz_size(prime); - p->bytes = p->limbs * sizeof(mp_limb_t); - p->primelimbs = pbc_malloc(p->bytes); - mpz_export(p->primelimbs, &p->limbs, -1, sizeof(mp_limb_t), 0, 0, prime); - - mpz_set(f->order, prime); - f->fixed_length_in_bytes = (mpz_sizeinbase(prime, 2) + 7) / 8; -} diff --git a/moon-abe/pbc-0.5.14/arith/field.c b/moon-abe/pbc-0.5.14/arith/field.c deleted file mode 100644 index af94e37f..00000000 --- a/moon-abe/pbc-0.5.14/arith/field.c +++ /dev/null @@ -1,889 +0,0 @@ -#include -#include -#include // for intptr_t -#include -#include -#include // for memcmp() -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_multiz.h" -#include "pbc_memory.h" - -// returns recommended window size. n is exponent. -static int optimal_pow_window_size(mpz_ptr n) { - int exp_bits; - - exp_bits = mpz_sizeinbase(n, 2); - - // try to minimize 2^k + n/(k+1). - return exp_bits > 9065 ? 8 : - exp_bits > 3529 ? 7 : - exp_bits > 1324 ? 6 : - exp_bits > 474 ? 5 : - exp_bits > 157 ? 4 : - exp_bits > 47 ? 3 : - 2; -} - -/* builds k-bit lookup window for base a */ -static element_t *build_pow_window(element_ptr a, int k) { - int s; - int lookup_size; - element_t *lookup; - - if (k < 1) return NULL; // no window - - /* build 2^k lookup table. lookup[i] = x^i. */ - /* TODO: a more careful word-finding algorithm would allow - * us to avoid calculating even lookup entries > 2 - */ - lookup_size = 1 << k; - lookup = pbc_malloc(lookup_size * sizeof(element_t)); - element_init(lookup[0], a->field); - element_set1(lookup[0]); - for (s = 1; s < lookup_size; s++) { - element_init(lookup[s], a->field); - element_mul(lookup[s], lookup[s - 1], a); - } - - return lookup; -} - -static void clear_pow_window(int k, element_t * lookup) { - int s; - int lookup_size = 1 << k; - - for (s = 0; s < lookup_size; s++) { - element_clear(lookup[s]); - } - pbc_free(lookup); -} - -/* - * left-to-right exponentiation with k-bit window. - * NB. must have k >= 1. - */ -static void element_pow_wind(element_ptr x, mpz_ptr n, - int k, element_t * a_lookup) { - int s; - int bit; - - int inword; // boolean: currently reading word? - int word = 0; // the word to look up. 0field); - element_set1(result); - - for (inword = 0, s = mpz_sizeinbase(n, 2) - 1; s >= 0; s--) { - element_square(result, result); - bit = mpz_tstbit(n, s); - - if (!inword && !bit) - continue; // keep scanning. note continue. - - if (!inword) { // was scanning, just found word - inword = 1; // so, start new word - word = 1; - wbits = 1; - } else { - word = (word << 1) + bit; - wbits++; // continue word - } - - if (wbits == k || s == 0) { - element_mul(result, result, a_lookup[word]); - inword = 0; - } - } - - element_set(x, result); - element_clear(result); -} - -static void generic_pow_mpz(element_ptr x, element_ptr a, mpz_ptr n) { - int k; - element_t *a_lookup; - - if (mpz_is0(n)) { - element_set1(x); - return; - } - - k = optimal_pow_window_size(n); - a_lookup = build_pow_window(a, k); - element_pow_wind(x, n, k, a_lookup); - clear_pow_window(k, a_lookup); -} - -/* TODO: Allow fields to choose this exponentiation routine so we can compare. -static void naive_generic_pow_mpz(element_ptr x, element_ptr a, mpz_ptr n) { - int s; - - element_t result; - - if (mpz_is0(n)) { - element_set1(x); - return; - } - - element_init(result, x->field); - element_set1(result); - - for (s = mpz_sizeinbase(n, 2) - 1; s >= 0; s--) { - element_square(result, result); - if (mpz_tstbit(n, s)) { - element_mul(result, result, a); - } - } - element_set(x, result); - element_clear(result); -} -*/ - -void element_pow2_mpz(element_ptr x, element_ptr a1, mpz_ptr n1, - element_ptr a2, mpz_ptr n2) { - int s, s1, s2; - int b1, b2; - - element_t result, a1a2; - - if (mpz_is0(n1) && mpz_is0(n2)) { - element_set1(x); - return; - } - - element_init(result, x->field); - element_set1(result); - - element_init(a1a2, x->field); - element_mul(a1a2, a1, a2); - - s1 = mpz_sizeinbase(n1, 2) - 1; - s2 = mpz_sizeinbase(n2, 2) - 1; - for (s = (s1 > s2) ? s1 : s2; s >= 0; s--) { - element_mul(result, result, result); - b1 = mpz_tstbit(n1, s); - b2 = mpz_tstbit(n2, s); - if (b1 && b2) { - element_mul(result, result, a1a2); - } else if (b1) { - element_mul(result, result, a1); - } else if (b2) { - element_mul(result, result, a2); - } - } - - element_set(x, result); - element_clear(result); - element_clear(a1a2); -} - -void element_pow3_mpz(element_ptr x, element_ptr a1, mpz_ptr n1, - element_ptr a2, mpz_ptr n2, - element_ptr a3, mpz_ptr n3) { - int s, s1, s2, s3; - int b; - int i; - - element_t result; - element_t lookup[8]; - - if (mpz_is0(n1) && mpz_is0(n2) && mpz_is0(n3)) { - element_set1(x); - return; - } - - element_init(result, x->field); - element_set1(result); - - for (i = 0; i < 8; i++) - element_init(lookup[i], x->field); - - // build lookup table. - element_set1(lookup[0]); - element_set(lookup[1], a1); - element_set(lookup[2], a2); - element_set(lookup[4], a3); - element_mul(lookup[3], a1, a2); - element_mul(lookup[5], a1, a3); - element_mul(lookup[6], a2, a3); - element_mul(lookup[7], lookup[6], a1); - - // calculate largest exponent bitsize - s1 = mpz_sizeinbase(n1, 2) - 1; - s2 = mpz_sizeinbase(n2, 2) - 1; - s3 = mpz_sizeinbase(n3, 2) - 1; - s = (s1 > s2) ? ((s1 > s3) ? s1 : s3) - : ((s2 > s3) ? s2 : s3); - - for (; s >= 0; s--) { - element_mul(result, result, result); - b = (mpz_tstbit(n1, s)) - + (mpz_tstbit(n2, s) << 1) - + (mpz_tstbit(n3, s) << 2); - element_mul(result, result, lookup[b]); - } - - element_set(x, result); - element_clear(result); - for (i = 0; i < 8; i++) - element_clear(lookup[i]); -} - -struct element_base_table { - int k; - int bits; - int num_lookups; - element_t **table; -}; - -/* build k-bit base table for n-bit exponentiation w/ base a */ -static void *element_build_base_table(element_ptr a, int bits, int k) { - struct element_base_table *base_table; - element_t multiplier; - int i, j; - int lookup_size; - - element_t *lookup; - - // pbc_info("building %d bits %d k", bits, k); - lookup_size = 1 << k; - - base_table = pbc_malloc(sizeof(struct element_base_table)); - base_table->num_lookups = bits / k + 1; - base_table->k = k; - base_table->bits = bits; - base_table->table = - pbc_malloc(base_table->num_lookups * sizeof(element_t *)); - - element_init(multiplier, a->field); - element_set(multiplier, a); - - for (i = 0; i < base_table->num_lookups; i++) { - lookup = pbc_malloc(lookup_size * sizeof(element_t)); - element_init(lookup[0], a->field); - element_set1(lookup[0]); - for (j = 1; j < lookup_size; j++) { - element_init(lookup[j], a->field); - element_mul(lookup[j], multiplier, lookup[j - 1]); - } - element_mul(multiplier, multiplier, lookup[lookup_size - 1]); - base_table->table[i] = lookup; - } - - element_clear(multiplier); - return base_table; -} - -/* - * exponentiation using aggressive base lookup table - * must have k >= 1. - */ -static void element_pow_base_table(element_ptr x, mpz_ptr power, - struct element_base_table *base_table) { - int word; /* the word to look up. 0field->order) > 0) { - mpz_mod(n, n, x->field->order); - } - - element_init(result, x->field); - element_set1(result); - - num_lookups = mpz_sizeinbase(n, 2) / base_table->k + 1; - - for (row = 0; row < num_lookups; row++) { - word = 0; - for (s = 0; s < base_table->k; s++) { - word |= mpz_tstbit(n, base_table->k * row + s) << s; - } - if (word > 0) { - element_mul(result, result, base_table->table[row][word]); - } - } - - element_set(x, result); - element_clear(result); - mpz_clear(n); -} - -static void default_element_pp_init(element_pp_t p, element_t in) { - p->data = - element_build_base_table(in, mpz_sizeinbase(in->field->order, 2), 5); -} - -static void default_element_pp_pow(element_t out, mpz_ptr power, element_pp_t p) { - element_pow_base_table(out, power, p->data); -} - -static void default_element_pp_clear(element_pp_t p) { - struct element_base_table *base_table = p->data; - int lookup_size = 1 << base_table->k; - element_t *lookup; - int i, j; - - element_t **epp = base_table->table; - - for (i = 0; i < base_table->num_lookups; i++) { - lookup = epp[i]; - for (j = 0; j < lookup_size; j++) { - element_clear(lookup[j]); - } - pbc_free(lookup); - } - pbc_free(epp); - - pbc_free(base_table); -} - -void field_set_nqr(field_ptr f, element_t nqr) { - if (!f->nqr) { - f->nqr = pbc_malloc(sizeof(element_t)); - element_init(f->nqr, f); - } - element_set(f->nqr, nqr); -} - -void field_gen_nqr(field_ptr f) { - f->nqr = pbc_malloc(sizeof(element_t)); - element_init(f->nqr, f); - do { - element_random(f->nqr); - } while (element_is_sqr(f->nqr)); -} - -element_ptr field_get_nqr(field_ptr f) { - if (!f->nqr) field_gen_nqr(f); - return f->nqr; -} - -static void generic_square(element_ptr r, element_ptr a) { - element_mul(r, a, a); -} -static void generic_mul_mpz(element_ptr r, element_ptr a, mpz_ptr z) { - element_t e0; - element_init(e0, r->field); - element_set_mpz(e0, z); - element_mul(r, a, e0); - element_clear(e0); -} - -static void generic_mul_si(element_ptr r, element_ptr a, signed long int n) { - element_t e0; - element_init(e0, r->field); - element_set_si(e0, n); - element_mul(r, a, e0); - element_clear(e0); -} - -static void generic_double(element_ptr r, element_ptr a) { - element_add(r, a, a); -} - -static void generic_halve(element_ptr r, element_ptr a) { - element_t e0; - element_init(e0, r->field); - element_set_si(e0, 2); - element_invert(e0, e0); - element_mul(r, a, e0); - element_clear(e0); -} - -static void zero_to_mpz(mpz_t z, element_ptr a) { - UNUSED_VAR(a); - mpz_set_ui(z, 0); -} - -static void zero_set_mpz(element_ptr a, mpz_t z) { - UNUSED_VAR(z); - element_set0(a); -} - -static void zero_random(element_ptr a) { - element_set0(a); -} - -static void generic_set_si(element_ptr a, long int si) { - mpz_t z; - mpz_init(z); - mpz_set_si(z, si); - element_set_mpz(a, z); - mpz_clear(z); -} - -static void generic_set_multiz(element_ptr a, multiz m) { - mpz_t z; - mpz_init(z); - multiz_to_mpz(z, m); - element_set_mpz(a, z); - mpz_clear(z); -} - -static void generic_sub(element_ptr c, element_ptr a, element_ptr b) { - if (c != a) { - element_neg(c, b); - element_add(c, c, a); - } else { - element_t tmp; - element_init(tmp, a->field); - element_neg(tmp, b); - element_add(c, tmp, a); - element_clear(tmp); - } -} - -static void generic_div(element_ptr c, element_ptr a, element_ptr b) { - if (c != a) { - element_invert(c, b); - element_mul(c, c, a); - } else { - element_t tmp; - element_init(tmp, a->field); - element_invert(tmp, b); - element_mul(c, tmp, a); - element_clear(tmp); - } -} - -static void generic_add_ui(element_ptr c, element_ptr a, - unsigned long int b) { - element_t e; - mpz_t z; - element_init(e, c->field); - mpz_init(z); - mpz_set_ui(z, b); - element_set_mpz(e, z); - element_add(c, a, e); - mpz_clear(z); - element_clear(e); -} - -static int generic_cmp(element_ptr a, element_ptr b) { - int result; - unsigned char *buf1, *buf2; - int len; - if (a == b) return 0; - len = element_length_in_bytes(a); - if (len != element_length_in_bytes(b)) return 1; - buf1 = pbc_malloc(len); - buf2 = pbc_malloc(len); - element_to_bytes(buf1, a); - element_to_bytes(buf2, b); - result = memcmp(buf1, buf2, len); - pbc_free(buf1); - pbc_free(buf2); - return result; -} - -static int generic_is0(element_ptr a) { - int result; - element_t b; - element_init(b, a->field); - result = !element_cmp(a, b); // element_cmp returns 0 if 'a' and 'b' are the same, nonzero otherwise. generic_is0 returns true if 'a' is 0. - element_clear(b); - return result; -} - -static int generic_is1(element_ptr a) { - int result; - element_t b; - element_init(b, a->field); - element_set1(b); - result = !element_cmp(a, b); // element_cmp returns 0 if 'a' and 'b' are the same, nonzero otherwise. generic_is1 returns true if 'a' is 1. - element_clear(b); - return result; -} - -static void generic_out_info(FILE * out, field_ptr f) { - element_fprintf(out, "unknown field %p, order = %Zd", f, f->order); -} - -static int generic_item_count(element_ptr e) { - UNUSED_VAR(e); - return 0; -} - -static element_ptr generic_item(element_ptr e, int i) { - UNUSED_VAR(e); - UNUSED_VAR(i); - return NULL; -} - -static element_ptr generic_get_x(element_ptr e) { - return element_item(e, 0); -} - -static element_ptr generic_get_y(element_ptr e) { - return element_item(e, 1); -} - -static int default_element_snprint(char *s, size_t n, element_t e) { - UNUSED_VAR(e); - if (n == 1) { - s[0] = '0'; - } else if (n >= 2) { - s[0] = '?'; - s[1] = '\0'; - } - return 1; -} - -static int default_element_set_str(element_t e, const char *s, int base) { - UNUSED_VAR(s); - UNUSED_VAR(base); - element_set0(e); - return 0; -} - -static void warn_field_clear(field_ptr f) { - pbc_warn("field %p has no clear function", f); -} - -void field_out_info(FILE* out, field_ptr f) { - f->out_info(out, f); -} - -void field_init(field_ptr f) { - // should be called by each field_init_* - f->nqr = NULL; - mpz_init(f->order); - - // this should later be set - f->field_clear = warn_field_clear; - - // and this to something more helpful - f->out_info = generic_out_info; - - // many of these can usually be optimized for particular fields - // provided for developer's convenience - f->halve = generic_halve; - f->doub = generic_double; - f->square = generic_square; - f->mul_mpz = generic_mul_mpz; - f->mul_si = generic_mul_si; - f->cmp = generic_cmp; - f->sub = generic_sub; - f->div = generic_div; - f->add_ui = generic_add_ui; - - // default: converts all elements to integer 0 - // reads all integers as 0 - // random always outputs 0 - f->to_mpz = zero_to_mpz; - f->set_mpz = zero_set_mpz; - f->set_multiz = generic_set_multiz; - f->random = zero_random; - f->set_si = generic_set_si; - f->is1 = generic_is1; - f->is0 = generic_is0; - - // By default, an element has no components. - f->item_count = generic_item_count; - f->item = generic_item; - f->get_x = generic_get_x; - f->get_y = generic_get_y; - - // these are fast, thanks to Hovav - f->pow_mpz = generic_pow_mpz; - f->pp_init = default_element_pp_init; - f->pp_clear = default_element_pp_clear; - f->pp_pow = default_element_pp_pow; - - f->snprint = default_element_snprint; - f->set_str = default_element_set_str; - f->pairing = NULL; -} - -void field_clear(field_ptr f) { - if (f->nqr) { - element_clear(f->nqr); - pbc_free(f->nqr); - } - mpz_clear(f->order); - f->field_clear(f); -} - -void pbc_mpz_out_raw_n(unsigned char *data, int n, mpz_t z) { - size_t count; - if (mpz_sgn(z)) { - count = (mpz_sizeinbase(z, 2) + 7) / 8; - mpz_export(&data[n - count], NULL, 1, 1, 1, 0, z); - memset(data, 0, n - count); - } else { - memset(data, 0, n); - } -} - -//for short hashes H, do -// buf = H || 0 || H || 1 || H || ... -//before calling mpz_import -void pbc_mpz_from_hash(mpz_t z, mpz_t limit, - unsigned char *data, unsigned int len) { - size_t i = 0, n, count = (mpz_sizeinbase(limit, 2) + 7) / 8; - unsigned char buf[count]; - unsigned char counter = 0; - int done = 0; - for (;;) { - if (len >= count - i) { - n = count - i; - done = 1; - } else n = len; - memcpy(buf + i, data, n); - i += n; - if (done) break; - buf[i] = counter; - counter++; - i++; - if (i == count) break; - } - PBC_ASSERT(i == count, "did not read whole buffer"); - mpz_import(z, count, 1, 1, 1, 0, buf); - while (mpz_cmp(z, limit) > 0) { - mpz_tdiv_q_2exp(z, z, 1); - } -} - -// Square root algorithm for Fp. -// TODO: What happens if this is run on other kinds of fields? -void element_tonelli(element_ptr x, element_ptr a) { - int s; - int i; - mpz_t e; - mpz_t t, t0; - element_t ginv, e0; - element_ptr nqr; - - mpz_init(t); - mpz_init(e); - mpz_init(t0); - element_init(ginv, a->field); - element_init(e0, a->field); - nqr = field_get_nqr(a->field); - - element_invert(ginv, nqr); - - //let q be the order of the field - //q - 1 = 2^s t, t odd - mpz_sub_ui(t, a->field->order, 1); - s = mpz_scan1(t, 0); - mpz_tdiv_q_2exp(t, t, s); - mpz_set_ui(e, 0); - for (i = 2; i <= s; i++) { - mpz_sub_ui(t0, a->field->order, 1); - mpz_tdiv_q_2exp(t0, t0, i); - element_pow_mpz(e0, ginv, e); - element_mul(e0, e0, a); - element_pow_mpz(e0, e0, t0); - if (!element_is1(e0)) mpz_setbit(e, i - 1); - } - element_pow_mpz(e0, ginv, e); - element_mul(e0, e0, a); - mpz_add_ui(t, t, 1); - mpz_tdiv_q_2exp(t, t, 1); - mpz_tdiv_q_2exp(e, e, 1); - - // (suggested by Hovav Shacham) replace next three lines with - // element_pow2_mpz(x, e0, t, nqr, e); - // once sliding windows are implemented for pow2. - element_pow_mpz(e0, e0, t); - element_pow_mpz(x, nqr, e); - element_mul(x, x, e0); - - mpz_clear(t); - mpz_clear(e); - mpz_clear(t0); - element_clear(ginv); - element_clear(e0); -} - -// Like mpz_set_str except returns number of bytes read and allows trailing -// junk. This simplifies code for parsing elements like "[123, 456]". -// TODO: Handle 0x, 0X and 0 conventions for hexadecimal and octal. -int pbc_mpz_set_str(mpz_t z, const char *s, int base) { - int b, i = 0; - mpz_set_ui(z, 0); - if (!base) b = 10; - else if (base < 2 || base > 36) return 0; - else b = base; - - for (;;) { - int j; - char c = s[i]; - if (!c) break; - if (isspace(c)) { - i++; - continue; - } - if (isdigit(c)) { - j = c - '0'; - } else if (c >= 'A' && c <= 'Z') { - j = c - 'A'; - } else if (c >= 'a' && c <= 'z') { - j = c - 'a'; - } else break; - - if (j >= b) break; - - mpz_mul_ui(z, z, b); - mpz_add_ui(z, z, j); - i++; - } - return i; -} - -// Divides `n` with primes up to `limit`. For each factor found, -// call `fun`. If the callback returns nonzero, then aborts and returns 1. -// Otherwise returns 0. -int pbc_trial_divide(int (*fun)(mpz_t factor, - unsigned int multiplicity, - void *scope_ptr), - void *scope_ptr, - mpz_t n, - mpz_ptr limit) { - mpz_t p, m; - mpz_t fac; - unsigned int mul; - - mpz_init(fac); - mpz_init(p); - mpz_init(m); - mpz_set(m ,n); - mpz_set_ui(p, 2); - - while (mpz_cmp_ui(m, 1)) { - if (mpz_probab_prime_p(m, 10)) { - mpz_set(p, m); - } - if (limit && mpz_cmp(p, limit) > 0) { - mpz_set(p, m); - } - if (mpz_divisible_p(m, p)) { - mul = 0; - mpz_set(fac, p); - do { - mpz_divexact(m, m, p); - mul++; - } while (mpz_divisible_p(m, p)); - if (fun(fac, mul, scope_ptr)) { - mpz_clear(fac); - mpz_clear(m); - mpz_clear(p); - return 1; - } - } - mpz_nextprime(p, p); - } - - mpz_clear(fac); - mpz_clear(m); - mpz_clear(p); - return 0; -} - -// For each digit of 'n', call fun(). If it returns 1, then return 1 and -// abort. Otherwise return 0. -int pbc_mpz_trickle(int (*fun)(char), int base, mpz_t n) { - // TODO: Support different bases. - if (!base) base = 10; - if (base < 2 || base > 10) { - pbc_warn("only bases 2 to 10 supported"); - return 1; - } - mpz_t d, z, q; - mpz_init(d); - mpz_init(z); - mpz_init(q); - mpz_set(z, n); - int res; - int len; - mpz_ui_pow_ui(d, base, len = mpz_sizeinbase(z, base)); - if (mpz_cmp(d, z) > 0) { - len--; - mpz_divexact_ui(d, d, base); - } - while (mpz_cmp_ui(z, base) >= 0) { - mpz_fdiv_qr(q, z, z, d); - res = fun('0' + mpz_get_ui(q)); - if (res) goto clean; - mpz_divexact_ui(d, d, base); - len--; - } - while (len) { - res = fun('0'); - if (res) goto clean; - len--; - } - res = fun('0' + mpz_get_ui(z)); -clean: - mpz_clear(q); - mpz_clear(z); - mpz_clear(d); - return res; -} - -void element_multi_double(element_t n[], element_t a[], int m) { - element_ptr *temp1 = pbc_malloc(sizeof(*temp1)*m); - element_ptr *temp2 = pbc_malloc(sizeof(*temp2)*m); - int i; - - for(i=0; ifield->multi_doub(temp1, temp2, m); - pbc_free(temp1); - pbc_free(temp2); -} - -void element_multi_add(element_t n[], element_t a[],element_t b[], int m) { - size_t size = sizeof(element_ptr)*m; - element_ptr *temp1 = pbc_malloc(size); - element_ptr *temp2 = pbc_malloc(size); - element_ptr *temp3 = pbc_malloc(size); - - int i; - for(i=0; ifield->multi_add(temp1, temp2, temp3, m); - pbc_free(temp1); - pbc_free(temp2); - pbc_free(temp3); -} - -element_ptr element_new(field_ptr f) { - element_ptr e = pbc_malloc(sizeof(*e)); - element_init(e, f); - return e; -} - -void element_free(element_ptr e) { - element_clear(e); - pbc_free(e); -} diff --git a/moon-abe/pbc-0.5.14/arith/fieldquadratic.c b/moon-abe/pbc-0.5.14/arith/fieldquadratic.c deleted file mode 100644 index bfb46027..00000000 --- a/moon-abe/pbc-0.5.14/arith/fieldquadratic.c +++ /dev/null @@ -1,692 +0,0 @@ -// Quadratic extension fields. -// -// The fq_ functions are for general quadratic extensions. -// The fi_ functions are faster versions of some of these functions specialized -// for fields extended by sqrt(-1). -// TODO: Instead of lazily generating a quadratic nonresidue, in this case -// we can use sqrt(base field nqr) as the nqr of the extension. - -#include -#include -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_multiz.h" -#include "pbc_fieldquadratic.h" -#include "pbc_memory.h" - -// Per-element data. -typedef struct { - // Elements have the form x + ya, where a is the square root of a quadratic - // nonresidue in the base field. - element_t x; - element_t y; -} *eptr; - -// Per-field data: we use ''data'' as a field_ptr to the base field. - -// Return the quadratic nonresidue used to build this field. -// Should only be called from routines used exclusively by the generic quadratic -// extension code. -static inline element_ptr fq_nqr(field_ptr f) { - return field_get_nqr((field_ptr) f->data); -} - -static void fq_init(element_ptr e) { - eptr p = e->data = pbc_malloc(sizeof(*p)); - field_ptr f = e->field->data; - element_init(p->x, f); - element_init(p->y, f); -} - -static void fq_clear(element_ptr e) { - eptr p = e->data; - element_clear(p->x); - element_clear(p->y); - pbc_free(e->data); -} - -static void fq_set_si(element_ptr e, signed long int i) { - eptr p = e->data; - element_set_si(p->x, i); - element_set0(p->y); -} - -static void fq_set_mpz(element_ptr e, mpz_t z) { - eptr p = e->data; - element_set_mpz(p->x, z); - element_set0(p->y); -} - -// Projection: attempts to convert Re(e) to mpz. -static void fq_to_mpz(mpz_t z, element_ptr e) { - eptr p = e->data; - element_to_mpz(z, p->x); -} - -static void fq_set0(element_ptr e) { - eptr p = e->data; - element_set0(p->x); - element_set0(p->y); -} - -static void fq_set1(element_ptr e) { - eptr p = e->data; - element_set1(p->x); - element_set0(p->y); -} - -static int fq_is0(element_ptr e) { - eptr p = e->data; - return element_is0(p->x) && element_is0(p->y); -} - -static int fq_is1(element_ptr e) { - eptr p = e->data; - return element_is1(p->x) && element_is0(p->y); -} - -static size_t fq_out_str(FILE *stream, int base, element_ptr e) { - size_t result = 4, status; - eptr p = e->data; - if (EOF == fputc('[', stream)) return 0; - result = element_out_str(stream, base, p->x); - if (!result) return 0; - if (EOF == fputs(", ", stream)) return 0; - status = element_out_str(stream, base, p->y); - if (!status) return 0; - if (EOF == fputc(']', stream)) return 0; - return result + status; -} - -static int fq_snprint(char *s, size_t n, element_ptr e) { - eptr p = e->data; - size_t result = 0, left; - int status; - - #define clip_sub() { \ - result += status; \ - left = result >= n ? 0 : n - result; \ - } - - status = snprintf(s, n, "["); - if (status < 0) return status; - clip_sub(); - status = element_snprint(s + result, left, p->x); - if (status < 0) return status; - clip_sub(); - status = snprintf(s + result, left, ", "); - if (status < 0) return status; - clip_sub(); - status = element_snprint(s + result, left, p->y); - if (status < 0) return status; - clip_sub(); - status = snprintf(s + result, left, "]"); - if (status < 0) return status; - return result + status; - #undef clip_sub -} - -static void fq_set_multiz(element_ptr e, multiz m) { - eptr p = e->data; - if (multiz_is_z(m)) { - element_set_multiz(p->x, m); - element_set0(p->y); - return; - } - element_set_multiz(p->x, multiz_at(m, 0)); - if (2 > multiz_count(m)) element_set0(p->y); - else element_set_multiz(p->y, multiz_at(m, 1)); -} - -static int fq_set_str(element_ptr e, const char *s, int base) { - const char *cp = s; - element_set0(e); - while (*cp && isspace(*cp)) cp++; - if (*cp++ != '[') return 0; - eptr p = e->data; - cp += element_set_str(p->x, cp, base); - while (*cp && isspace(*cp)) cp++; - if (*cp++ != ',') return 0; - cp += element_set_str(p->y, cp, base); - if (*cp++ != ']') return 0; - return cp - s; -} - -static int fq_sign(element_ptr n) { - int res; - eptr r = n->data; - res = element_sign(r->x); - if (!res) return element_sign(r->y); - return res; -} - -static void fq_add(element_ptr n, element_ptr a, element_ptr b) { - eptr p = a->data; - eptr q = b->data; - eptr r = n->data; - element_add(r->x, p->x, q->x); - element_add(r->y, p->y, q->y); -} - -static void fq_double(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_double(r->x, p->x); - element_double(r->y, p->y); -} - -static void fq_sub(element_ptr n, element_ptr a, element_ptr b) { - eptr p = a->data; - eptr q = b->data; - eptr r = n->data; - element_sub(r->x, p->x, q->x); - element_sub(r->y, p->y, q->y); -} - -static void fq_set(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_set(r->x, p->x); - element_set(r->y, p->y); -} - -static void fq_mul(element_ptr n, element_ptr a, element_ptr b) { - eptr p = a->data; - eptr q = b->data; - eptr r = n->data; - - element_ptr nqr = fq_nqr(n->field); - element_t e0, e1, e2; - - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_init(e2, e0->field); - /* naive: - element_mul(e0, p->x, q->x); - element_mul(e1, p->y, q->y); - element_mul(e1, e1, nqr); - element_add(e0, e0, e1); - element_mul(e1, p->x, q->y); - element_mul(e2, p->y, q->x); - element_add(e1, e1, e2); - element_set(r->x, e0); - element_set(r->y, e1); - */ - // Karatsuba: - element_add(e0, p->x, p->y); - element_add(e1, q->x, q->y); - element_mul(e2, e0, e1); - element_mul(e0, p->x, q->x); - element_mul(e1, p->y, q->y); - element_mul(r->x, e1, nqr); - element_add(r->x, r->x, e0); - element_sub(e2, e2, e0); - element_sub(r->y, e2, e1); - - element_clear(e0); - element_clear(e1); - element_clear(e2); -} - -static void fq_mul_mpz(element_ptr n, element_ptr a, mpz_ptr z) { - eptr p = a->data; - eptr r = n->data; - element_mul_mpz(r->x, p->x, z); - element_mul_mpz(r->y, p->y, z); -} - -static void fq_mul_si(element_ptr n, element_ptr a, signed long int z) { - eptr p = a->data; - eptr r = n->data; - element_mul_si(r->x, p->x, z); - element_mul_si(r->y, p->y, z); -} - -static void fq_square(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_ptr nqr = fq_nqr(n->field); - element_t e0, e1; - - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_mul(e1, e1, nqr); - element_add(e0, e0, e1); - element_mul(e1, p->x, p->y); - //TODO: which is faster? - //element_add(e1, e1, e1); - element_double(e1, e1); - element_set(r->x, e0); - element_set(r->y, e1); - element_clear(e0); - element_clear(e1); -} - -static void fq_neg(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_neg(r->x, p->x); - element_neg(r->y, p->y); -} - -static void fq_random(element_ptr e) { - eptr p = e->data; - element_random(p->x); - element_random(p->y); -} - -static int fq_cmp(element_ptr a, element_ptr b) { - eptr p = a->data; - eptr q = b->data; - return element_cmp(p->x, q->x) || element_cmp(p->y, q->y); -} - -static void fq_invert(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_ptr nqr = fq_nqr(n->field); - element_t e0, e1; - - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_mul(e1, e1, nqr); - element_sub(e0, e0, e1); - element_invert(e0, e0); - element_mul(r->x, p->x, e0); - element_neg(e0, e0); - element_mul(r->y, p->y, e0); - - element_clear(e0); - element_clear(e1); -} - -static void fq_from_hash(element_ptr n, void *data, int len) { - eptr r = n->data; - int k = len / 2; - element_from_hash(r->x, data, k); - element_from_hash(r->y, (char *)data + k, len - k); -} - -static int fq_length_in_bytes(element_ptr e) { - eptr p = e->data; - return element_length_in_bytes(p->x) + element_length_in_bytes(p->y); -} - -static int fq_to_bytes(unsigned char *data, element_t e) { - eptr p = e->data; - int len; - len = element_to_bytes(data, p->x); - len += element_to_bytes(data + len, p->y); - return len; -} - -static int fq_from_bytes(element_t e, unsigned char *data) { - eptr p = e->data; - int len; - len = element_from_bytes(p->x, data); - len += element_from_bytes(p->y, data + len); - return len; -} - -static int fq_is_sqr(element_ptr e) { - //x + y sqrt(nqr) is a square iff x^2 - nqr y^2 is (in the base field) - eptr p = e->data; - element_t e0, e1; - element_ptr nqr = fq_nqr(e->field); - int result; - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_mul(e1, e1, nqr); - element_sub(e0, e0, e1); - result = element_is_sqr(e0); - element_clear(e0); - element_clear(e1); - return result; -} - -static void fq_sqrt(element_ptr n, element_ptr e) { - eptr p = e->data; - eptr r = n->data; - element_ptr nqr = fq_nqr(n->field); - element_t e0, e1, e2; - - //if (a+b sqrt(nqr))^2 = x+y sqrt(nqr) then - //2a^2 = x +- sqrt(x^2 - nqr y^2) - //(take the sign which allows a to exist) - //and 2ab = y - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_init(e2, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_mul(e1, e1, nqr); - element_sub(e0, e0, e1); - element_sqrt(e0, e0); - //e0 = sqrt(x^2 - nqr y^2) - element_add(e1, p->x, e0); - element_set_si(e2, 2); - element_invert(e2, e2); - element_mul(e1, e1, e2); - //e1 = (x + sqrt(x^2 - nqr y^2))/2 - if (!element_is_sqr(e1)) { - element_sub(e1, e1, e0); - //e1 should be a square - } - element_sqrt(e0, e1); - element_add(e1, e0, e0); - element_invert(e1, e1); - element_mul(r->y, p->y, e1); - element_set(r->x, e0); - element_clear(e0); - element_clear(e1); - element_clear(e2); -} - -static int fq_item_count(element_ptr e) { - UNUSED_VAR(e); - return 2; -} - -static element_ptr fq_item(element_ptr e, int i) { - eptr p = e->data; - switch(i) { - case 0: - return p->x; - case 1: - return p->y; - default: - return NULL; - } -} - -static void field_clear_fq(field_ptr f) { - UNUSED_VAR(f); - //f->order gets cleared automatically -} - -static void fq_out_info(FILE *out, field_ptr f) { - field_ptr fbase = f->data; - element_fprintf(out, "extension x^2 + %B, base field: ", fq_nqr(f)); - field_out_info(out, fbase); -} - -// Specialized versions of some of the above for the case K[i]. - -static void fi_mul(element_ptr n, element_ptr a, element_ptr b) { - eptr p = a->data; - eptr q = b->data; - eptr r = n->data; - element_t e0, e1, e2; - - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_init(e2, e0->field); - /* Naive method: - element_mul(e0, p->x, q->x); - element_mul(e1, p->y, q->y); - element_sub(e0, e0, e1); - element_mul(e1, p->x, q->y); - element_mul(e2, p->y, q->x); - element_add(e1, e1, e2); - element_set(r->x, e0); - element_set(r->y, e1); - */ - // Karatsuba multiplicaiton: - element_add(e0, p->x, p->y); - element_add(e1, q->x, q->y); - element_mul(e2, e0, e1); - element_mul(e0, p->x, q->x); - element_sub(e2, e2, e0); - element_mul(e1, p->y, q->y); - element_sub(r->x, e0, e1); - element_sub(r->y, e2, e1); - - element_clear(e0); - element_clear(e1); - element_clear(e2); -} - -static void fi_square(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_t e0, e1; - - element_init(e0, p->x->field); - element_init(e1, e0->field); - // Re(n) = x^2 - y^2 = (x+y)(x-y) - element_add(e0, p->x, p->y); - element_sub(e1, p->x, p->y); - element_mul(e0, e0, e1); - // Im(n) = 2xy - element_mul(e1, p->x, p->y); - element_add(e1, e1, e1); - element_set(r->x, e0); - element_set(r->y, e1); - element_clear(e0); - element_clear(e1); -} - -static void fi_invert(element_ptr n, element_ptr a) { - eptr p = a->data; - eptr r = n->data; - element_t e0, e1; - - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_add(e0, e0, e1); - element_invert(e0, e0); - element_mul(r->x, p->x, e0); - element_neg(e0, e0); - element_mul(r->y, p->y, e0); - - element_clear(e0); - element_clear(e1); -} - -static int fi_is_sqr(element_ptr e) { - // x + yi is a square <=> x^2 + y^2 is (in the base field). - - // Proof: (=>) if x+yi = (a+bi)^2, then a^2 - b^2 = x, 2ab = y, - // thus (a^2 + b^2)^2 = (a^2 - b^2)^2 + (2ab)^2 = x^2 + y^2 - - // (<=) Suppose A^2 = x^2 + y^2. If there exist a, b satisfying: - // a^2 = (+-A + x)/2, b^2 = (+-A - x)/2 - // then (a + bi)^2 = x + yi. - // - // We show that exactly one of (A + x)/2, (-A + x)/2 is a quadratic residue - // (thus a, b do exist). Suppose not. Then the product (x^2 - A^2) / 4 is - // some quadratic residue, a contradiction since this would imply x^2 - A^2 = - // -y^2 is also a quadratic residue, but we know -1 is not a quadratic - // residue. QED. - eptr p = e->data; - element_t e0, e1; - int result; - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_add(e0, e0, e1); - result = element_is_sqr(e0); - element_clear(e0); - element_clear(e1); - return result; -} - -static void fi_sqrt(element_ptr n, element_ptr e) { - eptr p = e->data; - eptr r = n->data; - element_t e0, e1, e2; - - // If (a+bi)^2 = x+yi then 2a^2 = x +- sqrt(x^2 + y^2) - // where we choose the sign so that a exists, and 2ab = y. - // Thus 2b^2 = - (x -+ sqrt(x^2 + y^2)). - element_init(e0, p->x->field); - element_init(e1, e0->field); - element_init(e2, e0->field); - element_square(e0, p->x); - element_square(e1, p->y); - element_add(e0, e0, e1); - element_sqrt(e0, e0); - // e0 = sqrt(x^2 + y^2) - element_add(e1, p->x, e0); - element_set_si(e2, 2); - element_invert(e2, e2); - element_mul(e1, e1, e2); - // e1 = (x + sqrt(x^2 + y^2))/2 - if (!element_is_sqr(e1)) { - element_sub(e1, e1, e0); - // e1 should be a square. - } - element_sqrt(e0, e1); - element_add(e1, e0, e0); - element_invert(e1, e1); - element_mul(r->y, p->y, e1); - element_set(r->x, e0); - element_clear(e0); - element_clear(e1); - element_clear(e2); -} - -static void fi_out_info(FILE *out, field_ptr f) { - field_ptr fbase = f->data; - fprintf(out, "extension x^2 + 1, base field: "); - field_out_info(out, fbase); -} - -static void field_clear_fi(field_ptr f) { - UNUSED_VAR(f); -} - -// All the above should be static. - -void element_field_to_quadratic(element_ptr r, element_ptr a) { - eptr p = r->data; - element_set(p->x, a); - element_set0(p->y); -} - -void element_field_to_fi(element_ptr a, element_ptr b) { - element_field_to_quadratic(a, b); -} - -static element_ptr fq_get_x(element_ptr a) { - return ((eptr) a->data)->x; -} - -static element_ptr fq_get_y(element_ptr a) { - return ((eptr) a->data)->y; -} - -void field_init_quadratic(field_ptr f, field_ptr fbase) { - field_init(f); - - f->field_clear = field_clear_fq; - f->data = fbase; - - f->init = fq_init; - f->clear = fq_clear; - f->set_si = fq_set_si; - f->set_mpz = fq_set_mpz; - f->to_mpz = fq_to_mpz; - f->out_str = fq_out_str; - f->snprint = fq_snprint; - f->set_multiz = fq_set_multiz; - f->set_str = fq_set_str; - f->sign = fq_sign; - f->add = fq_add; - f->sub = fq_sub; - f->set = fq_set; - f->mul = fq_mul; - f->mul_mpz = fq_mul_mpz; - f->mul_si = fq_mul_si; - f->square = fq_square; - f->doub = fq_double; - f->neg = fq_neg; - f->cmp = fq_cmp; - f->invert = fq_invert; - f->random = fq_random; - f->from_hash = fq_from_hash; - f->is1 = fq_is1; - f->is0 = fq_is0; - f->set0 = fq_set0; - f->set1 = fq_set1; - f->is_sqr = fq_is_sqr; - f->sqrt = fq_sqrt; - f->to_bytes = fq_to_bytes; - f->from_bytes = fq_from_bytes; - f->out_info = fq_out_info; - f->item_count = fq_item_count; - f->item = fq_item; - f->get_x = fq_get_x; - f->get_y = fq_get_y; - - mpz_mul(f->order, fbase->order, fbase->order); - if (fbase->fixed_length_in_bytes < 0) { - f->length_in_bytes = fq_length_in_bytes; - f->fixed_length_in_bytes = -1; - } else { - f->fixed_length_in_bytes = 2 * fbase->fixed_length_in_bytes; - } -} - -void field_init_fi(field_ptr f, field_ptr fbase) { - field_init(f); - f->field_clear = field_clear_fi; - f->data = fbase; - f->init = fq_init; - f->clear = fq_clear; - f->set_si = fq_set_si; - f->set_mpz = fq_set_mpz; - f->to_mpz = fq_to_mpz; - f->out_str = fq_out_str; - f->snprint = fq_snprint; - f->set_multiz = fq_set_multiz; - f->set_str = fq_set_str; - f->sign = fq_sign; - f->add = fq_add; - f->sub = fq_sub; - f->set = fq_set; - f->mul = fi_mul; - f->mul_mpz = fq_mul_mpz; - f->mul_si = fq_mul_si; - f->square = fi_square; - f->doub = fq_double; - f->neg = fq_neg; - f->cmp = fq_cmp; - f->invert = fi_invert; - f->random = fq_random; - f->from_hash = fq_from_hash; - f->is1 = fq_is1; - f->is0 = fq_is0; - f->set0 = fq_set0; - f->set1 = fq_set1; - f->is_sqr = fi_is_sqr; - f->sqrt = fi_sqrt; - f->to_bytes = fq_to_bytes; - f->from_bytes = fq_from_bytes; - f->out_info = fi_out_info; - f->item_count = fq_item_count; - f->item = fq_item; - f->get_x = fq_get_x; - f->get_y = fq_get_y; - - mpz_mul(f->order, fbase->order, fbase->order); - if (fbase->fixed_length_in_bytes < 0) { - f->length_in_bytes = fq_length_in_bytes; - f->fixed_length_in_bytes = -1; - } else { - f->fixed_length_in_bytes = 2 * fbase->fixed_length_in_bytes; - } -} diff --git a/moon-abe/pbc-0.5.14/arith/fp.c b/moon-abe/pbc-0.5.14/arith/fp.c deleted file mode 100644 index e0127a8e..00000000 --- a/moon-abe/pbc-0.5.14/arith/fp.c +++ /dev/null @@ -1,49 +0,0 @@ -// F_p initialization. -// -// Specific implementations of F_p are found in naivefp.c, fastfp.c, fasterfp.c -// and montfp.c. For pairing-based cryptosystems, montfp.c is the fastest. -// I keep all versions around for testing, and also to show off the modularity -// of the code. - -#include -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_fp.h" - -// By default, use the montfp.c implementation of F_p. After -// pbc_tweak_use_fp(), future field_init_fp calls will use the specified -// implementation. This is useful for benchmarking and testing. -static void (*option_fpinit) (field_ptr f, mpz_t prime) = field_init_mont_fp; - -void pbc_tweak_use_fp(char *s) { - if (!strcmp(s, "naive")) { - option_fpinit = field_init_naive_fp; - } else if (!strcmp(s, "fast")) { - option_fpinit = field_init_fast_fp; - } else if (!strcmp(s, "faster")) { - option_fpinit = field_init_faster_fp; - } else if (!strcmp(s, "mont")) { - option_fpinit = field_init_mont_fp; - } else { - pbc_error("no such Fp implementation: %s", s); - } -} - -void field_init_fp(field_ptr f, mpz_t modulus) { - if (mpz_fits_ulong_p(modulus)) { - // If this case mattered, I'd have written a F_p implementation specialized - // for moduli that fits into machine words. - field_init_naive_fp(f, modulus); - } else { - if (mpz_odd_p(modulus)) { - option_fpinit(f, modulus); - } else { - // montfp.c only supports odd moduli. - field_init_faster_fp(f, modulus); - } - } -} diff --git a/moon-abe/pbc-0.5.14/arith/init_random.c b/moon-abe/pbc-0.5.14/arith/init_random.c deleted file mode 100644 index bd040a38..00000000 --- a/moon-abe/pbc-0.5.14/arith/init_random.c +++ /dev/null @@ -1,18 +0,0 @@ -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_random.h" - -void pbc_init_random(void) { - FILE *fp; - fp = fopen("/dev/urandom", "rb"); - if (!fp) { - pbc_warn("could not open /dev/urandom, using deterministic random number generator"); - pbc_random_set_deterministic(0); - } else { - pbc_random_set_file("/dev/urandom"); - fclose(fp); - } -} diff --git a/moon-abe/pbc-0.5.14/arith/init_random.win32.c b/moon-abe/pbc-0.5.14/arith/init_random.win32.c deleted file mode 100644 index ec7f8732..00000000 --- a/moon-abe/pbc-0.5.14/arith/init_random.win32.c +++ /dev/null @@ -1,52 +0,0 @@ -// Win32 Compatibility Code added by Yulian Kalev and Stefan Georg Weber. -#include -#include // for intptr_t -#include -#include -#include -#include -#include "pbc_random.h" -#include "pbc_utils.h" -#include "pbc_memory.h" - -static void win32_mpz_random(mpz_t r, mpz_t limit, void *data) { - UNUSED_VAR (data); - HCRYPTPROV phProv; - unsigned int error; - if (!CryptAcquireContext(&phProv,NULL,NULL,PROV_RSA_FULL,0)) { - error = GetLastError(); - if (error == 0x80090016) { //need to create a new keyset - if (!CryptAcquireContext(&phProv,NULL,NULL,PROV_RSA_FULL,CRYPT_NEWKEYSET)) { - pbc_error("Couldn't create CryptContext: %x", (int)GetLastError()); - return; - } - } else { - pbc_error("Couldn't create CryptContext: %x", error); - return; - } - } - int n, bytecount, leftover; - unsigned char *bytes; - mpz_t z; - mpz_init(z); - n = mpz_sizeinbase(limit, 2); - bytecount = (n + 7) / 8; - leftover = n % 8; - bytes = (unsigned char *) pbc_malloc(bytecount); - for (;;) { - CryptGenRandom(phProv,bytecount,(byte *)bytes); - if (leftover) { - *bytes = *bytes % (1 << leftover); - } - mpz_import(z, bytecount, 1, 1, 0, 0, bytes); - if (mpz_cmp(z, limit) < 0) break; - } - CryptReleaseContext(phProv,0); - mpz_set(r, z); - mpz_clear(z); - pbc_free(bytes); -} - -void pbc_init_random(void) { - pbc_random_set_function(win32_mpz_random, NULL); -} diff --git a/moon-abe/pbc-0.5.14/arith/montfp.c b/moon-abe/pbc-0.5.14/arith/montfp.c deleted file mode 100644 index c79bb72b..00000000 --- a/moon-abe/pbc-0.5.14/arith/montfp.c +++ /dev/null @@ -1,596 +0,0 @@ -// F_p using Montgomery representation. -// -// Let b = 256^sizeof(mp_limb_t). -// Let R = b^t be the smallest power of b greater than the modulus p. -// Then x is stored as xR (mod p). -// Addition: same as naive implementation. -// Multipication: Montgomery reduction. -// Code assumes the modulus p is odd. -// -// TODO: mul_2exp(x, p->bytes * 8) could be replaced with -// faster code that messes with GMP internals - -#include -#include -#include // for intptr_t -#include -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" - -// Per-field data. -typedef struct { - size_t limbs; // Number of limbs per element. - size_t bytes; // Number of bytes per element. - mp_limb_t *primelimbs; // Points to an array of limbs holding the modulus. - mp_limb_t negpinv; // -p^-1 mod b - mp_limb_t *R; // R mod p - mp_limb_t *R3; // R^3 mod p -} *fptr; - -// Per-element data. -typedef struct { - char flag; // flag == 0 means the element is zero. - mp_limb_t *d; // Otherwise d points to an array holding the element. -} *eptr; - -// Copies limbs of z into dst and zeroes any leading limbs, where n is the -// total number of limbs. -// Requires z to have at most n limbs. -static inline void set_limbs(mp_limb_t *dst, mpz_t z, size_t n) { - size_t count; - mpz_export(dst, &count, -1, sizeof(mp_limb_t), 0, 0, z); - memset((void *) (((unsigned char *) dst) + count * sizeof(mp_limb_t)), - 0, (n - count) * sizeof(mp_limb_t)); -} - -static void fp_init(element_ptr e) { - fptr p = e->field->data; - eptr ep = e->data = pbc_malloc(sizeof(*ep)); - ep->flag = 0; - ep->d = pbc_malloc(p->bytes); -} - -static void fp_clear(element_ptr e) { - eptr ep = e->data; - pbc_free(ep->d); - pbc_free(e->data); -} - -static void fp_set_mpz(element_ptr e, mpz_ptr z) { - fptr p = e->field->data; - eptr ep = e->data; - if (!mpz_sgn(z)) ep->flag = 0; - else { - mpz_t tmp; - mpz_init(tmp); - mpz_mul_2exp(tmp, z, p->bytes * 8); - mpz_mod(tmp, tmp, e->field->order); - if (!mpz_sgn(tmp)) ep->flag = 0; - else { - set_limbs(ep->d, tmp, p->limbs); - ep->flag = 2; - } - mpz_clear(tmp); - } -} - -static void fp_set_si(element_ptr e, signed long int op) { - fptr p = e->field->data; - eptr ep = e->data; - if (!op) ep->flag = 0; - else { - mpz_t tmp; - mpz_init(tmp); - // TODO: Could be optimized. - mpz_set_si(tmp, op); - mpz_mul_2exp(tmp, tmp, p->bytes * 8); - mpz_mod(tmp, tmp, e->field->order); - if (!mpz_sgn(tmp)) ep->flag = 0; - else { - set_limbs(ep->d, tmp, p->limbs); - ep->flag = 2; - } - mpz_clear(tmp); - } -} - -// Montgomery reduction. -// Algorithm II.4 from Blake, Seroussi and Smart. -static void mont_reduce(mp_limb_t *x, mp_limb_t *y, fptr p) { - size_t t = p->limbs; - size_t i; - mp_limb_t flag = 0; - for (i = 0; i < t; i++) { - mp_limb_t u = y[i] * p->negpinv; - mp_limb_t carry = mpn_addmul_1(&y[i], p->primelimbs, t, u); - //mpn_add_1(&y[i+t], &y[i+t], t - i + 1, carry); - flag += mpn_add_1(&y[i + t], &y[i + t], t - i, carry); - } - if (flag || mpn_cmp(&y[t], p->primelimbs, t) >= 0) { - mpn_sub_n(x, &y[t], p->primelimbs, t); - } else { - // TODO: GMP set might be faster. - memcpy(x, &y[t], t * sizeof(mp_limb_t)); - } -} - -static void fp_to_mpz(mpz_ptr z, element_ptr e) { - eptr ep = e->data; - if (!ep->flag) mpz_set_ui(z, 0); - else { - // x is stored as xR. - // We must divide out R to convert to standard representation. - fptr p = e->field->data; - mp_limb_t tmp[2 * p->limbs]; - - memcpy(tmp, ep->d, p->limbs * sizeof(mp_limb_t)); - memset(&tmp[p->limbs], 0, p->limbs * sizeof(mp_limb_t)); - _mpz_realloc(z, p->limbs); - mont_reduce(z->_mp_d, tmp, p); - // Remove leading zero limbs. - for (z->_mp_size = p->limbs; !z->_mp_d[z->_mp_size - 1]; z->_mp_size--); - } -} - -static void fp_set0(element_ptr e) { - eptr ep = e->data; - ep->flag = 0; -} - -static void fp_set1(element_ptr e) { - fptr p = e->field->data; - eptr ep = e->data; - ep->flag = 2; - memcpy(ep->d, p->R, p->bytes); -} - -static int fp_is1(element_ptr e) { - eptr ep = e->data; - if (!ep->flag) return 0; - else { - fptr p = e->field->data; - return !mpn_cmp(ep->d, p->R, p->limbs); - } -} - -static int fp_is0(element_ptr e) { - eptr ep = e->data; - return !ep->flag; -} - -static size_t fp_out_str(FILE * stream, int base, element_ptr e) { - size_t result; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, e); - result = mpz_out_str(stream, base, z); - mpz_clear(z); - return result; -} - -static int fp_snprint(char *s, size_t n, element_ptr e) { - int result; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, e); - result = gmp_snprintf(s, n, "%Zd", z); - mpz_clear(z); - return result; -} - -static int fp_set_str(element_ptr e, const char *s, int base) { - mpz_t z; - mpz_init(z); - int result = pbc_mpz_set_str(z, s, base); - mpz_mod(z, z, e->field->order); - fp_set_mpz(e, z); - mpz_clear(z); - return result; -} - -static void fp_set(element_ptr c, element_ptr a) { - eptr ad = a->data; - eptr cd = c->data; - if (a == c) return; - if (!ad->flag) cd->flag = 0; - else { - fptr p = a->field->data; - - // Assembly is faster, but I don't want to stoop to that level. - // Instead of memcpy(), we rewrite so GMP assembly ends up being invoked. - /* - memcpy(cd->d, ad->d, p->bytes); - */ - mpz_t z1, z2; - z1->_mp_d = cd->d; - z2->_mp_d = ad->d; - z1->_mp_size = z1->_mp_alloc = z2->_mp_size = z2->_mp_alloc = p->limbs; - mpz_set(z1, z2); - - cd->flag = 2; - } -} - -static void fp_add(element_ptr c, element_ptr a, element_ptr b) { - eptr ad = a->data, bd = b->data; - - if (!ad->flag) { - fp_set(c, b); - } else if (!bd->flag) { - fp_set(c, a); - } else { - eptr cd = c->data; - fptr p = a->field->data; - const size_t t = p->limbs; - mp_limb_t carry; - carry = mpn_add_n(cd->d, ad->d, bd->d, t); - - if (carry) { - // Assumes result of following sub is not zero, - // i.e. modulus cannot be 2^(n * bits_per_limb). - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - cd->flag = 2; - } else { - int i = mpn_cmp(cd->d, p->primelimbs, t); - if (!i) { - cd->flag = 0; - } else { - cd->flag = 2; - if (i > 0) { - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - } - } - } - } -} - -static void fp_double(element_ptr c, element_ptr a) { - eptr ad = a->data, cd = c->data; - if (!ad->flag) { - cd->flag = 0; - } else { - fptr p = c->field->data; - const size_t t = p->limbs; - if (mpn_lshift(cd->d, ad->d, t, 1)) { - cd->flag = 2; - // Again, assumes result is not zero. - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - } else { - int i = mpn_cmp(cd->d, p->primelimbs, t); - if (!i) { - cd->flag = 0; - } else { - cd->flag = 2; - if (i > 0) { - mpn_sub_n(cd->d, cd->d, p->primelimbs, t); - } - } - } - } -} - -static void fp_halve(element_ptr c, element_ptr a) { - eptr ad = a->data, cd = c->data; - if (!ad->flag) { - cd->flag = 0; - } else { - fptr p = c->field->data; - const size_t t = p->limbs; - int carry = 0; - mp_limb_t *alimb = ad->d; - mp_limb_t *climb = cd->d; - if (alimb[0] & 1) { - carry = mpn_add_n(climb, alimb, p->primelimbs, t); - } else fp_set(c, a); - - mpn_rshift(climb, climb, t, 1); - if (carry) climb[t - 1] |= ((mp_limb_t) 1) << (sizeof(mp_limb_t) * 8 - 1); - } -} - -static void fp_neg(element_ptr c, element_ptr a) { - eptr ad = a->data, cd = c->data; - if (!ad->flag) cd->flag = 0; - else { - fptr p = a->field->data; - mpn_sub_n(cd->d, p->primelimbs, ad->d, p->limbs); - cd->flag = 2; - } -} - -static void fp_sub(element_ptr c, element_ptr a, element_ptr b) { - eptr ad = a->data, bd = b->data; - - if (!ad->flag) { - fp_neg(c, b); - } else if (!bd->flag) { - fp_set(c, a); - } else { - fptr p = c->field->data; - size_t t = p->limbs; - eptr cd = c->data; - int i = mpn_cmp(ad->d, bd->d, t); - - if (i == 0) { - cd->flag = 0; - } else { - cd->flag = 2; - mpn_sub_n(cd->d, ad->d, bd->d, t); - if (i < 0) { - mpn_add_n(cd->d, cd->d, p->primelimbs, t); - } - } - } -} - -// Montgomery multiplication. -// See Blake, Seroussi and Smart. -static inline void mont_mul(mp_limb_t *c, mp_limb_t *a, mp_limb_t *b, - fptr p) { - // Instead of right shifting every iteration - // I allocate more room for the z array. - size_t i, t = p->limbs; - mp_limb_t z[2 * t + 1]; - mp_limb_t u = (a[0] * b[0]) * p->negpinv; - mp_limb_t v = z[t] = mpn_mul_1(z, b, t, a[0]); - z[t] += mpn_addmul_1(z, p->primelimbs, t, u); - z[t + 1] = z[t] < v; // Handle overflow. - for (i = 1; i < t; i++) { - u = (z[i] + a[i] * b[0]) * p->negpinv; - v = z[t + i] += mpn_addmul_1(z + i, b, t, a[i]); - z[t + i] += mpn_addmul_1(z + i, p->primelimbs, t, u); - z[t + i + 1] = z[t + i] < v; - } - if (z[t * 2] || mpn_cmp(z + t, p->primelimbs, t) >= 0) { - mpn_sub_n(c, z + t, p->primelimbs, t); - } else { - memcpy(c, z + t, t * sizeof(mp_limb_t)); - // Doesn't seem to make a difference: - /* - mpz_t z1, z2; - z1->_mp_d = c; - z2->_mp_d = z + t; - z1->_mp_size = z1->_mp_alloc = z2->_mp_size = z2->_mp_alloc = t; - mpz_set(z1, z2); - */ - } -} - -static void fp_mul(element_ptr c, element_ptr a, element_ptr b) { - eptr ad = a->data, bd = b->data; - eptr cd = c->data; - - if (!ad->flag || !bd->flag) { - cd->flag = 0; - } else { - fptr p = c->field->data; - mont_mul(cd->d, ad->d, bd->d, p); - cd->flag = 2; - } -} - -static void fp_pow_mpz(element_ptr c, element_ptr a, mpz_ptr op) { - // Alternative: rewrite GMP mpz_powm(). - fptr p = a->field->data; - eptr ad = a->data; - eptr cd = c->data; - if (!ad->flag) cd->flag = 0; - else { - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_powm(z, z, op, a->field->order); - mpz_mul_2exp(z, z, p->bytes * 8); - mpz_mod(z, z, a->field->order); - set_limbs(cd->d, z, p->limbs); - mpz_clear(z); - cd->flag = 2; - } -} - -// Inversion is slower than in a naive Fp implementation because of an extra -// multiplication. -// Requires nonzero a. -static void fp_invert(element_ptr c, element_ptr a) { - eptr ad = a->data; - eptr cd = c->data; - fptr p = a->field->data; - mp_limb_t tmp[p->limbs]; - mpz_t z; - - mpz_init(z); - - // Copy the limbs into a regular mpz_t so we can invert using the standard - // mpz_invert(). - mpz_import(z, p->limbs, -1, sizeof(mp_limb_t), 0, 0, ad->d); - mpz_invert(z, z, a->field->order); - set_limbs(tmp, z, p->limbs); - - // Normalize. - mont_mul(cd->d, tmp, p->R3, p); - cd->flag = 2; - mpz_clear(z); -} - -static void fp_random(element_ptr a) { - fptr p = a->field->data; - eptr ad = a->data; - mpz_t z; - mpz_init(z); - pbc_mpz_random(z, a->field->order); - if (mpz_sgn(z)) { - mpz_mul_2exp(z, z, p->bytes * 8); - mpz_mod(z, z, a->field->order); - set_limbs(ad->d, z, p->limbs); - ad->flag = 2; - } else { - ad->flag = 0; - } - mpz_clear(z); -} - -static void fp_from_hash(element_ptr a, void *data, int len) { - mpz_t z; - - mpz_init(z); - pbc_mpz_from_hash(z, a->field->order, data, len); - fp_set_mpz(a, z); - mpz_clear(z); -} - -static int fp_cmp(element_ptr a, element_ptr b) { - eptr ad = a->data, bd = b->data; - if (!ad->flag) return bd->flag; - else { - fptr p = a->field->data; - return mpn_cmp(ad->d, bd->d, p->limbs); - //return memcmp(ad->d, bd->d, p->limbs); - } -} - -static int fp_sgn_odd(element_ptr a) { - eptr ad = a->data; - if (!ad->flag) return 0; - else { - mpz_t z; - mpz_init(z); - int res; - fp_to_mpz(z, a); - res = mpz_odd_p(z) ? 1 : -1; - mpz_clear(z); - return res; - } -} - -static int fp_is_sqr(element_ptr a) { - eptr ad = a->data; - int res; - mpz_t z; - mpz_init(z); - // 0 is a square. - if (!ad->flag) return 1; - fp_to_mpz(z, a); - res = mpz_legendre(z, a->field->order) == 1; - mpz_clear(z); - return res; -} - -static int fp_to_bytes(unsigned char *data, element_t a) { - mpz_t z; - int n = a->field->fixed_length_in_bytes; - - mpz_init(z); - fp_to_mpz(z, a); - pbc_mpz_out_raw_n(data, n, z); - mpz_clear(z); - return n; -} - -static int fp_from_bytes(element_t a, unsigned char *data) { - fptr p = a->field->data; - eptr ad = a->data; - int n; - mpz_t z; - - mpz_init(z); - - n = a->field->fixed_length_in_bytes; - mpz_import(z, n, 1, 1, 1, 0, data); - if (!mpz_sgn(z)) ad->flag = 0; - else { - ad->flag = 2; - mpz_mul_2exp(z, z, p->bytes * 8); - mpz_mod(z, z, a->field->order); - set_limbs(ad->d, z, p->limbs); - } - mpz_clear(z); - return n; -} - -static void fp_field_clear(field_t f) { - fptr p = f->data; - pbc_free(p->primelimbs); - pbc_free(p->R); - pbc_free(p->R3); - pbc_free(p); -} - -// The only public functions. All the above should be static. - -static void fp_out_info(FILE * out, field_ptr f) { - element_fprintf(out, "GF(%Zd): Montgomery representation", f->order); -} - -void field_init_mont_fp(field_ptr f, mpz_t prime) { - PBC_ASSERT(!mpz_fits_ulong_p(prime), "modulus too small"); - fptr p; - field_init(f); - f->init = fp_init; - f->clear = fp_clear; - f->set_si = fp_set_si; - f->set_mpz = fp_set_mpz; - f->out_str = fp_out_str; - f->snprint = fp_snprint; - f->set_str = fp_set_str; - f->add = fp_add; - f->sub = fp_sub; - f->set = fp_set; - f->mul = fp_mul; - f->doub = fp_double; - f->halve = fp_halve; - f->pow_mpz = fp_pow_mpz; - f->neg = fp_neg; - f->sign = fp_sgn_odd; - f->cmp = fp_cmp; - f->invert = fp_invert; - f->random = fp_random; - f->from_hash = fp_from_hash; - f->is1 = fp_is1; - f->is0 = fp_is0; - f->set0 = fp_set0; - f->set1 = fp_set1; - f->is_sqr = fp_is_sqr; - f->sqrt = element_tonelli; - f->field_clear = fp_field_clear; - f->to_bytes = fp_to_bytes; - f->from_bytes = fp_from_bytes; - f->to_mpz = fp_to_mpz; - f->out_info = fp_out_info; - - // Initialize per-field data specific to this implementation. - p = f->data = pbc_malloc(sizeof(*p)); - p->limbs = mpz_size(prime); - p->bytes = p->limbs * sizeof(mp_limb_t); - p->primelimbs = pbc_malloc(p->bytes); - mpz_export(p->primelimbs, &p->limbs, -1, sizeof(mp_limb_t), 0, 0, prime); - - mpz_set(f->order, prime); - f->fixed_length_in_bytes = (mpz_sizeinbase(prime, 2) + 7) / 8; - - // Compute R, R3 and negpinv. - mpz_t z; - mpz_init(z); - - p->R = pbc_malloc(p->bytes); - p->R3 = pbc_malloc(p->bytes); - mpz_setbit(z, p->bytes * 8); - mpz_mod(z, z, prime); - set_limbs(p->R, z, p->limbs); - - mpz_powm_ui(z, z, 3, prime); - set_limbs(p->R3, z, p->limbs); - - mpz_set_ui(z, 0); - - // Algorithm II.5 in Blake, Seroussi and Smart is better but this suffices - // since we're only doing it once. - mpz_setbit(z, p->bytes * 8); - mpz_invert(z, prime, z); - p->negpinv = -mpz_get_ui(z); - mpz_clear(z); -} diff --git a/moon-abe/pbc-0.5.14/arith/multiz.c b/moon-abe/pbc-0.5.14/arith/multiz.c deleted file mode 100644 index 6c8b43cc..00000000 --- a/moon-abe/pbc-0.5.14/arith/multiz.c +++ /dev/null @@ -1,589 +0,0 @@ -// Multinomials over Z. -// e.g. [[1, 2], 3, [4, [5, 6]]] means -// (1 + 2y) + 3 x + (4 + (5 + 6z)y)x^2 -// Convenient interchange format for different groups, rings, and fields. - -// TODO: Canonicalize, e.g. [[1]], 0, 0] --> 1. - -#include -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_multiz.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" -#include "misc/darray.h" - -// Per-element data. -struct multiz_s { - // Either it's an mpz, or a list of mpzs. - char type; - union { - mpz_t z; - darray_t a; - }; -}; - -enum { - T_MPZ, - T_ARR, -}; - -static multiz multiz_new_empty_list(void) { - multiz ep = pbc_malloc(sizeof(*ep)); - ep->type = T_ARR; - darray_init(ep->a); - return ep; -} - -void multiz_append(element_ptr x, element_ptr e) { - multiz l = x->data; - darray_append(l->a, e->data); -} - -static multiz multiz_new(void) { - multiz ep = pbc_malloc(sizeof(*ep)); - ep->type = T_MPZ; - mpz_init(ep->z); - return ep; -} - -static void f_init(element_ptr e) { - e->data = multiz_new(); -} - -static void multiz_free(multiz ep) { - switch(ep->type) { - case T_MPZ: - mpz_clear(ep->z); - break; - default: - PBC_ASSERT(T_ARR == ep->type, "no such type"); - darray_forall(ep->a, (void(*)(void*))multiz_free); - darray_clear(ep->a); - break; - } - pbc_free(ep); -} - -static void f_clear(element_ptr e) { - multiz_free(e->data); -} - -element_ptr multiz_new_list(element_ptr e) { - element_ptr x = pbc_malloc(sizeof(*x)); - element_init_same_as(x, e); - multiz_free(x->data); - x->data = multiz_new_empty_list(); - multiz_append(x, e); - return x; -} - -static void f_set_si(element_ptr e, signed long int op) { - multiz_free(e->data); - f_init(e); - multiz ep = e->data; - mpz_set_si(ep->z, op); -} - -static void f_set_mpz(element_ptr e, mpz_ptr z) { - multiz_free(e->data); - f_init(e); - multiz ep = e->data; - mpz_set(ep->z, z); -} - -static void f_set0(element_ptr e) { - multiz_free(e->data); - f_init(e); -} - -static void f_set1(element_ptr e) { - multiz_free(e->data); - f_init(e); - multiz ep = e->data; - mpz_set_ui(ep->z, 1); -} - -static size_t multiz_out_str(FILE *stream, int base, multiz ep) { - switch(ep->type) { - case T_MPZ: - return mpz_out_str(stream, base, ep->z); - default: - PBC_ASSERT(T_ARR == ep->type, "no such type"); - fputc('[', stream); - size_t res = 1; - int n = darray_count(ep->a); - int i; - for(i = 0; i < n; i++) { - if (i) res += 2, fputs(", ", stream); - res += multiz_out_str(stream, base, darray_at(ep->a, i)); - } - fputc(']', stream); - res++; - return res; - } -} - -static size_t f_out_str(FILE *stream, int base, element_ptr e) { - return multiz_out_str(stream, base, e->data); -} - -void multiz_to_mpz(mpz_ptr z, multiz ep) { - while(ep->type == T_ARR) ep = darray_at(ep->a, 0); - PBC_ASSERT(T_MPZ == ep->type, "no such type"); - mpz_set(z, ep->z); -} - -static void f_to_mpz(mpz_ptr z, element_ptr a) { - multiz_to_mpz(z, a->data); -} - -static int multiz_sgn(multiz ep) { - while(ep->type == T_ARR) ep = darray_at(ep->a, 0); - PBC_ASSERT(T_MPZ == ep->type, "no such type"); - return mpz_sgn(ep->z); -} - -static int f_sgn(element_ptr a) { - return multiz_sgn(a->data); -} - -static void add_to_x(void *data, - multiz x, - void (*fun)(mpz_t, const mpz_t, void *scope_ptr), - void *scope_ptr); - -static multiz multiz_new_unary(const multiz y, - void (*fun)(mpz_t, const mpz_t, void *scope_ptr), void *scope_ptr) { - multiz x = pbc_malloc(sizeof(*x)); - switch(y->type) { - case T_MPZ: - x->type = T_MPZ; - mpz_init(x->z); - fun(x->z, y->z, scope_ptr); - break; - default: - PBC_ASSERT(T_ARR == ep->type, "no such type"); - x->type = T_ARR; - darray_init(x->a); - darray_forall4(y->a, - (void(*)(void*,void*,void*,void*))add_to_x, - x, - fun, - scope_ptr); - break; - } - return x; -} - -static void add_to_x(void *data, - multiz x, - void (*fun)(mpz_t, const mpz_t, void *scope_ptr), - void *scope_ptr) { - darray_append(x->a, multiz_new_unary(data, fun, scope_ptr)); -} - -static void mpzset(mpz_t dst, const mpz_t src, void *scope_ptr) { - UNUSED_VAR(scope_ptr); - mpz_set(dst, src); -} - -static multiz multiz_clone(multiz y) { - return multiz_new_unary(y, (void(*)(mpz_t, const mpz_t, void *))mpzset, NULL); -} - -static multiz multiz_new_bin(const multiz a, const multiz b, - void (*fun)(mpz_t, const mpz_t, const mpz_t)) { - if (T_MPZ == a->type) { - if (T_MPZ == b->type) { - multiz x = multiz_new(); - fun(x->z, a->z, b->z); - return x; - } else { - multiz x = multiz_clone(b); - multiz z = x; - PBC_ASSERT(T_ARR == z->type, "no such type"); - while(z->type == T_ARR) z = darray_at(z->a, 0); - fun(z->z, a->z, z->z); - return x; - } - } else { - PBC_ASSERT(T_ARR == a->type, "no such type"); - if (T_MPZ == b->type) { - multiz x = multiz_clone(a); - multiz z = x; - PBC_ASSERT(T_ARR == z->type, "no such type"); - while(z->type == T_ARR) z = darray_at(z->a, 0); - fun(z->z, b->z, z->z); - return x; - } else { - PBC_ASSERT(T_ARR == b->type, "no such type"); - int m = darray_count(a->a); - int n = darray_count(b->a); - int min = m < n ? m : n; - int max = m > n ? m : n; - multiz x = multiz_new_empty_list(); - int i; - for(i = 0; i < min; i++) { - multiz z = multiz_new_bin(darray_at(a->a, i), darray_at(b->a, i), fun); - darray_append(x->a, z); - } - multiz zero = multiz_new(); - for(; i < max; i++) { - multiz z = multiz_new_bin(m > n ? darray_at(a->a, i) : zero, - n > m ? darray_at(b->a, i) : zero, - fun); - darray_append(x->a, z); - } - multiz_free(zero); - return x; - } - } -} -static multiz multiz_new_add(const multiz a, const multiz b) { - return multiz_new_bin(a, b, mpz_add); -} - -static void f_add(element_ptr n, element_ptr a, element_ptr b) { - multiz delme = n->data; - n->data = multiz_new_add(a->data, b->data); - multiz_free(delme); -} - -static multiz multiz_new_sub(const multiz a, const multiz b) { - return multiz_new_bin(a, b, mpz_sub); -} -static void f_sub(element_ptr n, element_ptr a, element_ptr b) { - multiz delme = n->data; - n->data = multiz_new_sub(a->data, b->data); - multiz_free(delme); -} - -static void mpzmul(mpz_t x, const mpz_t y, const mpz_t z) { - mpz_mul(x, y, z); -} - -static multiz multiz_new_mul(const multiz a, const multiz b) { - if (T_MPZ == a->type) { - // Multiply each coefficient of b by a->z. - return multiz_new_unary(b, (void(*)(mpz_t, const mpz_t, void *))mpzmul, a->z); - } else { - PBC_ASSERT(T_ARR == a->type, "no such type"); - if (T_MPZ == b->type) { - // Multiply each coefficient of a by b->z. - return multiz_new_unary(a, (void(*)(mpz_t, const mpz_t, void *))mpzmul, b->z); - } else { - PBC_ASSERT(T_ARR == b->type, "no such type"); - int m = darray_count(a->a); - int n = darray_count(b->a); - int max = m + n - 1; - multiz x = multiz_new_empty_list(); - int i; - multiz zero = multiz_new(); - for(i = 0; i < max; i++) { - multiz z = multiz_new(); - int j; - for (j = 0; j <= i; j++) { - multiz y = multiz_new_mul(j < m ? darray_at(a->a, j) : zero, - i - j < n ? darray_at(b->a, i - j) : zero); - multiz t = multiz_new_add(z, y); - multiz_free(y); - multiz_free(z); - z = t; - } - darray_append(x->a, z); - } - multiz_free(zero); - return x; - } - } -} -static void f_mul(element_ptr n, element_ptr a, element_ptr b) { - multiz delme = n->data; - n->data = multiz_new_mul(a->data, b->data); - multiz_free(delme); -} - -static void f_mul_mpz(element_ptr n, element_ptr a, mpz_ptr z) { - multiz delme = n->data; - n->data = multiz_new_unary(a->data, (void(*)(mpz_t, const mpz_t, void *))mpzmul, z); - multiz_free(delme); -} - -static void mulsi(mpz_t x, const mpz_t y, signed long *i) { - mpz_mul_si(x, y, *i); -} - -static void f_mul_si(element_ptr n, element_ptr a, signed long int z) { - multiz delme = n->data; - n->data = multiz_new_unary(a->data, (void(*)(mpz_t, const mpz_t, void *))mulsi, &z); - multiz_free(delme); -} - -static void mpzneg(mpz_t dst, const mpz_t src, void *scope_ptr) { - UNUSED_VAR(scope_ptr); - mpz_neg(dst, src); -} - -static multiz multiz_new_neg(multiz z) { - return multiz_new_unary(z, (void(*)(mpz_t, const mpz_t, void *))mpzneg, NULL); -} - -static void f_set(element_ptr n, element_ptr a) { - multiz delme = n->data; - n->data = multiz_clone(a->data); - multiz_free(delme); -} - -static void f_neg(element_ptr n, element_ptr a) { - multiz delme = n->data; - n->data = multiz_new_neg(a->data); - multiz_free(delme); -} - -static void f_div(element_ptr c, element_ptr a, element_ptr b) { - mpz_t d; - mpz_init(d); - element_to_mpz(d, b); - multiz delme = c->data; - c->data = multiz_new_unary(a->data, (void(*)(mpz_t, const mpz_t, void *))mpz_tdiv_q, d); - mpz_clear(d); - multiz_free(delme); -} - -// Doesn't make sense if order is infinite. -static void f_random(element_ptr n) { - multiz delme = n->data; - f_init(n); - multiz_free(delme); -} - -static void f_from_hash(element_ptr n, void *data, int len) { - mpz_t z; - mpz_init(z); - mpz_import(z, len, -1, 1, -1, 0, data); - f_set_mpz(n, z); - mpz_clear(z); -} - -static int f_is1(element_ptr n) { - multiz ep = n->data; - return ep->type == T_MPZ && !mpz_cmp_ui(ep->z, 1); -} - -int multiz_is0(multiz m) { - return m->type == T_MPZ && mpz_is0(m->z); -} - -static int f_is0(element_ptr n) { - return multiz_is0(n->data); -} - -static int f_item_count(element_ptr e) { - multiz z = e->data; - if (T_MPZ == z->type) return 0; - return darray_count(z->a); -} - -// TODO: Redesign multiz so this doesn't leak. -static element_ptr f_item(element_ptr e, int i) { - multiz z = e->data; - if (T_MPZ == z->type) return NULL; - element_ptr r = malloc(sizeof(*r)); - r->field = e->field; - r->data = darray_at(z->a, i); - return r; -} - -// Usual meaning when both are integers. -// Otherwise, compare coefficients. -static int multiz_cmp(multiz a, multiz b) { - if (T_MPZ == a->type) { - if (T_MPZ == b->type) { - // Simplest case: both are integers. - return mpz_cmp(a->z, b->z); - } - // Leading coefficient of b. - while(T_ARR == b->type) b = darray_last(b->a); - PBC_ASSERT(T_MPZ == b->type, "no such type"); - return -mpz_sgn(b->z); - } - PBC_ASSERT(T_ARR == a->type, "no such type"); - if (T_MPZ == b->type) { - // Leading coefficient of a. - while(T_ARR == a->type) a = darray_last(a->a); - PBC_ASSERT(T_MPZ == a->type, "no such type"); - return mpz_sgn(a->z); - } - PBC_ASSERT(T_ARR == b->type, "no such type"); - int m = darray_count(a->a); - int n = darray_count(b->a); - if (m > n) { - // Leading coefficient of a. - while(T_ARR == a->type) a = darray_last(a->a); - PBC_ASSERT(T_MPZ == a->type, "no such type"); - return mpz_sgn(a->z); - } - if (n > m) { - // Leading coefficient of b. - while(T_ARR == b->type) b = darray_last(b->a); - PBC_ASSERT(T_MPZ == b->type, "no such type"); - return -mpz_sgn(b->z); - } - for(n--; n >= 0; n--) { - int i = multiz_cmp(darray_at(a->a, n), darray_at(b->a, n)); - if (i) return i; - } - return 0; -} -static int f_cmp(element_ptr x, element_ptr y) { - return multiz_cmp(x->data, y->data); -} - -static void f_field_clear(field_t f) { UNUSED_VAR (f); } - -// OpenSSL convention: -// 4 bytes containing length -// followed by number in big-endian, most-significant bit set if negative -// (prepending null byte if necessary) -// Positive numbers also the same as mpz_out_raw. -static int z_to_bytes(unsigned char *data, element_t e) { - mpz_ptr z = e->data; - size_t msb = mpz_sizeinbase(z, 2); - size_t n = 4; - size_t i; - - if (!(msb % 8)) { - data[4] = 0; - n++; - } - if (mpz_sgn(z) < 0) { - mpz_export(data + n, NULL, 1, 1, 1, 0, z); - data[4] |= 128; - } else { - mpz_export(data + n, NULL, 1, 1, 1, 0, z); - } - n += (msb + 7) / 8 - 4; - for (i=0; i<4; i++) { - data[i] = (n >> 8 * (3 - i)); - } - n += 4; - - return n; -} - -static int z_from_bytes(element_t e, unsigned char *data) { - unsigned char *ptr; - size_t i, n; - mpz_ptr z = e->data; - mpz_t z1; - int neg = 0; - - mpz_init(z1); - mpz_set_ui(z, 0); - - ptr = data; - n = 0; - for (i=0; i<4; i++) { - n += ((unsigned int) *ptr) << 8 * (3 - i); - ptr++; - } - if (data[4] & 128) { - neg = 1; - data[4] &= 127; - } - for (i=0; idata, 2) + 7) / 8 + 4; -} - -static void f_out_info(FILE *out, field_ptr f) { - UNUSED_VAR(f); - fprintf(out, "Z multinomials"); -} - -static int f_set_str(element_ptr e, const char *s, int base) { - // TODO: Square brackets. - mpz_t z; - mpz_init(z); - int result = pbc_mpz_set_str(z, s, base); - f_set_mpz(e, z); - mpz_clear(z); - return result; -} - -static void f_set_multiz(element_ptr e, multiz m) { - multiz delme = e->data; - e->data = multiz_clone(m); - multiz_free(delme); -} - -void field_init_multiz(field_ptr f) { - field_init(f); - f->init = f_init; - f->clear = f_clear; - f->set_si = f_set_si; - f->set_mpz = f_set_mpz; - f->set_multiz = f_set_multiz; - f->set_str = f_set_str; - f->out_str = f_out_str; - f->sign = f_sgn; - f->add = f_add; - f->sub = f_sub; - f->set = f_set; - f->mul = f_mul; - f->mul_mpz = f_mul_mpz; - f->mul_si = f_mul_si; - f->neg = f_neg; - f->cmp = f_cmp; - f->div = f_div; - f->random = f_random; - f->from_hash = f_from_hash; - f->is1 = f_is1; - f->is0 = f_is0; - f->set0 = f_set0; - f->set1 = f_set1; - f->field_clear = f_field_clear; - f->to_bytes = z_to_bytes; - f->from_bytes = z_from_bytes; - f->to_mpz = f_to_mpz; - f->length_in_bytes = z_length_in_bytes; - f->item = f_item; - f->item_count = f_item_count; - - f->out_info = f_out_info; - - mpz_set_ui(f->order, 0); - f->data = NULL; - f->fixed_length_in_bytes = -1; -} - -int multiz_is_z(multiz m) { - return T_MPZ == m->type; -} - -int multiz_count(multiz m) { - if (T_ARR != m->type) return -1; - return darray_count(m->a); -} - -multiz multiz_at(multiz m, int i) { - PBC_ASSERT(T_ARR == m->type, "wrong type"); - PBC_ASSERT(darray_count(m->a) > i, "out of bounds"); - return darray_at(m->a, i); -} diff --git a/moon-abe/pbc-0.5.14/arith/naivefp.c b/moon-abe/pbc-0.5.14/arith/naivefp.c deleted file mode 100644 index ceb1b7fb..00000000 --- a/moon-abe/pbc-0.5.14/arith/naivefp.c +++ /dev/null @@ -1,270 +0,0 @@ -// Naive implementation of F_p. -// Little more than wrappers around GMP mpz functions. - -#include -#include -#include // for intptr_t -#include -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" - -static void zp_init(element_ptr e) { - e->data = pbc_malloc(sizeof(mpz_t)); - mpz_init(e->data); -} - -static void zp_clear(element_ptr e) { - mpz_clear(e->data); - pbc_free(e->data); -} - -static void zp_set_si(element_ptr e, signed long int op) { - mpz_set_si(e->data, op); - mpz_mod(e->data, e->data, e->field->order); -} - -static void zp_set_mpz(element_ptr e, mpz_ptr z) { - mpz_set(e->data, z); - mpz_mod(e->data, e->data, e->field->order); -} - -static void zp_set0(element_ptr e) { - mpz_set_si(e->data, 0); -} - -static void zp_set1(element_ptr e) { - mpz_set_si(e->data, 1); -} - -static size_t zp_out_str(FILE * stream, int base, element_ptr e) { - return mpz_out_str(stream, base, e->data); -} - -static int zp_snprint(char *s, size_t n, element_ptr e) { - return gmp_snprintf(s, n, "%Zd", e->data); -} - -static int zp_set_str(element_ptr e, const char *s, int base) { - int result = pbc_mpz_set_str(e->data, s, base); - mpz_mod(e->data, e->data, e->field->order); - return result; -} - -static int zp_sgn_odd(element_ptr a) { - mpz_ptr z = a->data; - - return mpz_is0(z) ? 0 : (mpz_odd_p(z) ? 1 : -1); -} - -static int zp_sgn_even(element_ptr a) { - mpz_t z; - mpz_init(z); - int res; - - if (mpz_is0(a->data)) { - res = 0; - } else { - mpz_add(z, a->data, a->data); - res = mpz_cmp(z, a->field->order); - } - mpz_clear(z); - return res; -} - -static void zp_add(element_ptr n, element_ptr a, element_ptr b) { - /* - mpz_add(n->data, a->data, b->data); - mpz_mod(n->data, n->data, n->field->order); - */ - //This seems faster: - mpz_add(n->data, a->data, b->data); - if (mpz_cmp(n->data, n->field->order) >= 0) { - mpz_sub(n->data, n->data, n->field->order); - } -} - -static void zp_sub(element_ptr n, element_ptr a, element_ptr b) { - //mpz_sub(n->data, a->data, b->data); - //mpz_mod(n->data, n->data, n->field->order); - mpz_sub(n->data, a->data, b->data); - if (mpz_sgn((mpz_ptr) n->data) < 0) { - mpz_add(n->data, n->data, n->field->order); - } -} - -static void zp_square(element_ptr c, element_ptr a) { - /* - mpz_mul(c->data, a->data, a->data); - mpz_mod(c->data, c->data, c->field->order); - */ - mpz_powm_ui(c->data, a->data, 2, c->field->order); - - /* - const mpz_ptr prime = c->field->order; - const size_t t = prime->_mp_size; - const mpz_ptr p = a->data; - const mpz_ptr r = c->data; - mp_limb_t tmp[2 * t]; - mp_limb_t qp[t + 1]; - - mpn_mul_n(tmp, p->_mp_d, p->_mp_d, t); - - mpn_tdiv_qr(qp, r->_mp_d, 0, tmp, 2 * t, prime->_mp_d, t); - */ -} - -static void zp_double(element_ptr n, element_ptr a) { - //mpz_add(n->data, a->data, a->data); - mpz_mul_2exp(n->data, a->data, 1); - if (mpz_cmp(n->data, n->field->order) >= 0) { - mpz_sub(n->data, n->data, n->field->order); - } -} - -static void zp_halve(element_ptr n, element_ptr a) { - mpz_ptr z = a->data; - if (mpz_odd_p(z)) { - mpz_add(n->data, z, a->field->order); - mpz_tdiv_q_2exp(n->data, n->data, 1); - } else { - mpz_tdiv_q_2exp(n->data, a->data, 1); - } -} - -static void zp_mul(element_ptr n, element_ptr a, element_ptr b) { - mpz_mul(n->data, a->data, b->data); - mpz_mod(n->data, n->data, n->field->order); -} - -static void zp_mul_mpz(element_ptr n, element_ptr a, mpz_ptr z) { - mpz_mul(n->data, a->data, z); - mpz_mod(n->data, n->data, n->field->order); -} - -static void zp_mul_si(element_ptr n, element_ptr a, signed long int z) { - mpz_mul_si(n->data, a->data, z); - mpz_mod(n->data, n->data, n->field->order); -} - -static void zp_pow_mpz(element_ptr n, element_ptr a, mpz_ptr z) { - mpz_powm(n->data, a->data, z, n->field->order); -} - -static void zp_set(element_ptr n, element_ptr a) { - mpz_set(n->data, a->data); -} - -static void zp_neg(element_ptr n, element_ptr a) { - if (mpz_is0(a->data)) { - mpz_set_ui(n->data, 0); - } else { - mpz_sub(n->data, n->field->order, a->data); - } -} - -static void zp_invert(element_ptr n, element_ptr a) { - mpz_invert(n->data, a->data, n->field->order); -} - -static void zp_random(element_ptr n) { - pbc_mpz_random(n->data, n->field->order); -} - -static void zp_from_hash(element_ptr n, void *data, int len) { - pbc_mpz_from_hash(n->data, n->field->order, data, len); -} - -static int zp_is1(element_ptr n) { - return !mpz_cmp_ui((mpz_ptr) n->data, 1); -} - -static int zp_is0(element_ptr n) { - return mpz_is0(n->data); -} - -static int zp_cmp(element_ptr a, element_ptr b) { - return mpz_cmp((mpz_ptr) a->data, (mpz_ptr) b->data); -} - -static int zp_is_sqr(element_ptr a) { - //0 is a square - if (mpz_is0(a->data)) return 1; - return mpz_legendre(a->data, a->field->order) == 1; -} - -static void zp_field_clear(field_t f) { - UNUSED_VAR(f); -} - -static int zp_to_bytes(unsigned char *data, element_t e) { - int n; - - n = e->field->fixed_length_in_bytes; - - pbc_mpz_out_raw_n(data, n, e->data); - return n; -} - -static int zp_from_bytes(element_t e, unsigned char *data) { - mpz_ptr z = e->data; - int n; - n = e->field->fixed_length_in_bytes; - mpz_import(z, n, 1, 1, 1, 0, data); - return n; -} - -static void zp_to_mpz(mpz_ptr z, element_ptr a) { - mpz_set(z, a->data); -} - -static void zp_out_info(FILE * out, field_ptr f) { - element_fprintf(out, "GF(%Zd), GMP wrapped", f->order); -} - -void field_init_naive_fp(field_ptr f, mpz_t prime) { - field_init(f); - f->init = zp_init; - f->clear = zp_clear; - f->set_si = zp_set_si; - f->set_mpz = zp_set_mpz; - f->out_str = zp_out_str; - f->snprint = zp_snprint; - f->set_str = zp_set_str; - f->sign = mpz_odd_p(prime) ? zp_sgn_odd : zp_sgn_even; - f->add = zp_add; - f->sub = zp_sub; - f->set = zp_set; - f->square = zp_square; - f->doub = zp_double; - f->halve = zp_halve; - f->mul = zp_mul; - f->mul_mpz = zp_mul_mpz; - f->mul_si = zp_mul_si; - f->pow_mpz = zp_pow_mpz; - f->neg = zp_neg; - f->cmp = zp_cmp; - f->invert = zp_invert; - f->random = zp_random; - f->from_hash = zp_from_hash; - f->is1 = zp_is1; - f->is0 = zp_is0; - f->set0 = zp_set0; - f->set1 = zp_set1; - f->is_sqr = zp_is_sqr; - f->sqrt = element_tonelli; - f->field_clear = zp_field_clear; - f->to_bytes = zp_to_bytes; - f->from_bytes = zp_from_bytes; - f->to_mpz = zp_to_mpz; - - f->out_info = zp_out_info; - - mpz_set(f->order, prime); - f->data = NULL; - f->fixed_length_in_bytes = (mpz_sizeinbase(prime, 2) + 7) / 8; -} diff --git a/moon-abe/pbc-0.5.14/arith/poly.c b/moon-abe/pbc-0.5.14/arith/poly.c deleted file mode 100644 index bd2dad33..00000000 --- a/moon-abe/pbc-0.5.14/arith/poly.c +++ /dev/null @@ -1,1724 +0,0 @@ -#include -#include -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_multiz.h" -#include "pbc_poly.h" -#include "pbc_memory.h" -#include "misc/darray.h" - -// == Polynomial rings == -// -// Per-field data: -typedef struct { - field_ptr field; // Ring where coefficients live. - fieldmap mapbase; // Map element from underlying field to constant term. -} *pfptr; - -// Per-element data: -//TODO: Would we ever need any field besides coeff? -typedef struct { - // The coefficients are held in a darray which is resized as needed. - // The last array entry represents the leading coefficient and should be - // nonzero. An empty darray represents 0. - darray_t coeff; -} *peptr; - -// == Polynomial modulo rings == -// -// Per-field data: -typedef struct { - field_ptr field; // Base field. - fieldmap mapbase; // Similar to mapbase above. - int n; // Degree of extension. - element_t poly; // Polynomial of degree n. - element_t *xpwr; // x^n,...,x^{2n-2} mod poly -} *mfptr; -// Per-element data: just a pointer to an array of element_t. This array always -// has size n. - -// Add or remove coefficients until there are exactly n of them. Any new -// coefficients are initialized to zero, which violates the invariant that the -// leading coefficient must be nonzero. Thus routines calling this function -// must check for this and fix the polynomial if necessary, e.g. by calling -// poly_remove_leading_zeroes(). -static void poly_alloc(element_ptr e, int n) { - pfptr pdp = e->field->data; - peptr p = e->data; - element_ptr e0; - int k = p->coeff->count; - while (k < n) { - e0 = pbc_malloc(sizeof(element_t)); - element_init(e0, pdp->field); - darray_append(p->coeff, e0); - k++; - } - while (k > n) { - k--; - e0 = darray_at(p->coeff, k); - element_clear(e0); - pbc_free(e0); - darray_remove_last(p->coeff); - } -} - -static void poly_init(element_ptr e) { - peptr p = e->data = pbc_malloc(sizeof(*p)); - darray_init(p->coeff); -} - -static void poly_clear(element_ptr e) { - peptr p = e->data; - - poly_alloc(e, 0); - darray_clear(p->coeff); - pbc_free(e->data); -} - -// Some operations may zero a leading coefficient, which will cause other -// routines to fail. After such an operation, this function should be called, -// as it strips all leading zero coefficients and frees the memory they -// occupied, reestablishing the guarantee that the last element of the array -// is nonzero. -static void poly_remove_leading_zeroes(element_ptr e) { - peptr p = e->data; - int n = p->coeff->count - 1; - while (n >= 0) { - element_ptr e0 = p->coeff->item[n]; - if (!element_is0(e0)) return; - element_clear(e0); - pbc_free(e0); - darray_remove_last(p->coeff); - n--; - } -} - -static void poly_set0(element_ptr e) { - poly_alloc(e, 0); -} - -static void poly_set1(element_ptr e) { - peptr p = e->data; - element_ptr e0; - - poly_alloc(e, 1); - e0 = p->coeff->item[0]; - element_set1(e0); -} - -static int poly_is0(element_ptr e) { - peptr p = e->data; - return !p->coeff->count; -} - -static int poly_is1(element_ptr e) { - peptr p = e->data; - if (p->coeff->count == 1) { - return element_is1(p->coeff->item[0]); - } - return 0; -} - -static void poly_set_si(element_ptr e, signed long int op) { - peptr p = e->data; - element_ptr e0; - - poly_alloc(e, 1); - e0 = p->coeff->item[0]; - element_set_si(e0, op); - poly_remove_leading_zeroes(e); -} - -static void poly_set_mpz(element_ptr e, mpz_ptr op) { - peptr p = e->data; - - poly_alloc(e, 1); - element_set_mpz(p->coeff->item[0], op); - poly_remove_leading_zeroes(e); -} - -static void poly_set_multiz(element_ptr e, multiz op) { - if (multiz_is_z(op)) { - // TODO: Remove unnecessary copy. - mpz_t z; - mpz_init(z); - multiz_to_mpz(z, op); - poly_set_mpz(e, z); - mpz_clear(z); - return; - } - peptr p = e->data; - int n = multiz_count(op); - poly_alloc(e, n); - int i; - for(i = 0; i < n; i++) { - element_set_multiz(p->coeff->item[i], multiz_at(op, i)); - } - poly_remove_leading_zeroes(e); -} - -static void poly_set(element_ptr dst, element_ptr src) { - peptr psrc = src->data; - peptr pdst = dst->data; - int i; - - poly_alloc(dst, psrc->coeff->count); - for (i=0; icoeff->count; i++) { - element_set(pdst->coeff->item[i], psrc->coeff->item[i]); - } -} - -static int poly_coeff_count(element_ptr e) { - return ((peptr) e->data)->coeff->count; -} - -static element_ptr poly_coeff(element_ptr e, int n) { - peptr ep = e->data; - PBC_ASSERT(n < poly_coeff_count(e), "coefficient out of range"); - return (element_ptr) ep->coeff->item[n]; -} - -static int poly_sgn(element_ptr f) { - int res = 0; - int i; - int n = poly_coeff_count(f); - for (i=0; i n1) { - big = f; - n = n1; - n1 = poly_coeff_count(f); - } else { - big = g; - } - - poly_alloc(sum, n1); - for (i=0; i n1) { - big = f; - n = n1; - n1 = poly_coeff_count(f); - } else { - big = g; - } - - poly_alloc(diff, n1); - for (i=0; idata; - peptr pg = g->data; - int i, n; - - n = pg->coeff->count; - poly_alloc(f, n); - for (i=0; icoeff->item[i], pg->coeff->item[i]); - } -} - -static void poly_double(element_ptr f, element_ptr g) { - peptr pf = f->data; - peptr pg = g->data; - int i, n; - - n = pg->coeff->count; - poly_alloc(f, n); - for (i=0; icoeff->item[i], pg->coeff->item[i]); - } -} - -static void poly_mul_mpz(element_ptr f, element_ptr g, mpz_ptr z) { - peptr pf = f->data; - peptr pg = g->data; - int i, n; - - n = pg->coeff->count; - poly_alloc(f, n); - for (i=0; icoeff->item[i], pg->coeff->item[i], z); - } -} - -static void poly_mul_si(element_ptr f, element_ptr g, signed long int z) { - peptr pf = f->data; - peptr pg = g->data; - int i, n; - - n = pg->coeff->count; - poly_alloc(f, n); - for (i=0; icoeff->item[i], pg->coeff->item[i], z); - } -} - -static void poly_mul(element_ptr r, element_ptr f, element_ptr g) { - peptr pprod; - peptr pf = f->data; - peptr pg = g->data; - pfptr pdp = r->field->data; - int fcount = pf->coeff->count; - int gcount = pg->coeff->count; - int i, j, n; - element_t prod; - element_t e0; - - if (!fcount || !gcount) { - element_set0(r); - return; - } - element_init(prod, r->field); - pprod = prod->data; - n = fcount + gcount - 1; - poly_alloc(prod, n); - element_init(e0, pdp->field); - for (i=0; icoeff->item[i]; - element_set0(x); - for (j=0; j<=i; j++) { - if (j < fcount && i - j < gcount) { - element_mul(e0, pf->coeff->item[j], pg->coeff->item[i - j]); - element_add(x, x, e0); - } - } - } - poly_remove_leading_zeroes(prod); - element_set(r, prod); - element_clear(e0); - element_clear(prod); -} - -static void polymod_random(element_ptr e) { - element_t *coeff = e->data; - int i, n = polymod_field_degree(e->field); - - for (i=0; idata; - int i, n = polymod_field_degree(e->field); - for (i=0; i= size ? 0 : size - result; \ - } - - status = snprintf(s, size, "["); - if (status < 0) return status; - clip_sub(); - - for (i=0; ifield->data; - element_t q, r; - element_t binv, e0; - element_ptr qe; - int m, n; - int i, k; - - if (element_is0(b)) pbc_die("division by zero"); - n = poly_degree(b); - m = poly_degree(a); - if (n > m) { - element_set(rem, a); - element_set0(quot); - return; - } - element_init(r, a->field); - element_init(q, a->field); - element_init(binv, pdp->field); - element_init(e0, pdp->field); - pq = q->data; - pr = r->data; - element_set(r, a); - k = m - n; - poly_alloc(q, k + 1); - element_invert(binv, poly_coeff(b, n)); - while (k >= 0) { - qe = pq->coeff->item[k]; - element_mul(qe, binv, pr->coeff->item[m]); - for (i=0; i<=n; i++) { - element_mul(e0, qe, poly_coeff(b, i)); - element_sub(pr->coeff->item[i + k], pr->coeff->item[i + k], e0); - } - k--; - m--; - } - poly_remove_leading_zeroes(r); - element_set(quot, q); - element_set(rem, r); - - element_clear(q); - element_clear(r); - element_clear(e0); - element_clear(binv); -} - -static void poly_invert(element_ptr res, element_ptr f, element_ptr m) { - element_t q, r0, r1, r2; - element_t b0, b1, b2; - element_t inv; - - element_init(b0, res->field); - element_init(b1, res->field); - element_init(b2, res->field); - element_init(q, res->field); - element_init(r0, res->field); - element_init(r1, res->field); - element_init(r2, res->field); - element_init(inv, poly_base_field(res)); - element_set0(b0); - element_set1(b1); - element_set(r0, m); - element_set(r1, f); - - for (;;) { - poly_div(q, r2, r0, r1); - if (element_is0(r2)) break; - element_mul(b2, b1, q); - element_sub(b2, b0, b2); - element_set(b0, b1); - element_set(b1, b2); - element_set(r0, r1); - element_set(r1, r2); - } - element_invert(inv, poly_coeff(r1, 0)); - poly_const_mul(res, inv, b1); - element_clear(inv); - element_clear(q); - element_clear(r0); - element_clear(r1); - element_clear(r2); - element_clear(b0); - element_clear(b1); - element_clear(b2); -} - -static void poly_to_polymod_truncate(element_ptr e, element_ptr f) { - mfptr p = e->field->data; - element_t *coeff = e->data; - int i; - int n; - n = poly_coeff_count(f); - if (n > p->n) n = p->n; - - for (i=0; in; i++) { - element_set0(coeff[i]); - } -} - -static void polymod_to_poly(element_ptr f, element_ptr e) { - mfptr p = e->field->data; - element_t *coeff = e->data; - int i, n = p->n; - poly_alloc(f, n); - for (i=0; ifield->data; - element_ptr minpoly = p->poly; - element_t f, r1; - - element_init(f, minpoly->field); - element_init(r1, minpoly->field); - polymod_to_poly(f, e); - - poly_invert(r1, f, p->poly); - - poly_to_polymod_truncate(r, r1); - - element_clear(f); - element_clear(r1); -} - -static int poly_cmp(element_ptr f, element_ptr g) { - int i; - int n = poly_coeff_count(f); - int n1 = poly_coeff_count(g); - if (n != n1) return 1; - for (i=0; idata; - pbc_free(p); -} - -// 2 bytes hold the number of terms, then the terms follow. -// Bad for sparse polynomials. -static int poly_length_in_bytes(element_t p) { - int count = poly_coeff_count(p); - int result = 2; - int i; - for (i=0; i> 8); - for (i=0; idata; - fprintf(str, "Polynomial ring over "); - field_out_info(str, p->field); -} - -static void field_clear_polymod(field_ptr f) { - mfptr p = f->data; - int i, n = p->n; - - for (i=0; ixpwr[i]); - } - pbc_free(p->xpwr); - - element_clear(p->poly); - pbc_free(f->data); -} - -static int polymod_is_sqr(element_ptr e) { - int res; - mpz_t z; - element_t e0; - - element_init(e0, e->field); - mpz_init(z); - mpz_sub_ui(z, e->field->order, 1); - mpz_divexact_ui(z, z, 2); - - element_pow_mpz(e0, e, z); - res = element_is1(e0); - element_clear(e0); - mpz_clear(z); - return res; -} - -// Find a square root in a polynomial modulo ring using Cantor-Zassenhaus aka -// Legendre's method. -static void polymod_sqrt(element_ptr res, element_ptr a) { - // TODO: Use a faster method? See Bernstein. - field_t kx; - element_t f; - element_t r, s; - element_t e0; - mpz_t z; - - field_init_poly(kx, a->field); - mpz_init(z); - element_init(f, kx); - element_init(r, kx); - element_init(s, kx); - element_init(e0, a->field); - - poly_alloc(f, 3); - element_set1(poly_coeff(f, 2)); - element_neg(poly_coeff(f, 0), a); - - mpz_sub_ui(z, a->field->order, 1); - mpz_divexact_ui(z, z, 2); - for (;;) { - int i; - element_ptr x; - element_ptr e1, e2; - - poly_alloc(r, 2); - element_set1(poly_coeff(r, 1)); - x = poly_coeff(r, 0); - element_random(x); - element_mul(e0, x, x); - if (!element_cmp(e0, a)) { - element_set(res, x); - break; - } - element_set1(s); - //TODO: this can be optimized greatly - //since we know r has the form ax + b - for (i = mpz_sizeinbase(z, 2) - 1; i >=0; i--) { - element_mul(s, s, s); - if (poly_degree(s) == 2) { - e1 = poly_coeff(s, 0); - e2 = poly_coeff(s, 2); - element_mul(e0, e2, a); - element_add(e1, e1, e0); - poly_alloc(s, 2); - poly_remove_leading_zeroes(s); - } - if (mpz_tstbit(z, i)) { - element_mul(s, s, r); - if (poly_degree(s) == 2) { - e1 = poly_coeff(s, 0); - e2 = poly_coeff(s, 2); - element_mul(e0, e2, a); - element_add(e1, e1, e0); - poly_alloc(s, 2); - poly_remove_leading_zeroes(s); - } - } - } - if (poly_degree(s) < 1) continue; - element_set1(e0); - e1 = poly_coeff(s, 0); - e2 = poly_coeff(s, 1); - element_add(e1, e1, e0); - element_invert(e0, e2); - element_mul(e0, e0, e1); - element_mul(e2, e0, e0); - if (!element_cmp(e2, a)) { - element_set(res, e0); - break; - } - } - - mpz_clear(z); - element_clear(f); - element_clear(r); - element_clear(s); - element_clear(e0); - field_clear(kx); -} - -static int polymod_to_bytes(unsigned char *data, element_t f) { - mfptr p = f->field->data; - element_t *coeff = f->data; - int i, n = p->n; - int len = 0; - for (i=0; ifield->data; - element_t *coeff = f->data; - int i, n = p->n; - int res = 0; - - for (i=0; ifield->data; - element_t *coeff = f->data; - int i, n = p->n; - int len = 0; - - for (i=0; ifield->data; - int n = p->n; - element_t *coeff; - coeff = e->data = pbc_malloc(sizeof(element_t) * n); - - for (i=0; ifield); - } -} - -static void polymod_clear(element_t e) { - mfptr p = e->field->data; - element_t *coeff = e->data; - int i, n = p->n; - for (i=0; idata); -} - -static void polymod_set_si(element_t e, signed long int x) { - mfptr p = e->field->data; - element_t *coeff = e->data; - int i, n = p->n; - element_set_si(coeff[0], x); - for (i=1; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - element_set_mpz(coeff[0], z); - for (i=1; ifield->data; - element_t *dst = e->data, *src = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = e->data, *src = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *c1 = f->data, *c2 = g->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = r->data, *s1 = e->data, *s2 = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = r->data, *s1 = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = r->data, *s1 = e->data, *s2 = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = e->data, *src = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = e->data, *src = f->data; - int i, n = p->n; - for (i=0; ifield->data; - element_t *dst = res->data, *s1 = e->data, *s2 = f->data; - element_t c3, c4; - element_t p0; - - element_init(p0, res->field); - element_init(c3, p->field); - element_init(c4, p->field); - - kar_poly_2(dst, c3, c4, s1, s2, p0->data); - - polymod_const_mul(p0, c3, p->xpwr[0]); - element_add(res, res, p0); - polymod_const_mul(p0, c4, p->xpwr[1]); - element_add(res, res, p0); - - element_clear(p0); - element_clear(c3); - element_clear(c4); -} - -static void polymod_mul_degree6(element_ptr res, element_ptr e, element_ptr f) { - mfptr p = res->field->data; - element_t *dst = res->data, *s0, *s1 = e->data, *s2 = f->data; - element_t *a0, *a1, *b0, *b1; - element_t p0, p1, p2, p3; - - a0 = s1; - a1 = &s1[3]; - b0 = s2; - b1 = &s2[3]; - - element_init(p0, res->field); - element_init(p1, res->field); - element_init(p2, res->field); - element_init(p3, res->field); - - s0 = p0->data; - s1 = p1->data; - s2 = p2->data; - element_add(s0[0], a0[0], a1[0]); - element_add(s0[1], a0[1], a1[1]); - element_add(s0[2], a0[2], a1[2]); - - element_add(s1[0], b0[0], b1[0]); - element_add(s1[1], b0[1], b1[1]); - element_add(s1[2], b0[2], b1[2]); - - kar_poly_2(s2, s2[3], s2[4], s0, s1, p3->data); - kar_poly_2(s0, s0[3], s0[4], a0, b0, p3->data); - kar_poly_2(s1, s1[3], s1[4], a1, b1, p3->data); - - element_set(dst[0], s0[0]); - element_set(dst[1], s0[1]); - element_set(dst[2], s0[2]); - - element_sub(dst[3], s0[3], s0[0]); - element_sub(dst[3], dst[3], s1[0]); - element_add(dst[3], dst[3], s2[0]); - - element_sub(dst[4], s0[4], s0[1]); - element_sub(dst[4], dst[4], s1[1]); - element_add(dst[4], dst[4], s2[1]); - - element_sub(dst[5], s2[2], s0[2]); - element_sub(dst[5], dst[5], s1[2]); - - // Start reusing part of s0 as scratch space(!) - element_sub(s0[0], s2[3], s0[3]); - element_sub(s0[0], s0[0], s1[3]); - element_add(s0[0], s0[0], s1[0]); - - element_sub(s0[1], s2[4], s0[4]); - element_sub(s0[1], s0[1], s1[4]); - element_add(s0[1], s0[1], s1[1]); - - polymod_const_mul(p3, s0[0], p->xpwr[0]); - element_add(res, res, p3); - polymod_const_mul(p3, s0[1], p->xpwr[1]); - element_add(res, res, p3); - polymod_const_mul(p3, s1[2], p->xpwr[2]); - element_add(res, res, p3); - polymod_const_mul(p3, s1[3], p->xpwr[3]); - element_add(res, res, p3); - polymod_const_mul(p3, s1[4], p->xpwr[4]); - element_add(res, res, p3); - - element_clear(p0); - element_clear(p1); - element_clear(p2); - element_clear(p3); -} - -// General polynomial modulo ring multiplication. -static void polymod_mul(element_ptr res, element_ptr e, element_ptr f) { - mfptr p = res->field->data; - int n = p->n; - element_t *dst; - element_t *s1 = e->data, *s2 = f->data; - element_t prod, p0, c0; - int i, j; - element_t *high; // Coefficients of x^n, ..., x^{2n-2}. - - high = pbc_malloc(sizeof(element_t) * (n - 1)); - for (i=0; ifield); - element_set0(high[i]); - } - element_init(prod, res->field); - dst = prod->data; - element_init(p0, res->field); - element_init(c0, p->field); - - for (i=0; ixpwr[i]); - element_add(prod, prod, p0); - element_clear(high[i]); - } - pbc_free(high); - - element_set(res, prod); - element_clear(prod); - element_clear(p0); - element_clear(c0); -} - -static void polymod_square_degree3(element_ptr res, element_ptr e) { - // TODO: Investigate if squaring is significantly cheaper than - // multiplication. If so convert to Karatsuba. - element_t *dst = res->data; - element_t *src = e->data; - mfptr p = res->field->data; - element_t p0; - element_t c0, c2; - element_ptr c1, c3; - - element_init(p0, res->field); - element_init(c0, p->field); - element_init(c2, p->field); - - c3 = p0->data; - c1 = c3 + 1; - - element_mul(c3, src[0], src[1]); - element_mul(c1, src[0], src[2]); - element_square(dst[0], src[0]); - - element_mul(c2, src[1], src[2]); - element_square(c0, src[2]); - element_square(dst[2], src[1]); - - element_add(dst[1], c3, c3); - - element_add(c1, c1, c1); - element_add(dst[2], dst[2], c1); - - polymod_const_mul(p0, c0, p->xpwr[1]); - element_add(res, res, p0); - - element_add(c2, c2, c2); - polymod_const_mul(p0, c2, p->xpwr[0]); - element_add(res, res, p0); - - element_clear(p0); - element_clear(c0); - element_clear(c2); -} - -static void polymod_square(element_ptr res, element_ptr e) { - element_t *dst; - element_t *src = e->data; - mfptr p = res->field->data; - int n = p->n; - element_t prod, p0, c0; - int i, j; - element_t *high; // Coefficients of x^n,...,x^{2n-2}. - - high = pbc_malloc(sizeof(element_t) * (n - 1)); - for (i=0; ifield); - element_set0(high[i]); - } - - element_init(prod, res->field); - dst = prod->data; - element_init(p0, res->field); - element_init(c0, p->field); - - for (i=0; ixpwr[i]); - element_add(prod, prod, p0); - element_clear(high[i]); - } - pbc_free(high); - - element_set(res, prod); - element_clear(prod); - element_clear(p0); - element_clear(c0); -} - -static int polymod_is0(element_ptr e) { - mfptr p = e->field->data; - element_t *coeff = e->data; - int i, n = p->n; - - for (i=0; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - - if (!element_is1(coeff[0])) return 0; - for (i=1; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - - for (i=0; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - - element_set1(coeff[0]); - for (i=1; ifield->data; - element_t *coeff = e->data; - int res = 0; - int i, n = p->n; - for (i=0; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - - if (EOF == fputc('[', stream)) return 0; - for (i=0; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - size_t result = 0, left; - int status; - - #define clip_sub(void) { \ - result += status; \ - left = result >= size ? 0 : size - result; \ - } - - status = snprintf(s, size, "["); - if (status < 0) return status; - clip_sub(); - - for (i=0; ifield->data; - element_t *coeff = e->data; - int i, n = p->n; - if (multiz_is_z(m)) { - element_set_multiz(coeff[0], m); - for (i = 1; i < n; i++) element_set0(coeff[i]); - return; - } - int max = multiz_count(m); - for (i = 0; i < n; i++) { - if (i >= max) element_set0(coeff[i]); - else element_set_multiz(coeff[i], multiz_at(m, i)); - } -} - -static int polymod_set_str(element_ptr e, const char *s, int base) { - mfptr p = e->field->data; - element_t *coeff = e->data; - int i, n = p->n; - const char *cp = s; - element_set0(e); - while (*cp && isspace(*cp)) cp++; - if (*cp++ != '[') return 0; - for (i=0; ifield->data; - return p->n; -} - -static element_ptr polymod_coeff(element_ptr e, int i) { - element_t *coeff = e->data; - return coeff[i]; -} - -static void polymod_to_mpz(mpz_t z, element_ptr e) { - element_to_mpz(z, polymod_coeff(e, 0)); -} - -// Compute x^n,...,x^{2n-2} mod poly. -static void compute_x_powers(field_ptr field, element_ptr poly) { - mfptr p = field->data; - element_t p0; - element_ptr pwrn; - element_t *coeff, *coeff1; - int i, j; - int n = p->n; - element_t *xpwr; - - xpwr = p->xpwr; - - element_init(p0, field); - for (i=0; idata; - coeff1 = xpwr[i]->data; - - element_set0(coeff1[0]); - for (j=1; jdata; - element_fprintf(str, "Extension, poly = %B, base field = ", p->poly); - field_out_info(str, p->field); -} - -// Sets d = gcd(f, g). -static void poly_gcd(element_ptr d, element_ptr f, element_ptr g) { - element_t a, b, q, r; - element_init(a, d->field); - element_init(b, d->field); - element_init(q, d->field); - element_init(r, d->field); - - element_set(a, f); - element_set(b, g); - for(;;) { - //TODO: don't care about q - poly_div(q, r, a, b); - if (element_is0(r)) break; - element_set(a, b); - element_set(b, r); - } - element_set(d, b); - element_clear(a); - element_clear(b); - element_clear(q); - element_clear(r); -} - -// Sets f = c g where c is the inverse of the leading coefficient of g. -static void poly_make_monic(element_t f, element_t g) { - int n = poly_coeff_count(g); - int i; - element_ptr e0; - poly_alloc(f, n); - if (!n) return; - - e0 = poly_coeff(f, n - 1); - element_invert(e0, poly_coeff(g, n - 1)); - for (i=0; idata = pbc_malloc(sizeof(*p)); - p->field = base_field; - p->mapbase = element_field_to_poly; - f->field_clear = field_clear_poly; - f->init = poly_init; - f->clear = poly_clear; - f->set_si = poly_set_si; - f->set_multiz = poly_set_multiz; - f->set_mpz = poly_set_mpz; - f->to_mpz = poly_to_mpz; - f->out_str = poly_out_str; - f->snprint = poly_snprint; - f->set = poly_set; - f->sign = poly_sgn; - f->add = poly_add; - f->doub = poly_double; - f->is0 = poly_is0; - f->is1 = poly_is1; - f->set0 = poly_set0; - f->set1 = poly_set1; - f->sub = poly_sub; - f->neg = poly_neg; - f->mul = poly_mul; - f->mul_mpz = poly_mul_mpz; - f->mul_si = poly_mul_si; - f->cmp = poly_cmp; - f->out_info = poly_out_info; - f->item_count = poly_coeff_count; - f->item = poly_coeff; - - f->to_bytes = poly_to_bytes; - f->from_bytes = poly_from_bytes; - f->fixed_length_in_bytes = -1; - f->length_in_bytes = poly_length_in_bytes; -} - -void poly_set_coeff(element_ptr e, element_ptr a, int n) { - peptr p = e->data; - if (p->coeff->count < n + 1) { - poly_alloc(e, n + 1); - } - element_ptr e0 = p->coeff->item[n]; - element_set(e0, a); - if (p->coeff->count == n + 1 && element_is0(a)) poly_remove_leading_zeroes(e); -} - -void poly_set_coeff0(element_ptr e, int n) { - peptr p = e->data; - if (n < p->coeff->count) { - element_set0(p->coeff->item[n]); - if (n == p->coeff->count - 1) poly_remove_leading_zeroes(e); - } -} - -void poly_set_coeff1(element_ptr e, int n) { - peptr p = e->data; - if (p->coeff->count < n + 1) { - poly_alloc(e, n + 1); - } - element_set1(p->coeff->item[n]); -} - -void poly_setx(element_ptr f) { - poly_alloc(f, 2); - element_set1(poly_coeff(f, 1)); - element_set0(poly_coeff(f, 0)); -} - -void poly_const_mul(element_ptr res, element_ptr a, element_ptr poly) { - int i, n = poly_coeff_count(poly); - poly_alloc(res, n); - for (i=0; idata; - return p->n; -} - -void field_init_polymod(field_ptr f, element_ptr poly) { - pfptr pdp = poly->field->data; - field_init(f); - mfptr p = f->data = pbc_malloc(sizeof(*p)); - p->field = pdp->field; - p->mapbase = element_field_to_poly; - element_init(p->poly, poly->field); - element_set(p->poly, poly); - int n = p->n = poly_degree(p->poly); - f->field_clear = field_clear_polymod; - f->init = polymod_init; - f->clear = polymod_clear; - f->set_si = polymod_set_si; - f->set_mpz = polymod_set_mpz; - f->out_str = polymod_out_str; - f->snprint = polymod_snprint; - f->set_multiz = polymod_set_multiz; - f->set_str = polymod_set_str; - f->set = polymod_set; - f->sign = polymod_sgn; - f->add = polymod_add; - f->doub = polymod_double; - f->sub = polymod_sub; - f->neg = polymod_neg; - f->is0 = polymod_is0; - f->is1 = polymod_is1; - f->set0 = polymod_set0; - f->set1 = polymod_set1; - f->cmp = polymod_cmp; - f->to_mpz = polymod_to_mpz; - f->item_count = polymod_coeff_count; - f->item = polymod_coeff; - switch(n) { - case 3: - f->mul = polymod_mul_degree3; - f->square = polymod_square_degree3; - break; - case 6: - f->mul = polymod_mul_degree6; - f->square = polymod_square; - break; - default: - f->mul = polymod_mul; - f->square = polymod_square; - break; - } - - f->mul_mpz = polymod_mul_mpz; - f->mul_si = polymod_mul_si; - f->random = polymod_random; - f->from_hash = polymod_from_hash; - f->invert = polymod_invert; - f->is_sqr = polymod_is_sqr; - f->sqrt = polymod_sqrt; - f->to_bytes = polymod_to_bytes; - f->from_bytes = polymod_from_bytes; - f->out_info = polymod_out_info; - - if (pdp->field->fixed_length_in_bytes < 0) { - f->fixed_length_in_bytes = -1; - f->length_in_bytes = polymod_length_in_bytes; - } else { - f->fixed_length_in_bytes = pdp->field->fixed_length_in_bytes * poly_degree(poly); - } - mpz_pow_ui(f->order, p->field->order, n); - - p->xpwr = pbc_malloc(sizeof(element_t) * n); - compute_x_powers(f, poly); -} - -field_ptr poly_base_field(element_t f) { - return ((pfptr) f->field->data)->field; -} - -void polymod_const_mul(element_ptr res, element_ptr a, element_ptr e) { - // a lies in R, e in R[x]. - element_t *coeff = e->data, *dst = res->data; - int i, n = polymod_field_degree(e->field); - - for (i=0; iz, v->deg, fac); - mpz_pow_ui(v->z, v->basef->order, mpz_get_ui(v->z)); - element_pow_mpz(v->xpow, v->x, v->z); - element_sub(v->xpow, v->xpow, v->x); - if (element_is0(v->xpow)) return 1; - polymod_to_poly(v->g, v->xpow); - poly_gcd(v->g, v->f, v->g); - return poly_degree(v->g) != 0; -} - -// Returns 1 if polynomial is irreducible, 0 otherwise. -// A polynomial f(x) is irreducible in F_q[x] if and only if: -// (1) f(x) | x^{q^n} - x, and -// (2) gcd(f(x), x^{q^{n/d}} - x) = 1 for all primes d | n. -// (Recall GF(p) is the splitting field for x^p - x.) -int poly_is_irred(element_ptr f) { - int res = 0; - element_t xpow, x, g; - field_ptr basef = poly_base_field(f); - field_t rxmod; - - // 0, units are not irreducibles. - // Assume coefficients are from a field. - if (poly_degree(f) <= 0) return 0; - // Degree 1 polynomials are always irreducible. - if (poly_degree(f) == 1) return 1; - - field_init_polymod(rxmod, f); - element_init(xpow, rxmod); - element_init(x, rxmod); - element_init(g, f->field); - element_set1(polymod_coeff(x, 1)); - - // The degree fits in an unsigned int but I'm lazy and want to use my - // mpz trial division code. - mpz_t deg, z; - mpz_init(deg); - mpz_init(z); - mpz_set_ui(deg, poly_degree(f)); - - struct checkgcd_scope_var v = {.z = z, .deg = deg, .basef = basef, - .xpow = xpow, .x = x, .f = f, .g = g}; - if (!pbc_trial_divide((int(*)(mpz_t,unsigned,void*))checkgcd, &v, deg, NULL)) { - // By now condition (2) has been satisfied. Check (1). - mpz_pow_ui(z, basef->order, poly_degree(f)); - element_pow_mpz(xpow, x, z); - element_sub(xpow, xpow, x); - if (element_is0(xpow)) res = 1; - } - - mpz_clear(deg); - mpz_clear(z); - element_clear(g); - element_clear(xpow); - element_clear(x); - field_clear(rxmod); - return res; -} - -void element_field_to_poly(element_ptr f, element_ptr g) { - poly_alloc(f, 1); - element_set(poly_coeff(f, 0), g); - poly_remove_leading_zeroes(f); -} - -void element_field_to_polymod(element_ptr f, element_ptr g) { - mfptr p = f->field->data; - element_t *coeff = f->data; - int i, n = p->n; - element_set(coeff[0], g); - for (i=1; iorder); - - field_init_polymod(fpxmod, poly); - element_init(p, fpxmod); - element_init(x, fpxmod); - element_init(g, poly->field); - element_set1(((element_t *) x->data)[1]); -pbc_info("findroot: degree %d...", poly_degree(poly)); - element_pow_mpz(p, x, q); - element_sub(p, p, x); - - polymod_to_poly(g, p); - element_clear(p); - poly_gcd(g, g, poly); - poly_make_monic(g, g); - element_clear(x); - field_clear(fpxmod); - - if (!poly_degree(g)) { - printf("no roots!\n"); - mpz_clear(q); - element_clear(g); - return -1; - } - - // Cantor-Zassenhaus algorithm. - element_init(fac, g->field); - element_init(x, g->field); - element_set_si(x, 1); - mpz_sub_ui(q, q, 1); - mpz_divexact_ui(q, q, 2); - element_init(r, g->field); - for (;;) { - if (poly_degree(g) == 1) break; // Found a root! -step_random: - poly_random_monic(r, 1); - // TODO: evaluate at g instead of bothering with gcd - poly_gcd(fac, r, g); - - if (poly_degree(fac) > 0) { - poly_make_monic(g, fac); - } else { - field_init_polymod(fpxmod, g); - int n; - element_init(p, fpxmod); - - poly_to_polymod_truncate(p, r); -pbc_info("findroot: degree %d...", poly_degree(g)); - element_pow_mpz(p, p, q); - - polymod_to_poly(r, p); - element_clear(p); - field_clear(fpxmod); - - element_add(r, r, x); - poly_gcd(fac, r, g); - n = poly_degree(fac); - if (n > 0 && n < poly_degree(g)) { - poly_make_monic(g, fac); - } else { - goto step_random; - } - } - } -pbc_info("findroot: found root"); - element_neg(root, poly_coeff(g, 0)); - element_clear(r); - mpz_clear(q); - element_clear(x); - element_clear(g); - element_clear(fac); - return 0; -} diff --git a/moon-abe/pbc-0.5.14/arith/random.c b/moon-abe/pbc-0.5.14/arith/random.c deleted file mode 100644 index 68228b3f..00000000 --- a/moon-abe/pbc-0.5.14/arith/random.c +++ /dev/null @@ -1,87 +0,0 @@ -#include -#include // for intptr_t -#include -#include -#include "pbc_random.h" -#include "pbc_utils.h" -#include "pbc_memory.h" - -void pbc_init_random(void); - -// Must use pointer due to lack of gmp_randstate_ptr. -static gmp_randstate_t *get_rs(void) { - static int rs_is_ready; - static gmp_randstate_t rs; - if (!rs_is_ready) { - gmp_randinit_default(rs); - rs_is_ready = 1; - } - return &rs; -} - -static void deterministic_mpz_random(mpz_t z, mpz_t limit, void *data) { - UNUSED_VAR (data); - mpz_urandomm(z, *get_rs(), limit); -} - -static void file_mpz_random(mpz_t r, mpz_t limit, void *data) { - char *filename = (char *) data; - FILE *fp; - int n, bytecount, leftover; - unsigned char *bytes; - mpz_t z; - mpz_init(z); - fp = fopen(filename, "rb"); - if (!fp) return; - n = mpz_sizeinbase(limit, 2); - bytecount = (n + 7) / 8; - leftover = n % 8; - bytes = (unsigned char *) pbc_malloc(bytecount); - for (;;) { - if (!fread(bytes, 1, bytecount, fp)) { - pbc_warn("error reading source of random bits"); - return; - } - if (leftover) { - *bytes = *bytes % (1 << leftover); - } - mpz_import(z, bytecount, 1, 1, 0, 0, bytes); - if (mpz_cmp(z, limit) < 0) break; - } - fclose(fp); - mpz_set(r, z); - mpz_clear(z); - pbc_free(bytes); -} - -static void (*current_mpz_random)(mpz_t, mpz_t, void *); -static void *current_random_data; -static int random_function_ready = 0; - -void pbc_random_set_function(void (*fun)(mpz_t, mpz_t, void *), void *data) { - current_mpz_random = fun; - current_random_data = data; - random_function_ready = 1; -} - -void pbc_mpz_random(mpz_t z, mpz_t limit) { - if (!random_function_ready) pbc_init_random(); - current_mpz_random(z, limit, current_random_data); -} - -void pbc_mpz_randomb(mpz_t z, unsigned int bits) { - mpz_t limit; - mpz_init(limit); - mpz_setbit(limit, bits); - pbc_mpz_random(z, limit); - mpz_clear(limit); -} - -void pbc_random_set_deterministic(unsigned int seed) { - gmp_randseed_ui(*get_rs(), seed); - pbc_random_set_function(deterministic_mpz_random, NULL); -} - -void pbc_random_set_file(char *filename) { - pbc_random_set_function(file_mpz_random, filename); -} diff --git a/moon-abe/pbc-0.5.14/arith/ternary_extension_field.c b/moon-abe/pbc-0.5.14/arith/ternary_extension_field.c deleted file mode 100644 index 3c79e3bd..00000000 --- a/moon-abe/pbc-0.5.14/arith/ternary_extension_field.c +++ /dev/null @@ -1,950 +0,0 @@ -/* $GF(3^m) = GF(3)[x]/(x^m + x^t + 2)$ - $GF(3^{2*m}) = GF(3^m)[x]/(x^2 + 1)$ - $GF(3^{3*m}) = GF(3^m)[x]/(x^3 - x -1)$ - $GF(3^{6*m}) = GF(3^{2*m})[x]/(x^3 - x -1)$ - - The "gf3_*" functions are for $GF(3)$. - The "gf3m_*" functions are for $GF(3^m)$. - The "gf32m_*" functions are for $GF(3^{2*m})$. - The "gf33m_*" functions are for $GF(3^{3*m})$ and $GF(3^{6*m})$. - - (gf3m field_t).data is a pointer of struct params - (gf3m element_t).data is a pointer of unsigned long - (gf32m element_t).data is gf32m_ptr - (gf33m element_t).data is gf33m_ptr */ - -#include -#include -#include -#include -#include -#include -#include "pbc_utils.h" -#include "pbc_memory.h" -#include "pbc_field.h" - -typedef unsigned long gf3; - -typedef struct { /* private data of $GF(3^m)$ */ - unsigned int len; /* the number of native machine integers required to represent one GF(3^m) element */ - unsigned int m; /* the irreducible polynomial is $x^m + x^t + 2$ */ - unsigned int t; /* the irreducible polynomial is $x^m + x^t + 2$ */ - element_ptr p; /* $p$ is the irreducible polynomial. */ -} params; - -typedef struct { - element_t _0, _1; -} gf32m_s; - -typedef gf32m_s *gf32m_ptr; - -typedef struct { - element_t _0, _1, _2; -} gf33m_s; - -typedef gf33m_s *gf33m_ptr; - -#define W (sizeof(unsigned long)*8) /* number of GF(3) elements in one processor integer */ -#define PARAM(e) ((params *)e->field->data) -#define LEN(e) (PARAM(e)->len) -#define SIZE(e) (LEN(e) * 2 * sizeof(unsigned long)) -#define DATA1(e) ((unsigned long*)e->data) -#define DATA2(e) ((unsigned long*)e->data + LEN(e)) -#define GF32M(e) ((gf32m_s *)e->data) -#define GF33M(e) ((gf33m_s *)e->data) -#define BASE(e) ((field_ptr)e->field->data) -#define print(e) {printf(#e": "); element_out_str(stdout, 10, e); printf("\n");} - -static size_t gf3m_out_str(FILE *stream, int base, element_t e) { - if (base != 10 && base != 16) - pbc_die("only support base 10 and base 16"); - size_t size = 0; - unsigned i; - unsigned long *d = DATA1(e); - for (i = 0; i < LEN(e) * 2; i++) { - if (base == 16) - size += fprintf(stream, "0x%lx,", d[i]); - else - size += fprintf(stream, "%lu,", d[i]); - } - return size; -} - -/* $a <- 0$ */ -static void gf3m_zero(element_t a) { - memset(a->data, 0, SIZE(a)); -} - -static void gf3m_init(element_t e) { - e->data = pbc_malloc(SIZE(e)); - gf3m_zero(e); -} - -static void gf3m_clear(element_t e) { - pbc_free(e->data); -} - -/* $e <- a$ */ -static void gf3m_assign(element_t e, element_t a) { - memcpy(e->data, a->data, SIZE(a)); -} - -/* $a <- a/x$. $len$ is the number of elements in $a$ */ -static void shift_down(unsigned int len, unsigned long a[]) { - unsigned long h = 0; - const unsigned long x = 1ul << (W - 1); - int i; - for (i = len - 1; i >= 0; i--) { - unsigned long l = a[i] & 1; - a[i] >>= 1; - if (h) - a[i] |= x; - h = l; - } -} - -/* $e <- e/x$ */ -static void gf3m_shift_down(element_t e) { - shift_down(LEN(e), DATA1(e)); - shift_down(LEN(e), DATA2(e)); -} - -/* $a <- a*x$. $len$ is the number of elements in $a$ */ -static void shift_up(unsigned int len, unsigned long a[]) { - unsigned long l = 0; - const unsigned long x = 1ul << (W - 1), y = x - 1; - unsigned i; - for (i = 0; i < len; i++) { - unsigned long h = a[i] & x; - a[i] = ((a[i] & y) << 1) | l; - l = h ? 1 : 0; - } -} - -/* $e <- e*x$ */ -static void gf3m_shift_up(element_t e) { - shift_up(LEN(e), DATA1(e)); - shift_up(LEN(e), DATA2(e)); -} - -/* return the coefficient of $x^pos$ in $e$ */ -static unsigned gf3m_get(element_t e, unsigned pos) { - unsigned long *a1 = DATA1(e), *a2 = DATA2(e); - unsigned x = pos / W; - unsigned long y = 1ul << (pos % W), v1 = a1[x] & y, v2 = a2[x] & y; - return v1 ? 1 : (v2 ? 2 : 0); -} - -/* set the coefficient of $x^pos$ as 1 */ -static void gf3m_set(element_t e, unsigned pos, unsigned value) { - unsigned long *a = DATA1(e); - /* assert value == 0, 1 or 2 */ - if (value == 2) - a = DATA2(e); - if (value) - a[pos / W] |= 1ul << (pos % W); -} - -/* $e <- a+b$ */ -static void gf3m_add(element_t e, element_t a, element_t b) { - unsigned long *e1 = DATA1(e), *e2 = DATA2(e), *a1 = DATA1(a), - *a2 = DATA2(a), *b1 = DATA1(b), *b2 = DATA2(b); - unsigned i; - for (i = 0; i < LEN(e); i++, e1++, e2++, a1++, a2++, b1++, b2++) { - unsigned long t = (*a1 | *a2) & (*b1 | *b2), c1 = t ^ (*a1 | *b1), c2 = - t ^ (*a2 | *b2); - *e1 = c1; - *e2 = c2; - } -} - -/* $e <- x-y$ */ -static void gf3m_sub(element_t e, element_t a, element_t b) { - unsigned long *e1 = DATA1(e), *e2 = DATA2(e), *a1 = DATA1(a), - *a2 = DATA2(a), *b1 = DATA2(b), *b2 = DATA1(b); - unsigned i; - for (i = 0; i < LEN(e); i++, e1++, e2++, a1++, a2++, b1++, b2++) { - unsigned long t = (*a1 | *a2) & (*b1 | *b2), c1 = t ^ (*a1 | *b1), c2 = - t ^ (*a2 | *b2); - *e1 = c1; - *e2 = c2; - } -} - -/* return 0 if $a == b$ in $GF(3^m)$, 1 otherwise. */ -static int gf3m_cmp(element_t a, element_t b) { - unsigned long *pa = DATA1(a), *pb = DATA1(b); - unsigned i; - for (i = 0; i < LEN(a) * 2; i++, pa++, pb++) - if (*pa != *pb) - return 1; - return 0; -} - -/* $a <- 1$ */ -static void gf3m_one(element_t a) { - gf3m_zero(a); - *DATA1(a) = 1; -} - -static int gf3m_is0(element_t e) { - unsigned i; - for (i = 0; i < LEN(e) * 2; i++) - if (DATA1(e)[i]) - return 0; - return 1; -} - -static int gf3m_is1(element_t e) { - unsigned i; - if (DATA1(e)[0] != 1) - return 0; - for (i = 1; i < LEN(e) * 2; i++) - if (DATA1(e)[i]) - return 0; - return 1; -} - -/* set $a$ to be a random element in $GF(3^m)$ */ -static void gf3m_random(element_t a) { - /* TODO: use uniform distribution? */ - params *c = PARAM(a); - unsigned rm = c->m % W; - const unsigned long i1 = ~0ul; - unsigned long i2 = (1ul << rm) - 1; - unsigned long *a1 = DATA1(a), *a2 = DATA2(a); - unsigned i; - for (i = 0; i < c->len - 1; i++, a1++, a2++) { /* TODO: if $RAND_MAX < i1$ ? */ - *a1 = rand() & i1; - *a2 = rand() & i1 & ~(*a1); /* assuring there is no bit that a1[x] & a2[x] == 1 */ - } - unsigned long x = rm ? i2 : i1; - *a1 = rand() & x; - *a2 = rand() & x & ~(*a1); -} - -static void swap(unsigned long *a, unsigned long *b) { - *a ^= *b; - *b ^= *a; - *a ^= *b; -} - -/* $y <- (-x)$ */ -static void gf3m_neg(element_t y, element_t x) { - unsigned long *a1 = DATA1(x), *a2 = DATA2(x), *c1 = DATA1(y), - *c2 = DATA2(y); - if (a1 == c1) { - unsigned i; - for (i = 0; i < LEN(y); i++, a1++, a2++) - swap(a1, a2); - } else { - memcpy(c1, a2, SIZE(y) / 2); - memcpy(c2, a1, SIZE(y) / 2); - } -} - -/* doing reduction - * The function returns the value of $a$ modulo $the irreducible trinomial$. - * $degree$ equals the degree of $a$. - * $2*len$ is the number of elements in $a$ */ -static void gf3m_reduct(element_t e, unsigned len, unsigned degree) { - // the $len$ argument exists because sometimes $len != p->len$ - params *p = PARAM(e); - unsigned old = p->len; - p->len = len; - element_t px; - element_init(px, e->field); - gf3m_set(px, degree, 1); - gf3m_set(px, degree - p->m + p->t, 1); - gf3m_set(px, degree - p->m, 2); - while (degree >= p->m) { - unsigned v = gf3m_get(e, degree); - if (v == 1) - gf3m_sub(e, e, px); - else if (v == 2) - gf3m_add(e, e, px); - degree--; - gf3m_shift_down(px); - } - element_clear(px); - p->len = old; -} - -/* doing multiplication of $n \in \{0,1,2\}$ and $a$ in $GF(3^m)$ - * The function sets $e <- n * a$. */ -static void gf3m_f1(element_t e, unsigned n, element_t a) { - /* assert $e$ is not $a$ */ - if (n == 0) - memset(DATA1(e), 0, SIZE(e)); - else if (n == 1) - memcpy(DATA1(e), DATA1(a), SIZE(e)); - else { - memcpy(DATA1(e), DATA2(a), SIZE(e) / 2); - memcpy(DATA2(e), DATA1(a), SIZE(e) / 2); - } -} - -/* $e <- e*x mod p(x)$ */ -static void gf3m_f2(element_t e) { - params *p = PARAM(e); - gf3m_shift_up(e); - unsigned v = gf3m_get(e, p->m); - if (v == 1) - gf3m_sub(e, e, p->p); - else if (v == 2) - gf3m_add(e, e, p->p); -} - -/* doing multiplication in GF(3^m) - * The function sets $e == a*b \in GF(3^m)$ */ -static void gf3m_mult(element_t e, element_ptr a, element_t b) { - params *p = PARAM(a); - element_t aa, t, c; - element_init(aa, a->field); - element_set(aa, a); - a = aa; // clone $a$ - element_init(t, a->field); - element_init(c, a->field); - unsigned i; - for (i = 0; i < p->m; i++) { - unsigned v = gf3m_get(b, i); - gf3m_f1(t, v, a); /* t == b[i]*a in GF(3^m) */ - gf3m_add(c, c, t); /* c += b[i]*a in GF(3^m) */ - gf3m_f2(a); /* a == a*x in GF(3^m) */ - } - element_set(e, c); - element_clear(t); - element_clear(c); - element_clear(aa); -} - -/* $e <- x^3$ */ -static void gf3m_cubic(element_t e, element_t x) { - /* TODO: faster algorithm */ - params *p = PARAM(x); - unsigned old = p->len; - unsigned len = (3 * p->m - 2 + W - 1) / W; /* length of $b1 */ - p->len = len; - element_t a; - element_init(a, x->field); - unsigned i; - for (i = 0; i < p->m; i++) { - p->len = old; - unsigned v = gf3m_get(x, i); - p->len = len; - gf3m_set(a, 3 * i, v); - } - gf3m_reduct(a, len, 3 * p->m - 3); - p->len = old; - memcpy(DATA1(e), DATA1(a), SIZE(e) / 2); - memcpy(DATA2(e), DATA1(a) + len, SIZE(e) / 2); - element_clear(a); -} - -/* multiplication modulo 3 of two elements in GF(3) - * for example, $mult(2,2) == 1$, and $mult(1,2) == 2$ */ -static unsigned gf3_mult(unsigned a, unsigned b) { - static const unsigned l[] = { 0, 1, 2, 0, 1 }; - return l[a * b]; -} - -static void gf3m_swap(element_t a, element_t b) { - unsigned long *p = DATA1(a); - a->data = b->data; - b->data = p; -} - -/* computing the inversion of an element $a$ in GF(3^m), i.e., $e <- a^{-1}$ - The algorithm is by Tim Kerins, Emanuel Popovici and William Marnane - in the paper of "Algorithms and Architectures for use in FPGA", - Lecture Notes in Computer Science, 2004, Volume 3203/2004, 74-83. - Note that $U$ must have an extra bit, i.e, (_m + W - 1) // W == (_m + W) // W */ -static void gf3m_invert(element_t e, element_t a) { - struct field_s *f = a->field; - params *p = PARAM(a); - unsigned lenA = p->len; - unsigned lenS = (3 * p->m + W - 1) / W; - p->len = lenS; - element_t S, R, t, U, V, t2; - element_init(S, f); - element_init(R, f); - element_init(t, f); - memcpy(DATA1(S), DATA1(p->p), lenA * sizeof(unsigned long)); /* S = p(x) */ - memcpy(DATA1(S) + lenS, DATA1(p->p) + lenA, lenA * sizeof(unsigned long)); - memcpy(DATA1(R), DATA1(a), lenA * sizeof(unsigned long)); /* R = _clone(a) */ - memcpy(DATA1(R) + lenS, DATA1(a) + lenA, lenA * sizeof(unsigned long)); - p->len = lenA; - element_init(U, f); - gf3m_one(U); - element_init(V, f); - element_init(t2, f); - unsigned d = 0, i, r_m, s_m, q, x; - for (i = 0; i < p->m * 2; i++) { - p->len = lenS; - r_m = gf3m_get(R, p->m), s_m = gf3m_get(S, p->m); - if (r_m == 0) { - gf3m_shift_up(R); /* R = xR */ - p->len = lenA; - gf3m_f2(U); /* U = xU mod p */ - d++; - } else { - q = gf3_mult(r_m, s_m); - gf3m_f1(t, q, R); - gf3m_sub(S, S, t); /* S = S-qR */ - gf3m_shift_up(S); /* S = xS */ - p->len = lenA; - gf3m_f1(t2, q, U); - gf3m_sub(V, V, t2); /* V = V-qU */ - if (d == 0) { - gf3m_swap(S, R); - gf3m_swap(U, V); - gf3m_f2(U); /* U = xU mod p*/ - d++; - } else { - x = gf3m_get(U, 0); - if (x == 1) /* assuring x|U */ - gf3m_add(U, U, p->p); - else if (x == 2) - gf3m_sub(U, U, p->p); - gf3m_shift_down(U); /* divide U by $x$ */ - d--; - } - } - } - p->len = lenS; - r_m = gf3m_get(R, p->m); /* assume r_m is not zero */ - p->len = lenA; - if (r_m == 2) - gf3m_neg(U, U); - memcpy(e->data, U->data, lenA * 2 * sizeof(unsigned long)); - element_clear(S); - element_clear(R); - element_clear(U); - element_clear(V); - element_clear(t); - element_clear(t2); -} - -static void gf3m_sqrt(element_t e, element_t a) { - field_ptr f = e->field; - mpz_t t; - mpz_init(t); // t == (field_order + 1) / 4 - mpz_set(t, f->order); - mpz_add_ui(t, t, 1); - mpz_tdiv_q_2exp(t, t, 2); - element_pow_mpz(e, a, t); - mpz_clear(t); -} - -int gf3m_to_bytes(unsigned char *d, element_ptr e) { - unsigned long *a = DATA1(e), *b = DATA2(e); - unsigned long i, j; - for (i = 0; i < LEN(e); i++, a++, b++) { - for (j = 0; j < sizeof(unsigned long) * 8; j += 8) { - *(d++) = (unsigned char) ((*a) >> j); - *(d++) = (unsigned char) ((*b) >> j); - } - } - return SIZE(e); -} - -int gf3m_from_bytes(element_ptr e, unsigned char *d) { - unsigned long *a = DATA1(e), *b = DATA2(e); - unsigned i; - int j; - for (i = 0; i < LEN(e); i++, a++, b++, d += sizeof(unsigned long) * 2) { - *a = 0, *b = 0; - j = 2 * sizeof(unsigned long) - 2; - while (j >= 0) { - *a <<= 8, *b <<= 8; - *a += d[j]; - *b += d[j + 1]; - j -= 2; - } - } - return SIZE(e); -} - -static void field_clear_gf3m(field_t f) { - params *p = f->data; - gf3m_clear(p->p); - pbc_free(p->p); - pbc_free(p); -} - -/* initialize the finite field as $GF(3^m)$, whose irreducible polynomial is with the degree of $m$ */ -void field_init_gf3m(field_t f, unsigned m, unsigned t) { - params *p = pbc_malloc(sizeof(*p)); - p->len = (m + (W - 1) + 1) / W; /* extra one bit for $_p$ */ - p->m = m; - p->t = t; - p->p = pbc_malloc(sizeof(*(p->p))); - p->p->field = f; - p->p->data = pbc_malloc(2 * sizeof(unsigned long) * p->len); - memset(p->p->data, 0, 2 * sizeof(unsigned long) * p->len); - unsigned long *p1 = p->p->data, *p2 = p1 + p->len; - p2[0] = 1; /* _p == x^m+x^t+2 */ - unsigned int p_t = p->t; - p1[p_t / W] |= 1ul << (p_t % W); - p1[m / W] |= 1ul << (m % W); - - field_init(f); - f->field_clear = field_clear_gf3m; - f->init = gf3m_init; - f->clear = gf3m_clear; - f->set = gf3m_assign; - f->set0 = gf3m_zero; - f->set1 = gf3m_one; - f->is0 = gf3m_is0; - f->is1 = gf3m_is1; - f->add = gf3m_add; - f->sub = gf3m_sub; - f->mul = gf3m_mult; - f->cubic = gf3m_cubic; - f->invert = gf3m_invert; - f->neg = gf3m_neg; - f->random = gf3m_random; - f->cmp = gf3m_cmp; - f->sqrt = gf3m_sqrt; - f->from_bytes = gf3m_from_bytes; - f->to_bytes = gf3m_to_bytes; - f->out_str = gf3m_out_str; - f->fixed_length_in_bytes = 2 * sizeof(unsigned long) * p->len; - f->data = p; - f->name = "GF(3^m)"; - - mpz_set_ui(f->order, 3); - mpz_pow_ui(f->order, f->order, p->m); -} - -static size_t gf32m_out_str(FILE *stream, int base, element_t e) { - UNUSED_VAR(base); - element_ptr e0 = GF32M(e)->_0, e1 = GF32M(e)->_1; - size_t size = 0; - size += element_out_str(stream, base, e0); - size += element_out_str(stream, base, e1); - return size; -} - -static void gf32m_init(element_t e) { - e->data = pbc_malloc(sizeof(gf32m_s)); - gf32m_ptr p = (gf32m_ptr) e->data; - field_ptr base = BASE(e); - element_init(p->_0, base); - element_init(p->_1, base); -} - -static void gf32m_clear(element_t e) { - gf32m_ptr p = (gf32m_ptr) e->data; - element_clear(p->_0); - element_clear(p->_1); - pbc_free(e->data); -} - -static void gf32m_set0(element_t e) { - element_ptr e0 = GF32M(e)->_0, e1 = GF32M(e)->_1; - element_set0(e0); - element_set0(e1); -} - -static void gf32m_set1(element_t e) { - element_ptr e0 = GF32M(e)->_0, e1 = GF32M(e)->_1; - element_set1(e0); - element_set0(e1); -} - -static int gf32m_item_count(element_t e) { - UNUSED_VAR(e); - return 2; -} - -static element_ptr gf32m_item(element_t a, int i) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1; - return i == 0 ? a0 : a1; -} - -static void gf32m_assign(element_t e, element_t a) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, e0 = GF32M(e)->_0, e1 = - GF32M(e)->_1; - element_set(e0, a0); - element_set(e1, a1); -} - -static void gf32m_random(element_t e) { - element_ptr e0 = GF32M(e)->_0, e1 = GF32M(e)->_1; - element_random(e0); - element_random(e1); -} - -/* return 0 if $a == b$, 1 otherwise */ -static int gf32m_cmp(element_t a, element_t b) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, b0 = GF32M(b)->_0, b1 = - GF32M(b)->_1; - return element_cmp(a0, b0) || element_cmp(a1, b1); -} - -/* $c <- a+b$ */ -static void gf32m_add(element_t c, element_t a, element_t b) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, b0 = GF32M(b)->_0, b1 = - GF32M(b)->_1, c0 = GF32M(c)->_0, c1 = GF32M(c)->_1; - element_add(c0, a0, b0); - element_add(c1, a1, b1); -} - -/* $c <- a-b$ */ -static void gf32m_sub(element_t c, element_t a, element_t b) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, b0 = GF32M(b)->_0, b1 = - GF32M(b)->_1, c0 = GF32M(c)->_0, c1 = GF32M(c)->_1; - element_sub(c0, a0, b0); - element_sub(c1, a1, b1); -} - -/* $c <- (-a)$ */ -static void gf32m_neg(element_t c, element_t a) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, c0 = GF32M(c)->_0, c1 = - GF32M(c)->_1; - element_neg(c0, a0); - element_neg(c1, a1); -} - -/* $e<- a*b$ */ -static void gf32m_mult(element_t e, element_t a, element_t b) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, b0 = GF32M(b)->_0, b1 = - GF32M(b)->_1, e0 = GF32M(e)->_0, e1 = GF32M(e)->_1; - field_ptr base = BASE(a); - element_t a0b0, a1b1, t0, t1, c1; - element_init(a0b0, base); - element_init(a1b1, base); - element_init(t0, base); - element_init(t1, base); - element_init(c1, base); - element_mul(a0b0, a0, b0); - element_mul(a1b1, a1, b1); - element_add(t0, a1, a0); - element_add(t1, b1, b0); - element_mul(c1, t0, t1); // c1 == (a1+a0)*(b1+b0) - element_sub(c1, c1, a1b1); - element_sub(c1, c1, a0b0); - element_ptr c0 = a0b0; - element_sub(c0, c0, a1b1); // c0 == a0*b0 - a1*b1 - element_set(e0, c0); - element_set(e1, c1); - element_clear(a0b0); - element_clear(a1b1); - element_clear(t0); - element_clear(t1); - element_clear(c1); -} - -/* $e <- a^3$ */ -static void gf32m_cubic(element_t e, element_t a) { - element_ptr a0 = GF32M(a)->_0, a1 = GF32M(a)->_1, e0 = GF32M(e)->_0, e1 = - GF32M(e)->_1; - field_ptr base = BASE(a); - element_t c0, c1; - element_init(c0, base); - element_init(c1, base); - element_cubic(c0, a0); - element_cubic(c1, a1); - element_neg(c1, c1); // c1 == -(a1^3) - element_set(e0, c0); - element_set(e1, c1); - element_clear(c0); - element_clear(c1); -} - -void field_clear_gf32m(field_t f) { - UNUSED_VAR(f); -} - -/* initialize the finite field as $base_field[x]/(x^2 + 1)$, whose base field is $b$ */ -void field_init_gf32m(field_t f, field_t b) { - field_init(f); - f->data = b; - f->field_clear = field_clear_gf32m; - f->init = gf32m_init; - f->clear = gf32m_clear; - f->set = gf32m_assign; - f->set0 = gf32m_set0; - f->set1 = gf32m_set1; - f->random = gf32m_random; - f->cmp = gf32m_cmp; - f->add = gf32m_add; - f->sub = gf32m_sub; - f->neg = gf32m_neg; - f->mul = gf32m_mult; - f->cubic = gf32m_cubic; - f->item_count = gf32m_item_count; - f->item = gf32m_item; - f->out_str = gf32m_out_str; - mpz_pow_ui(f->order, b->order, 2); - f->name = "GF(3^{2*m})"; -} - -static size_t gf33m_out_str(FILE *stream, int base, element_t e) { - UNUSED_VAR(base); - element_ptr e0 = GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - size_t size = 0; - size += element_out_str(stream, base, e0); - size += element_out_str(stream, base, e1); - size += element_out_str(stream, base, e2); - return size; -} - -static void gf33m_init(element_t e) { - e->data = pbc_malloc(sizeof(gf33m_s)); - gf33m_ptr p = (gf33m_ptr) e->data; - field_ptr base = BASE(e); - element_init(p->_0, base); - element_init(p->_1, base); - element_init(p->_2, base); -} - -static void gf33m_clear(element_t e) { - gf33m_ptr p = (gf33m_ptr) e->data; - element_clear(p->_0); - element_clear(p->_1); - element_clear(p->_2); - pbc_free(e->data); -} - -static void gf33m_set0(element_t e) { - element_ptr e0 = GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - element_set0(e0); - element_set0(e1); - element_set0(e2); -} - -static void gf33m_set1(element_t e) { - element_ptr e0 = GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - element_set1(e0); - element_set0(e1); - element_set0(e2); -} - -static int gf33m_item_count(element_t e) { - UNUSED_VAR(e); - return 3; -} - -static element_ptr gf33m_item(element_t a, int i) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2; - return i == 0 ? a0 : (i == 1 ? a1 : a2); -} - -static void gf33m_assign(element_t e, element_t a) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, e0 = - GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - element_set(e0, a0); - element_set(e1, a1); - element_set(e2, a2); -} - -static void gf33m_random(element_t e) { - element_ptr e0 = GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - element_random(e0); - element_random(e1); - element_random(e2); -} - -/* return 0 if $a == b$, 1 otherwise */ -static int gf33m_cmp(element_t a, element_t b) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, b0 = - GF33M(b)->_0, b1 = GF33M(b)->_1, b2 = GF33M(b)->_2; - return element_cmp(a0, b0) || element_cmp(a1, b1) || element_cmp(a2, b2); -} - -/* $c <- a+b$ */ -static void gf33m_add(element_t c, element_t a, element_t b) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, b0 = - GF33M(b)->_0, b1 = GF33M(b)->_1, b2 = GF33M(b)->_2, c0 = - GF33M(c)->_0, c1 = GF33M(c)->_1, c2 = GF33M(c)->_2; - element_add(c0, a0, b0); - element_add(c1, a1, b1); - element_add(c2, a2, b2); -} - -/* $c <- a-b$ */ -static void gf33m_sub(element_t c, element_t a, element_t b) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, b0 = - GF33M(b)->_0, b1 = GF33M(b)->_1, b2 = GF33M(b)->_2, c0 = - GF33M(c)->_0, c1 = GF33M(c)->_1, c2 = GF33M(c)->_2; - element_sub(c0, a0, b0); - element_sub(c1, a1, b1); - element_sub(c2, a2, b2); -} - -/* $c <- a*b$ */ -static void gf33m_mult(element_t e, element_t a, element_t b) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, b0 = - GF33M(b)->_0, b1 = GF33M(b)->_1, b2 = GF33M(b)->_2, e0 = - GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - field_ptr base = BASE(e); - element_t t0, t1, c1, a0b0, a1b1, a2b2; - element_init(t0, base); - element_init(t1, base); - element_init(c1, base); - element_init(a0b0, base); - element_init(a1b1, base); - element_init(a2b2, base); - element_mul(a0b0, a0, b0); - element_mul(a1b1, a1, b1); - element_mul(a2b2, a2, b2); - element_ptr d0 = a0b0; - element_add(t0, a1, a0); - element_add(t1, b1, b0); - element_t d1; - element_init(d1, base); - element_mul(d1, t0, t1); - element_sub(d1, d1, a1b1); - element_sub(d1, d1, a0b0); - element_add(t0, a2, a0); - element_add(t1, b2, b0); - element_t d2; - element_init(d2, base); - element_mul(d2, t0, t1); - element_add(d2, d2, a1b1); - element_sub(d2, d2, a2b2); - element_sub(d2, d2, a0b0); - element_add(t0, a2, a1); - element_add(t1, b2, b1); - element_t d3; - element_init(d3, base); - element_mul(d3, t0, t1); - element_sub(d3, d3, a2b2); - element_sub(d3, d3, a1b1); - element_ptr d4 = a2b2; - element_add(t0, d0, d3); - element_ptr c0 = t0; - element_add(c1, d1, d3); - element_add(c1, c1, d4); - element_add(t1, d2, d4); - element_ptr c2 = t1; - element_set(e0, c0); - element_set(e1, c1); - element_set(e2, c2); - element_clear(t0); - element_clear(t1); - element_clear(c1); - element_clear(a0b0); - element_clear(a1b1); - element_clear(a2b2); - element_clear(d1); - element_clear(d2); - element_clear(d3); -} - -/* $e <- a^3$ */ -static void gf33m_cubic(element_t e, element_t a) { - field_ptr base = BASE(a); - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, e0 = - GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - element_t a03, a13, a23; - element_init(a03, base); - element_init(a13, base); - element_init(a23, base); - element_cubic(a03, a0); - element_cubic(a13, a1); - element_cubic(a23, a2); - element_add(a03, a03, a13); - element_add(a03, a03, a23); - element_ptr c0 = a03; - element_sub(a13, a13, a23); - element_ptr c1 = a13; - element_ptr c2 = a23; - element_set(e0, c0); - element_set(e1, c1); - element_set(e2, c2); - element_clear(a03); - element_clear(a13); - element_clear(a23); -} - -/* $e <- a^{-1}$ */ -static void gf33m_invert(element_t e, element_t a) { - element_ptr a0 = GF33M(a)->_0, a1 = GF33M(a)->_1, a2 = GF33M(a)->_2, e0 = - GF33M(e)->_0, e1 = GF33M(e)->_1, e2 = GF33M(e)->_2; - field_ptr base = BASE(e); - element_t a02, a12, a22; - element_init(a02, base); - element_init(a12, base); - element_init(a22, base); - element_mul(a02, a0, a0); - element_mul(a12, a1, a1); - element_mul(a22, a2, a2); - element_t v0; - element_init(v0, base); - element_sub(v0, a0, a2); // v0 == a0-a2 - element_t delta; - element_init(delta, base); - element_mul(delta, v0, a02); // delta = (a0-a2)*(a0^2), free - element_sub(v0, a1, a0); // v0 == a1-a0 - element_t c0; - element_init(c0, base); - element_mul(c0, v0, a12); // c0 == (a1-a0)*(a1^2) - element_add(delta, delta, c0); // delta = (a0-a2)*(a0^2) + (a1-a0)*(a1^2) - element_sub(v0, a2, v0); // v0 == a2-(a1-a0) = a0-a1+a2 - element_t c1; - element_init(c1, base); - element_mul(c1, v0, a22); // c1 == (a0-a1+a2)*(a2^2) - element_add(delta, delta, c1); // delta = (a0-a2)*(a0^2) + (a1-a0)*(a1^2) + (a0-a1+a2)*(a2^2) - element_invert(delta, delta); // delta = [(a0-a2)*(a0^2) + (a1-a0)*(a1^2) + (a0-a1+a2)*(a2^2)] ^ {-1} - element_add(v0, a02, a22); // v0 == a0^2+a2^2 - element_t c2; - element_init(c2, base); - element_mul(c2, a0, a2); // c2 == a0*a2 - element_sub(c0, v0, c2); // c0 == a0^2+a2^2-a0*a2 - element_add(v0, a1, a2); // v0 == a1+a2 - element_t c3; - element_init(c3, base); - element_mul(c3, a1, v0); // c3 == a1*(a1+a2) - element_sub(c0, c0, c3); // c0 == a0^2+a2^2-a0*a2-a1*(a1+a2) - element_mul(c0, c0, delta); // c0 *= delta - element_mul(c1, a0, a1); // c1 == a0*a1 - element_sub(c1, a22, c1); // c1 == a2^2-a0*a1 - element_mul(c1, c1, delta); // c1 *= delta - element_sub(c2, a12, c2); // c2 == a1^2-a0*a2 - element_sub(c2, c2, a22); // c2 == a1^2-a0*a2-a2^2 - element_mul(c2, c2, delta); // c2 *= delta - element_set(e0, c0); - element_set(e1, c1); - element_set(e2, c2); - element_clear(a02); - element_clear(a12); - element_clear(a22); - element_clear(v0); - element_clear(delta); - element_clear(c0); - element_clear(c1); - element_clear(c2); - element_clear(c3); -} - -void field_clear_gf33m(field_t f) { - UNUSED_VAR(f); -} - -/* initialize the finite field as $base_field[x]/(x^3 - x - 1)$, whose base field is $b$ */ -void field_init_gf33m(field_t f, field_t b) { - field_init(f); - f->data = b; - f->field_clear = field_clear_gf33m; - f->init = gf33m_init; - f->clear = gf33m_clear; - f->set = gf33m_assign; - f->set0 = gf33m_set0; - f->set1 = gf33m_set1; - f->random = gf33m_random; - f->cmp = gf33m_cmp; - f->add = gf33m_add; - f->sub = gf33m_sub; - f->mul = gf33m_mult; - f->cubic = gf33m_cubic; - f->invert = gf33m_invert; - f->item_count = gf33m_item_count; - f->item = gf33m_item; - f->out_str = gf33m_out_str; - mpz_pow_ui(f->order, b->order, 3); - f->name = "GF(3^{3*m})"; -} - diff --git a/moon-abe/pbc-0.5.14/arith/tinyfp.c b/moon-abe/pbc-0.5.14/arith/tinyfp.c deleted file mode 100644 index 50e883e1..00000000 --- a/moon-abe/pbc-0.5.14/arith/tinyfp.c +++ /dev/null @@ -1,304 +0,0 @@ -// F_p for small p, i.e. at most sizeof(long) bytes long. -// Assumes long long is at least twice long. - -// TODO: Fix outstanding bugs and use in PBC. - -#include -#include -#include // for intptr_t -#include -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" - -// Mostly wrappers. We use GMP routines for pow_mpz and invert. - -static void fp_init(element_ptr e) { - unsigned long *p = e->data = pbc_malloc(sizeof(unsigned long)); - *p = 0; -} - -static void fp_clear(element_ptr e) { - pbc_free(e->data); -} - -static void fp_set_mpz(element_ptr e, mpz_ptr z) { - mpz_t r; - mpz_init(r); - unsigned long *p = e->field->data; - unsigned long *l = e->data; - mpz_fdiv_r_ui(r, z, *p); - *l = mpz_get_ui(r); - mpz_clear(r); -} - -static void fp_set_si(element_ptr e, signed long int op) { - unsigned long int *d = e->data; - unsigned long *p = e->field->data; - if (op < 0) { - *d = (-op) % *p; - *d = *p - *d; - } else { - *d = op % *p; - } -} - -static void fp_to_mpz(mpz_ptr z, element_ptr e) { - unsigned long int *l = e->data; - mpz_set_ui(z, *l); -} - -static void fp_set0(element_ptr e) { - unsigned long int *l = e->data; - *l = 0; -} - -static void fp_set1(element_ptr e) { - unsigned long int *l = e->data; - *l = 1; -} - -static int fp_is1(element_ptr e) { - unsigned long int *l = e->data; - return *l == 1; -} - -static int fp_is0(element_ptr e) { - unsigned long int *l = e->data; - return *l == 0; -} - -static size_t fp_out_str(FILE *stream, int base, element_ptr e) { - size_t result; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, e); - result = mpz_out_str(stream, base, z); - mpz_clear(z); - return result; -} - -static void fp_add(element_ptr c, element_ptr a, element_ptr b) { - unsigned long *prime = a->field->data; - unsigned long *p = a->data; - unsigned long *q = b->data; - unsigned long *r = c->data; - unsigned long l0; - l0 = *p + *q; - if (l0 < *p) { - //overflow - l0 -= *prime; - } - *r = l0 % *prime; -} - -static void fp_double(element_ptr c, element_ptr a) { - unsigned long *prime = a->field->data; - unsigned long *p = a->data; - unsigned long *r = c->data; - *r = 2 * *p; - if (*r < *p) { - //overflow - *r -= *prime; - } - *r = *r % *prime; -} - -static void fp_sub(element_ptr c, element_ptr a, element_ptr b) { - unsigned long *prime = a->field->data; - unsigned long *p = a->data; - unsigned long *q = b->data; - unsigned long *r = c->data; - - if (*p >= *q) { - *r = *p - *q; - } else { - *r = *prime - *q + *p; - } -} - -static void fp_mul(element_ptr c, element_ptr a, element_ptr b) { - unsigned long *prime = a->field->data; - unsigned long *p = a->data; - unsigned long *q = b->data; - unsigned long long ll; - unsigned long *r = c->data; - - ll = *p * *q; - *r = ll % *prime; -} - -static void fp_square(element_ptr c, element_ptr a) { - fp_mul(c, a, a); -} - -static void fp_neg(element_ptr c, element_ptr a) { - unsigned long *prime = a->field->data; - unsigned long *r = c->data; - unsigned long *p = a->data; - if (*p) { - *r = *prime - *p; - } else { - *r = 0; - } -} - -static void fp_mul_si(element_ptr c, element_ptr a, signed long int op) { - unsigned long *prime = a->field->data; - unsigned long *p = a->data; - unsigned long long ll; - unsigned long *r = c->data; - - ll = *p * op; - *r = ll % *prime; -} - -static void fp_pow_mpz(element_ptr c, element_ptr a, mpz_ptr op) { - unsigned long *r = c->data; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_powm(z, z, op, a->field->order); - *r = mpz_get_ui(z); - mpz_clear(z); -} - -static void fp_set(element_ptr c, element_ptr a) { - unsigned long *p = a->data; - unsigned long *r = c->data; - *r = *p; -} - -static void fp_invert(element_ptr c, element_ptr a) { - unsigned long *r = c->data; - mpz_t z; - mpz_init(z); - fp_to_mpz(z, a); - mpz_invert(z, z, a->field->order); - *r = mpz_get_ui(z); - mpz_clear(z); -} - -static void fp_random(element_ptr c) { - unsigned long *r = c->data; - mpz_t z; - mpz_init(z); - pbc_mpz_random(z, c->field->order); - *r = mpz_get_ui(z); - mpz_clear(z); -} - -static void fp_from_hash(element_ptr n, void *data, int len) { - mpz_t z; - - mpz_init(z); - mpz_import(z, len, -1, 1, -1, 0, data); - fp_set_mpz(n, z); - mpz_clear(z); -} - -static int fp_cmp(element_ptr a, element_ptr b) { - unsigned long *p = a->data; - unsigned long *q = b->data; - return *p != *q; -} - -static int fp_sgn_odd(element_ptr a) { - unsigned long *p = a->data; - if (!*p) return 0; - return *p & 1 ? 1 : -1; -} - -static int fp_is_sqr(element_ptr a) { - int res; - mpz_t z; - mpz_init(z); - //0 is a square - if (fp_is0(a)) return 1; - fp_to_mpz(z, a); - res = mpz_legendre(z, a->field->order) == 1; - mpz_clear(z); - return res; -} - -static int fp_to_bytes(unsigned char *data, element_t e) { - unsigned long *p = e->data; - unsigned long l = *p; - int i, n = e->field->fixed_length_in_bytes; - for (i = 0; i < n; i++) { - data[n - i - 1] = (unsigned char) l; - l >>= 8; - } - return n; -} - -static int fp_from_bytes(element_t e, unsigned char *data) { - unsigned char *ptr = data; - unsigned long *p = e->data; - int i, n = e->field->fixed_length_in_bytes; - *p = 0; - for (i=0; idata); -} - -void field_init_tiny_fp(field_ptr f, mpz_t prime) { - unsigned long *p; - - PBC_ASSERT(mpz_fits_ulong_p(prime), "modulus too big"); - - field_init(f); - f->init = fp_init; - f->clear = fp_clear; - f->set_si = fp_set_si; - f->set_mpz = fp_set_mpz; - f->out_str = fp_out_str; - f->add = fp_add; - f->sub = fp_sub; - f->set = fp_set; - f->mul = fp_mul; - f->mul_si = fp_mul_si; - f->square = fp_square; - f->doub = fp_double; - f->pow_mpz = fp_pow_mpz; - f->neg = fp_neg; - f->cmp = fp_cmp; - f->sign = fp_sgn_odd; - f->invert = fp_invert; - f->random = fp_random; - f->from_hash = fp_from_hash; - f->is1 = fp_is1; - f->is0 = fp_is0; - f->set0 = fp_set0; - f->set1 = fp_set1; - f->is_sqr = fp_is_sqr; - f->sqrt = element_tonelli; - f->field_clear = fp_field_clear; - f->to_bytes = fp_to_bytes; - f->from_bytes = fp_from_bytes; - f->to_mpz = fp_to_mpz; - - p = f->data = pbc_malloc(sizeof(long)); - *p = mpz_get_ui(prime); - { - unsigned long int l = 255; - f->fixed_length_in_bytes = 1; - while (l < *p) { - f->fixed_length_in_bytes++; - l <<= 8; - l += 255; - } - } - mpz_set(f->order, prime); -} diff --git a/moon-abe/pbc-0.5.14/arith/z.c b/moon-abe/pbc-0.5.14/arith/z.c deleted file mode 100644 index ff5a4a97..00000000 --- a/moon-abe/pbc-0.5.14/arith/z.c +++ /dev/null @@ -1,263 +0,0 @@ -// The ring Z. -// -// Wrappers around GMP mpz functions. -#include -#include -#include // for intptr_t -#include -#include -#include "pbc_utils.h" -#include "pbc_field.h" -#include "pbc_z.h" -#include "pbc_random.h" -#include "pbc_fp.h" -#include "pbc_memory.h" - -static void z_init(element_ptr e) { - e->data = pbc_malloc(sizeof(mpz_t)); - mpz_init(e->data); -} - -static void z_clear(element_ptr e) { - mpz_clear(e->data); - pbc_free(e->data); -} - -static void z_set_si(element_ptr e, signed long int op) { - mpz_set_si(e->data, op); -} - -static void z_set_mpz(element_ptr e, mpz_ptr z) { - mpz_set(e->data, z); -} - -static void z_set0(element_ptr e) { - mpz_set_ui(e->data, 0); -} - -static void z_set1(element_ptr e) { - mpz_set_ui(e->data, 1); -} - -static size_t z_out_str(FILE *stream, int base, element_ptr e) { - return mpz_out_str(stream, base, e->data); -} - -static int z_sgn(element_ptr a) { - mpz_ptr z = a->data; - return mpz_sgn(z); -} - -static void z_add(element_ptr n, element_ptr a, element_ptr b) { - mpz_add(n->data, a->data, b->data); -} - -static void z_sub(element_ptr n, element_ptr a, element_ptr b) { - mpz_sub(n->data, a->data, b->data); -} - -static void z_square(element_ptr c, element_ptr a) { - mpz_mul(c->data, a->data, a->data); -} - -static void z_double(element_ptr n, element_ptr a) { - mpz_mul_2exp(n->data, a->data, 1); -} - -static void z_halve(element_ptr n, element_ptr a) { - mpz_tdiv_q_2exp(n->data, a->data, -1); -} - -static void z_mul(element_ptr n, element_ptr a, element_ptr b) { - mpz_mul(n->data, a->data, b->data); -} - -static void z_mul_mpz(element_ptr n, element_ptr a, mpz_ptr z) { - mpz_mul(n->data, a->data, z); -} - -static void z_mul_si(element_ptr n, element_ptr a, signed long int z) { - mpz_mul_si(n->data, a->data, z); -} - -static void z_pow_mpz(element_ptr n, element_ptr a, mpz_ptr z) { - mpz_pow_ui(n->data, a->data, mpz_get_ui(z)); -} - -static void z_set(element_ptr n, element_ptr a) { - mpz_set(n->data, a->data); -} - -static void z_neg(element_ptr n, element_ptr a) { - mpz_neg(n->data, a->data); -} - -static void z_invert(element_ptr n, element_ptr a) { - if (!mpz_cmpabs_ui(a->data, 1)) { - mpz_set(n->data, a->data); - } else mpz_set_ui(n->data, 0); -} - -static void z_div(element_ptr c, element_ptr a, element_ptr b) { - mpz_tdiv_q(c->data, a->data, b->data); -} - -//(doesn't make sense if order is infinite) -static void z_random(element_ptr n) { - mpz_set_ui(n->data, 0); -} - -static void z_from_hash(element_ptr n, void *data, int len) { - mpz_import(n->data, len, -1, 1, -1, 0, data); -} - -static int z_is1(element_ptr n) { - return !mpz_cmp_ui((mpz_ptr) n->data, 1); -} - -static int z_is0(element_ptr n) { - return mpz_is0(n->data); -} - -static int z_cmp(element_ptr a, element_ptr b) { - return mpz_cmp((mpz_ptr) a->data, (mpz_ptr) b->data); -} - -static int z_is_sqr(element_ptr a) { - return mpz_perfect_power_p(a->data); -} - -static void z_sqrt(element_ptr c, element_ptr a) { - mpz_sqrt(c->data, a->data); -} - -static void z_field_clear(field_t f) { - UNUSED_VAR (f); -} - -// OpenSSL convention: -// 4 bytes containing length -// followed by number in big-endian, most-significant bit set if negative -// (prepending null byte if necessary) -// Positive numbers also the same as mpz_out_raw. -static int z_to_bytes(unsigned char *data, element_t e) { - mpz_ptr z = e->data; - size_t msb = mpz_sizeinbase(z, 2); - size_t n = 4; - size_t i; - - if (!(msb % 8)) { - data[4] = 0; - n++; - } - if (mpz_sgn(z) < 0) { - mpz_export(data + n, NULL, 1, 1, 1, 0, z); - data[4] |= 128; - } else { - mpz_export(data + n, NULL, 1, 1, 1, 0, z); - } - n += (msb + 7) / 8 - 4; - for (i=0; i<4; i++) { - data[i] = (n >> 8 * (3 - i)); - } - n += 4; - - return n; -} - -static int z_from_bytes(element_t e, unsigned char *data) { - unsigned char *ptr; - size_t i, n; - mpz_ptr z = e->data; - mpz_t z1; - int neg = 0; - - mpz_init(z1); - mpz_set_ui(z, 0); - - ptr = data; - n = 0; - for (i=0; i<4; i++) { - n += ((unsigned int) *ptr) << 8 * (3 - i); - ptr++; - } - if (data[4] & 128) { - neg = 1; - data[4] &= 127; - } - for (i=0; idata); -} - -static int z_length_in_bytes(element_ptr a) { - return (mpz_sizeinbase(a->data, 2) + 7) / 8 + 4; -} - -static void z_out_info(FILE *out, field_ptr f) { - UNUSED_VAR(f); - fprintf(out, "Z: wrapped GMP"); -} - -static int z_set_str(element_ptr e, const char *s, int base) { - mpz_t z; - mpz_init(z); - int result = pbc_mpz_set_str(z, s, base); - z_set_mpz(e, z); - mpz_clear(z); - return result; -} - -void field_init_z(field_ptr f) { - field_init(f); - f->init = z_init; - f->clear = z_clear; - f->set_si = z_set_si; - f->set_mpz = z_set_mpz; - f->set_str = z_set_str; - f->out_str = z_out_str; - f->sign = z_sgn; - f->add = z_add; - f->sub = z_sub; - f->set = z_set; - f->square = z_square; - f->doub = z_double; - f->halve = z_halve; - f->mul = z_mul; - f->mul_mpz = z_mul_mpz; - f->mul_si = z_mul_si; - f->pow_mpz = z_pow_mpz; - f->neg = z_neg; - f->cmp = z_cmp; - f->invert = z_invert; - f->div = z_div; - f->random = z_random; - f->from_hash = z_from_hash; - f->is1 = z_is1; - f->is0 = z_is0; - f->set0 = z_set0; - f->set1 = z_set1; - f->is_sqr = z_is_sqr; - f->sqrt = z_sqrt; - f->field_clear = z_field_clear; - f->to_bytes = z_to_bytes; - f->from_bytes = z_from_bytes; - f->to_mpz = z_to_mpz; - f->length_in_bytes = z_length_in_bytes; - - f->out_info = z_out_info; - - mpz_set_ui(f->order, 0); - f->data = NULL; - f->fixed_length_in_bytes = -1; -} -- cgit 1.2.3-korg