Blame - third_party/gmp/mpz/millerrabin.c - RealtimeRoboticsGroup/test

blob: 1f5d482605bbc9c87f43a09ee2a33c8181fcaa7e [file] [log] [blame]

Austin Schuh	dace2a6	2020-08-18 10:56:48 -0700	[diff] [blame]	1	/* mpz_millerrabin(n,reps) -- An implementation of the probabilistic primality
				2	test found in Knuth's Seminumerical Algorithms book. If the function
				3	mpz_millerrabin() returns 0 then n is not prime. If it returns 1, then n is
				4	'probably' prime. The probability of a false positive is (1/4)**reps, where
				5	reps is the number of internal passes of the probabilistic algorithm. Knuth
				6	indicates that 25 passes are reasonable.
				7
				8	With the current implementation, the first 24 MR-tests are substituted by a
				9	Baillie-PSW probable prime test.
				10
				11	This implementation the Baillie-PSW test was checked up to 19*2^46,
				12	for smaller values no MR-test is performed, regardless of reps, and
				13	2 ("surely prime") is returned if the number was not proved composite.
				14
				15	If GMP_BPSW_NOFALSEPOSITIVES_UPTO_64BITS is defined as non-zero,
				16	the code assumes that the Baillie-PSW test was checked up to 2^64.
				17
				18	THE FUNCTIONS IN THIS FILE ARE FOR INTERNAL USE ONLY. THEY'RE ALMOST
				19	CERTAIN TO BE SUBJECT TO INCOMPATIBLE CHANGES OR DISAPPEAR COMPLETELY IN
				20	FUTURE GNU MP RELEASES.
				21
				22	Copyright 1991, 1993, 1994, 1996-2002, 2005, 2014, 2018, 2019 Free
				23	Software Foundation, Inc.
				24
				25	Contributed by John Amanatides.
				26
				27	This file is part of the GNU MP Library.
				28
				29	The GNU MP Library is free software; you can redistribute it and/or modify
				30	it under the terms of either:
				31
				32	* the GNU Lesser General Public License as published by the Free
				33	Software Foundation; either version 3 of the License, or (at your
				34	option) any later version.
				35
				36	or
				37
				38	* the GNU General Public License as published by the Free Software
				39	Foundation; either version 2 of the License, or (at your option) any
				40	later version.
				41
				42	or both in parallel, as here.
				43
				44	The GNU MP Library is distributed in the hope that it will be useful, but
				45	WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
				46	or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
				47	for more details.
				48
				49	You should have received copies of the GNU General Public License and the
				50	GNU Lesser General Public License along with the GNU MP Library. If not,
				51	see https://www.gnu.org/licenses/. */
				52
				53	#include "gmp-impl.h"
				54
				55	#ifndef GMP_BPSW_NOFALSEPOSITIVES_UPTO_64BITS
				56	#define GMP_BPSW_NOFALSEPOSITIVES_UPTO_64BITS 0
				57	#endif
				58
				59	static int millerrabin (mpz_srcptr,
				60	mpz_ptr, mpz_ptr,
				61	mpz_srcptr, unsigned long int);
				62
				63	int
				64	mpz_millerrabin (mpz_srcptr n, int reps)
				65	{
				66	mpz_t nm, x, y, q;
				67	unsigned long int k;
				68	gmp_randstate_t rstate;
				69	int is_prime;
				70	TMP_DECL;
				71	TMP_MARK;
				72
				73	ASSERT (SIZ (n) > 0);
				74	MPZ_TMP_INIT (nm, SIZ (n) + 1);
				75	mpz_tdiv_q_2exp (nm, n, 1);
				76
				77	MPZ_TMP_INIT (x, SIZ (n) + 1);
				78	MPZ_TMP_INIT (y, 2 * SIZ (n)); /* mpz_powm_ui needs excessive memory!!! */
				79	MPZ_TMP_INIT (q, SIZ (n));
				80
				81	/* Find q and k, where q is odd and n = 1 + 2*k q. */
				82	k = mpz_scan1 (nm, 0L);
				83	mpz_tdiv_q_2exp (q, nm, k);
				84	++k;
				85
				86	/* BPSW test */
				87	mpz_set_ui (x, 2);
				88	is_prime = millerrabin (n, x, y, q, k) && mpz_stronglucas (n, x, y);
				89
				90	if (is_prime)
				91	{
				92	if (
				93	#if GMP_BPSW_NOFALSEPOSITIVES_UPTO_64BITS
				94	/* Consider numbers up to 2^64 that pass the BPSW test as primes. */
				95	#if GMP_NUMB_BITS <= 64
				96	SIZ (n) <= 64 / GMP_NUMB_BITS
				97	#else
				98	0
				99	#endif
				100	#if 64 % GMP_NUMB_BITS != 0
				101	\|\| SIZ (n) - 64 / GMP_NUMB_BITS == (PTR (n) [64 / GMP_NUMB_BITS] < CNST_LIMB(1) << 64 % GMP_NUMB_BITS)
				102	#endif
				103	#else
				104	/* Consider numbers up to 19*2^46 that pass the BPSW test as primes.
				105	This implementation was tested up to 192^46 = 2^50+2^47+2^46 /
				106	/* 2^4 < 19 = 0b10011 < 2^5 */
				107	#define GMP_BPSW_LIMB_CONST CNST_LIMB(19)
				108	#define GMP_BPSW_BITS_CONST (LOG2C(19) - 1)
				109	#define GMP_BPSW_BITS_LIMIT (46 + GMP_BPSW_BITS_CONST)
				110
				111	#define GMP_BPSW_LIMBS_LIMIT (GMP_BPSW_BITS_LIMIT / GMP_NUMB_BITS)
				112	#define GMP_BPSW_BITS_MOD (GMP_BPSW_BITS_LIMIT % GMP_NUMB_BITS)
				113
				114	#if GMP_NUMB_BITS <= GMP_BPSW_BITS_LIMIT
				115	SIZ (n) <= GMP_BPSW_LIMBS_LIMIT
				116	#else
				117	0
				118	#endif
				119	#if GMP_BPSW_BITS_MOD >= GMP_BPSW_BITS_CONST
				120	\|\| SIZ (n) - GMP_BPSW_LIMBS_LIMIT == (PTR (n) [GMP_BPSW_LIMBS_LIMIT] < GMP_BPSW_LIMB_CONST << (GMP_BPSW_BITS_MOD - GMP_BPSW_BITS_CONST))
				121	#else
				122	#if GMP_BPSW_BITS_MOD != 0
				123	\|\| SIZ (n) - GMP_BPSW_LIMBS_LIMIT == (PTR (n) [GMP_BPSW_LIMBS_LIMIT] < GMP_BPSW_LIMB_CONST >> (GMP_BPSW_BITS_CONST - GMP_BPSW_BITS_MOD))
				124	#else
				125	#if GMP_NUMB_BITS > GMP_BPSW_BITS_CONST
				126	\|\| SIZ (nm) - GMP_BPSW_LIMBS_LIMIT + 1 == (PTR (nm) [GMP_BPSW_LIMBS_LIMIT - 1] < GMP_BPSW_LIMB_CONST << (GMP_NUMB_BITS - 1 - GMP_BPSW_BITS_CONST))
				127	#endif
				128	#endif
				129	#endif
				130
				131	#undef GMP_BPSW_BITS_LIMIT
				132	#undef GMP_BPSW_LIMB_CONST
				133	#undef GMP_BPSW_BITS_CONST
				134	#undef GMP_BPSW_LIMBS_LIMIT
				135	#undef GMP_BPSW_BITS_MOD
				136
				137	#endif
				138	)
				139	is_prime = 2;
				140	else
				141	{
				142	reps -= 24;
				143	if (reps > 0)
				144	{
				145	/* (n-5)/2 */
				146	mpz_sub_ui (nm, nm, 2L);
				147	ASSERT (mpz_cmp_ui (nm, 1L) >= 0);
				148
				149	gmp_randinit_default (rstate);
				150
				151	do
				152	{
				153	/* 3 to (n-1)/2 inclusive, don't want 1, 0 or 2 */
				154	mpz_urandomm (x, rstate, nm);
				155	mpz_add_ui (x, x, 3L);
				156
				157	is_prime = millerrabin (n, x, y, q, k);
				158	} while (--reps > 0 && is_prime);
				159
				160	gmp_randclear (rstate);
				161	}
				162	}
				163	}
				164	TMP_FREE;
				165	return is_prime;
				166	}
				167
				168	static int
				169	mod_eq_m1 (mpz_srcptr x, mpz_srcptr m)
				170	{
				171	mp_size_t ms;
				172	mp_srcptr mp, xp;
				173
				174	ms = SIZ (m);
				175	if (SIZ (x) != ms)
				176	return 0;
				177	ASSERT (ms > 0);
				178
				179	mp = PTR (m);
				180	xp = PTR (x);
				181	ASSERT ((mp[0] - 1) == (mp[0] ^ 1)); /* n is odd */
				182
				183	if ((xp ^ CNST_LIMB(1) ^ mp) != CNST_LIMB(0)) /* xp[0] != mp[0] - 1 */
				184	return 0;
				185	else
				186	{
				187	int cmp;
				188
				189	--ms;
				190	++xp;
				191	++mp;
				192
				193	MPN_CMP (cmp, xp, mp, ms);
				194
				195	return cmp == 0;
				196	}
				197	}
				198
				199	static int
				200	millerrabin (mpz_srcptr n, mpz_ptr x, mpz_ptr y,
				201	mpz_srcptr q, unsigned long int k)
				202	{
				203	unsigned long int i;
				204
				205	mpz_powm (y, x, q, n);
				206
				207	if (mpz_cmp_ui (y, 1L) == 0 \|\| mod_eq_m1 (y, n))
				208	return 1;
				209
				210	for (i = 1; i < k; i++)
				211	{
				212	mpz_powm_ui (y, y, 2L, n);
				213	if (mod_eq_m1 (y, n))
				214	return 1;
				215	/* y == 1 means that the previous y was a non-trivial square root
				216	of 1 (mod n). y == 0 means that n is a power of the base.
				217	In either case, n is not prime. */
				218	if (mpz_cmp_ui (y, 1L) <= 0)
				219	return 0;
				220	}
				221	return 0;
				222	}