|
Packit |
5c3484 |
/* sqrmod_bnm1.c -- squaring mod B^n-1.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
Contributed to the GNU project by Niels Möller, Torbjorn Granlund and
|
|
Packit |
5c3484 |
Marco Bodrato.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
THE FUNCTIONS IN THIS FILE ARE INTERNAL WITH MUTABLE INTERFACES. IT IS ONLY
|
|
Packit |
5c3484 |
SAFE TO REACH THEM THROUGH DOCUMENTED INTERFACES. IN FACT, IT IS ALMOST
|
|
Packit |
5c3484 |
GUARANTEED THAT THEY WILL CHANGE OR DISAPPEAR IN A FUTURE GNU MP RELEASE.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
Copyright 2009, 2010, 2012 Free Software Foundation, Inc.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
This file is part of the GNU MP Library.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
The GNU MP Library is free software; you can redistribute it and/or modify
|
|
Packit |
5c3484 |
it under the terms of either:
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
* the GNU Lesser General Public License as published by the Free
|
|
Packit |
5c3484 |
Software Foundation; either version 3 of the License, or (at your
|
|
Packit |
5c3484 |
option) any later version.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
or
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
* the GNU General Public License as published by the Free Software
|
|
Packit |
5c3484 |
Foundation; either version 2 of the License, or (at your option) any
|
|
Packit |
5c3484 |
later version.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
or both in parallel, as here.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
The GNU MP Library is distributed in the hope that it will be useful, but
|
|
Packit |
5c3484 |
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
Packit |
5c3484 |
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
Packit |
5c3484 |
for more details.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
You should have received copies of the GNU General Public License and the
|
|
Packit |
5c3484 |
GNU Lesser General Public License along with the GNU MP Library. If not,
|
|
Packit |
5c3484 |
see https://www.gnu.org/licenses/. */
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
#include "gmp.h"
|
|
Packit |
5c3484 |
#include "gmp-impl.h"
|
|
Packit |
5c3484 |
#include "longlong.h"
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* Input is {ap,rn}; output is {rp,rn}, computation is
|
|
Packit |
5c3484 |
mod B^rn - 1, and values are semi-normalised; zero is represented
|
|
Packit |
5c3484 |
as either 0 or B^n - 1. Needs a scratch of 2rn limbs at tp.
|
|
Packit |
5c3484 |
tp==rp is allowed. */
|
|
Packit |
5c3484 |
static void
|
|
Packit |
5c3484 |
mpn_bc_sqrmod_bnm1 (mp_ptr rp, mp_srcptr ap, mp_size_t rn, mp_ptr tp)
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mp_limb_t cy;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
ASSERT (0 < rn);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
mpn_sqr (tp, ap, rn);
|
|
Packit |
5c3484 |
cy = mpn_add_n (rp, tp, tp + rn, rn);
|
|
Packit |
5c3484 |
/* If cy == 1, then the value of rp is at most B^rn - 2, so there can
|
|
Packit |
5c3484 |
* be no overflow when adding in the carry. */
|
|
Packit |
5c3484 |
MPN_INCR_U (rp, rn, cy);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* Input is {ap,rn+1}; output is {rp,rn+1}, in
|
|
Packit |
5c3484 |
semi-normalised representation, computation is mod B^rn + 1. Needs
|
|
Packit |
5c3484 |
a scratch area of 2rn + 2 limbs at tp; tp == rp is allowed.
|
|
Packit |
5c3484 |
Output is normalised. */
|
|
Packit |
5c3484 |
static void
|
|
Packit |
5c3484 |
mpn_bc_sqrmod_bnp1 (mp_ptr rp, mp_srcptr ap, mp_size_t rn, mp_ptr tp)
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mp_limb_t cy;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
ASSERT (0 < rn);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
mpn_sqr (tp, ap, rn + 1);
|
|
Packit |
5c3484 |
ASSERT (tp[2*rn+1] == 0);
|
|
Packit |
5c3484 |
ASSERT (tp[2*rn] < GMP_NUMB_MAX);
|
|
Packit |
5c3484 |
cy = tp[2*rn] + mpn_sub_n (rp, tp, tp+rn, rn);
|
|
Packit |
5c3484 |
rp[rn] = 0;
|
|
Packit |
5c3484 |
MPN_INCR_U (rp, rn+1, cy );
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* Computes {rp,MIN(rn,2an)} <- {ap,an}^2 Mod(B^rn-1)
|
|
Packit |
5c3484 |
*
|
|
Packit |
5c3484 |
* The result is expected to be ZERO if and only if the operand
|
|
Packit |
5c3484 |
* already is. Otherwise the class [0] Mod(B^rn-1) is represented by
|
|
Packit |
5c3484 |
* B^rn-1.
|
|
Packit |
5c3484 |
* It should not be a problem if sqrmod_bnm1 is used to
|
|
Packit |
5c3484 |
* compute the full square with an <= 2*rn, because this condition
|
|
Packit |
5c3484 |
* implies (B^an-1)^2 < (B^rn-1) .
|
|
Packit |
5c3484 |
*
|
|
Packit |
5c3484 |
* Requires rn/4 < an <= rn
|
|
Packit |
5c3484 |
* Scratch need: rn/2 + (need for recursive call OR rn + 3). This gives
|
|
Packit |
5c3484 |
*
|
|
Packit |
5c3484 |
* S(n) <= rn/2 + MAX (rn + 4, S(n/2)) <= 3/2 rn + 4
|
|
Packit |
5c3484 |
*/
|
|
Packit |
5c3484 |
void
|
|
Packit |
5c3484 |
mpn_sqrmod_bnm1 (mp_ptr rp, mp_size_t rn, mp_srcptr ap, mp_size_t an, mp_ptr tp)
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
ASSERT (0 < an);
|
|
Packit |
5c3484 |
ASSERT (an <= rn);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
if ((rn & 1) != 0 || BELOW_THRESHOLD (rn, SQRMOD_BNM1_THRESHOLD))
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
if (UNLIKELY (an < rn))
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
if (UNLIKELY (2*an <= rn))
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mpn_sqr (rp, ap, an);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mp_limb_t cy;
|
|
Packit |
5c3484 |
mpn_sqr (tp, ap, an);
|
|
Packit |
5c3484 |
cy = mpn_add (rp, tp, rn, tp + rn, 2*an - rn);
|
|
Packit |
5c3484 |
MPN_INCR_U (rp, rn, cy);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
mpn_bc_sqrmod_bnm1 (rp, ap, rn, tp);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mp_size_t n;
|
|
Packit |
5c3484 |
mp_limb_t cy;
|
|
Packit |
5c3484 |
mp_limb_t hi;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
n = rn >> 1;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
ASSERT (2*an > n);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* Compute xm = a^2 mod (B^n - 1), xp = a^2 mod (B^n + 1)
|
|
Packit |
5c3484 |
and crt together as
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
x = -xp * B^n + (B^n + 1) * [ (xp + xm)/2 mod (B^n-1)]
|
|
Packit |
5c3484 |
*/
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
#define a0 ap
|
|
Packit |
5c3484 |
#define a1 (ap + n)
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
#define xp tp /* 2n + 2 */
|
|
Packit |
5c3484 |
/* am1 maybe in {xp, n} */
|
|
Packit |
5c3484 |
#define sp1 (tp + 2*n + 2)
|
|
Packit |
5c3484 |
/* ap1 maybe in {sp1, n + 1} */
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mp_srcptr am1;
|
|
Packit |
5c3484 |
mp_size_t anm;
|
|
Packit |
5c3484 |
mp_ptr so;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
if (LIKELY (an > n))
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
so = xp + n;
|
|
Packit |
5c3484 |
am1 = xp;
|
|
Packit |
5c3484 |
cy = mpn_add (xp, a0, n, a1, an - n);
|
|
Packit |
5c3484 |
MPN_INCR_U (xp, n, cy);
|
|
Packit |
5c3484 |
anm = n;
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
so = xp;
|
|
Packit |
5c3484 |
am1 = a0;
|
|
Packit |
5c3484 |
anm = an;
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
mpn_sqrmod_bnm1 (rp, n, am1, anm, so);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
int k;
|
|
Packit |
5c3484 |
mp_srcptr ap1;
|
|
Packit |
5c3484 |
mp_size_t anp;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
if (LIKELY (an > n)) {
|
|
Packit |
5c3484 |
ap1 = sp1;
|
|
Packit |
5c3484 |
cy = mpn_sub (sp1, a0, n, a1, an - n);
|
|
Packit |
5c3484 |
sp1[n] = 0;
|
|
Packit |
5c3484 |
MPN_INCR_U (sp1, n + 1, cy);
|
|
Packit |
5c3484 |
anp = n + ap1[n];
|
|
Packit |
5c3484 |
} else {
|
|
Packit |
5c3484 |
ap1 = a0;
|
|
Packit |
5c3484 |
anp = an;
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
if (BELOW_THRESHOLD (n, MUL_FFT_MODF_THRESHOLD))
|
|
Packit |
5c3484 |
k=0;
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
int mask;
|
|
Packit |
5c3484 |
k = mpn_fft_best_k (n, 1);
|
|
Packit |
5c3484 |
mask = (1<
|
|
Packit |
5c3484 |
while (n & mask) {k--; mask >>=1;};
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
if (k >= FFT_FIRST_K)
|
|
Packit |
5c3484 |
xp[n] = mpn_mul_fft (xp, n, ap1, anp, ap1, anp, k);
|
|
Packit |
5c3484 |
else if (UNLIKELY (ap1 == a0))
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
ASSERT (anp <= n);
|
|
Packit |
5c3484 |
ASSERT (2*anp > n);
|
|
Packit |
5c3484 |
mpn_sqr (xp, a0, an);
|
|
Packit |
5c3484 |
anp = 2*an - n;
|
|
Packit |
5c3484 |
cy = mpn_sub (xp, xp, n, xp + n, anp);
|
|
Packit |
5c3484 |
xp[n] = 0;
|
|
Packit |
5c3484 |
MPN_INCR_U (xp, n+1, cy);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
mpn_bc_sqrmod_bnp1 (xp, ap1, n, xp);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* Here the CRT recomposition begins.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
xm <- (xp + xm)/2 = (xp + xm)B^n/2 mod (B^n-1)
|
|
Packit |
5c3484 |
Division by 2 is a bitwise rotation.
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
Assumes xp normalised mod (B^n+1).
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
The residue class [0] is represented by [B^n-1]; except when
|
|
Packit |
5c3484 |
both input are ZERO.
|
|
Packit |
5c3484 |
*/
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
#if HAVE_NATIVE_mpn_rsh1add_n || HAVE_NATIVE_mpn_rsh1add_nc
|
|
Packit |
5c3484 |
#if HAVE_NATIVE_mpn_rsh1add_nc
|
|
Packit |
5c3484 |
cy = mpn_rsh1add_nc(rp, rp, xp, n, xp[n]); /* B^n = 1 */
|
|
Packit |
5c3484 |
hi = cy << (GMP_NUMB_BITS - 1);
|
|
Packit |
5c3484 |
cy = 0;
|
|
Packit |
5c3484 |
/* next update of rp[n-1] will set cy = 1 only if rp[n-1]+=hi
|
|
Packit |
5c3484 |
overflows, i.e. a further increment will not overflow again. */
|
|
Packit |
5c3484 |
#else /* ! _nc */
|
|
Packit |
5c3484 |
cy = xp[n] + mpn_rsh1add_n(rp, rp, xp, n); /* B^n = 1 */
|
|
Packit |
5c3484 |
hi = (cy<<(GMP_NUMB_BITS-1))&GMP_NUMB_MASK; /* (cy&1) << ... */
|
|
Packit |
5c3484 |
cy >>= 1;
|
|
Packit |
5c3484 |
/* cy = 1 only if xp[n] = 1 i.e. {xp,n} = ZERO, this implies that
|
|
Packit |
5c3484 |
the rsh1add was a simple rshift: the top bit is 0. cy=1 => hi=0. */
|
|
Packit |
5c3484 |
#endif
|
|
Packit |
5c3484 |
#if GMP_NAIL_BITS == 0
|
|
Packit |
5c3484 |
add_ssaaaa(cy, rp[n-1], cy, rp[n-1], CNST_LIMB(0), hi);
|
|
Packit |
5c3484 |
#else
|
|
Packit |
5c3484 |
cy += (hi & rp[n-1]) >> (GMP_NUMB_BITS-1);
|
|
Packit |
5c3484 |
rp[n-1] ^= hi;
|
|
Packit |
5c3484 |
#endif
|
|
Packit |
5c3484 |
#else /* ! HAVE_NATIVE_mpn_rsh1add_n */
|
|
Packit |
5c3484 |
#if HAVE_NATIVE_mpn_add_nc
|
|
Packit |
5c3484 |
cy = mpn_add_nc(rp, rp, xp, n, xp[n]);
|
|
Packit |
5c3484 |
#else /* ! _nc */
|
|
Packit |
5c3484 |
cy = xp[n] + mpn_add_n(rp, rp, xp, n); /* xp[n] == 1 implies {xp,n} == ZERO */
|
|
Packit |
5c3484 |
#endif
|
|
Packit |
5c3484 |
cy += (rp[0]&1;;
|
|
Packit |
5c3484 |
mpn_rshift(rp, rp, n, 1);
|
|
Packit |
5c3484 |
ASSERT (cy <= 2);
|
|
Packit |
5c3484 |
hi = (cy<<(GMP_NUMB_BITS-1))&GMP_NUMB_MASK; /* (cy&1) << ... */
|
|
Packit |
5c3484 |
cy >>= 1;
|
|
Packit |
5c3484 |
/* We can have cy != 0 only if hi = 0... */
|
|
Packit |
5c3484 |
ASSERT ((rp[n-1] & GMP_NUMB_HIGHBIT) == 0);
|
|
Packit |
5c3484 |
rp[n-1] |= hi;
|
|
Packit |
5c3484 |
/* ... rp[n-1] + cy can not overflow, the following INCR is correct. */
|
|
Packit |
5c3484 |
#endif
|
|
Packit |
5c3484 |
ASSERT (cy <= 1);
|
|
Packit |
5c3484 |
/* Next increment can not overflow, read the previous comments about cy. */
|
|
Packit |
5c3484 |
ASSERT ((cy == 0) || ((rp[n-1] & GMP_NUMB_HIGHBIT) == 0));
|
|
Packit |
5c3484 |
MPN_INCR_U(rp, n, cy);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* Compute the highest half:
|
|
Packit |
5c3484 |
([(xp + xm)/2 mod (B^n-1)] - xp ) * B^n
|
|
Packit |
5c3484 |
*/
|
|
Packit |
5c3484 |
if (UNLIKELY (2*an < rn))
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
/* Note that in this case, the only way the result can equal
|
|
Packit |
5c3484 |
zero mod B^{rn} - 1 is if the input is zero, and
|
|
Packit |
5c3484 |
then the output of both the recursive calls and this CRT
|
|
Packit |
5c3484 |
reconstruction is zero, not B^{rn} - 1. */
|
|
Packit |
5c3484 |
cy = mpn_sub_n (rp + n, rp, xp, 2*an - n);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
/* FIXME: This subtraction of the high parts is not really
|
|
Packit |
5c3484 |
necessary, we do it to get the carry out, and for sanity
|
|
Packit |
5c3484 |
checking. */
|
|
Packit |
5c3484 |
cy = xp[n] + mpn_sub_nc (xp + 2*an - n, rp + 2*an - n,
|
|
Packit |
5c3484 |
xp + 2*an - n, rn - 2*an, cy);
|
|
Packit |
5c3484 |
ASSERT (mpn_zero_p (xp + 2*an - n+1, rn - 1 - 2*an));
|
|
Packit |
5c3484 |
cy = mpn_sub_1 (rp, rp, 2*an, cy);
|
|
Packit |
5c3484 |
ASSERT (cy == (xp + 2*an - n)[0]);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
else
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
cy = xp[n] + mpn_sub_n (rp + n, rp, xp, n);
|
|
Packit |
5c3484 |
/* cy = 1 only if {xp,n+1} is not ZERO, i.e. {rp,n} is not ZERO.
|
|
Packit |
5c3484 |
DECR will affect _at most_ the lowest n limbs. */
|
|
Packit |
5c3484 |
MPN_DECR_U (rp, 2*n, cy);
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
#undef a0
|
|
Packit |
5c3484 |
#undef a1
|
|
Packit |
5c3484 |
#undef xp
|
|
Packit |
5c3484 |
#undef sp1
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
}
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
mp_size_t
|
|
Packit |
5c3484 |
mpn_sqrmod_bnm1_next_size (mp_size_t n)
|
|
Packit |
5c3484 |
{
|
|
Packit |
5c3484 |
mp_size_t nh;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
if (BELOW_THRESHOLD (n, SQRMOD_BNM1_THRESHOLD))
|
|
Packit |
5c3484 |
return n;
|
|
Packit |
5c3484 |
if (BELOW_THRESHOLD (n, 4 * (SQRMOD_BNM1_THRESHOLD - 1) + 1))
|
|
Packit |
5c3484 |
return (n + (2-1)) & (-2);
|
|
Packit |
5c3484 |
if (BELOW_THRESHOLD (n, 8 * (SQRMOD_BNM1_THRESHOLD - 1) + 1))
|
|
Packit |
5c3484 |
return (n + (4-1)) & (-4);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
nh = (n + 1) >> 1;
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
if (BELOW_THRESHOLD (nh, SQR_FFT_MODF_THRESHOLD))
|
|
Packit |
5c3484 |
return (n + (8-1)) & (-8);
|
|
Packit |
5c3484 |
|
|
Packit |
5c3484 |
return 2 * mpn_fft_next_size (nh, mpn_fft_best_k (nh, 1));
|
|
Packit |
5c3484 |
}
|