3 * $Id: limlee.c,v 1.3 2000/07/29 09:58:32 mdw Exp $
5 * Generate Lim-Lee primes
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.3 2000/07/29 09:58:32 mdw
34 * (limlee): Bug fix. Old versions didn't set the filter step if @ql@ was
35 * an exact divisor of @pl@.
37 * Revision 1.2 2000/07/26 18:00:00 mdw
40 * Revision 1.1 2000/07/09 21:30:58 mdw
41 * Lim-Lee prime generation.
45 /*----- Header files ------------------------------------------------------*/
47 #include <mLib/alloc.h>
48 #include <mLib/dstr.h>
54 #include "primorial.h"
57 /*----- Main code ---------------------------------------------------------*/
61 * Arguments: @const char *name@ = pointer to name root
62 * @mp *d@ = pointer to destination integer
63 * @mp *newp@ = how to generate factor primes
64 * @unsigned ql@ = size of individual factors
65 * @unsigned pl@ = size of large prime
66 * @grand *r@ = a random number source
67 * @unsigned on@ = number of outer attempts to make
68 * @pgen_proc *oev@ = outer event handler function
69 * @void *oec@ = argument for the outer event handler
70 * @pgen_proc *iev@ = inner event handler function
71 * @void *iec@ = argument for the inner event handler
72 * @size_t *nf@, @mp ***f@ = output array for factors
74 * Returns: A Lim-Lee prime, or null if generation failed.
76 * Use: Generates Lim-Lee primes. A Lim-Lee prime %$p$% is one which
77 * satisfies %$p = 2 \prod_i q_i + 1$%, where all of the %$q_i$%
78 * are large enough to resist square-root discrete log
81 * If we succeed, and @f@ is non-null, we write the array of
82 * factors chosen to @f@ for the benefit of the caller.
85 static void comb_init(octet *c, unsigned n, unsigned r)
88 memset(c + (n - r), 1, r);
91 static int comb_next(octet *c, unsigned n, unsigned r)
95 /* --- How the algorithm works --- *
97 * Set bits start at the end and work their way towards the start.
98 * Excepting bits already at the start, we scan for the lowest set bit, and
99 * move it one place nearer the start. A group of bits at the start are
100 * counted and reset just below the `moved' bit. If there is no moved bit
104 /* --- Count the group at the start --- */
113 /* --- Move the next bit down one --- *
115 * There must be one, because otherwise we'd have counted %$r$% bits
128 mp *limlee(const char *name, mp *d, mp *newp,
129 unsigned ql, unsigned pl, grand *r,
130 unsigned on, pgen_proc *oev, void *oec,
131 pgen_proc *iev, void *iec,
142 unsigned long seq = 0;
148 /* --- First of all, decide on a number of factors to make --- */
154 else if (qql && nn > 1) {
159 /* --- Now decide on how many primes I'll actually generate --- *
161 * The formula %$m = \max(3 n + 5, 25)$% comes from GPG's prime generation
169 /* --- Now allocate the working memory --- */
172 v = xmalloc(mm * sizeof(mp *));
175 /* --- Initialize everything and try to find a prime --- */
180 ev.tests = ntest = rabin_iters(pl);
183 if (oev && oev(PGEN_BEGIN, &ev, oec) == PGEN_ABORT)
188 dstr_putf(&dn, "%s [+]", name);
189 qq = mprand(d, qql, r, 1);
190 qq = pgen(dn.buf, qq, qq, iev, iec,
191 0, pgen_filter, &pf, rabin_iters(qql), pgen_test, &rb);
195 comb_init(c, mm, nn);
196 for (i = 0; i < mm; i++)
199 /* --- The main combinations loop --- */
202 mpmul mmul = MPMUL_INIT;
204 /* --- Multiply a bunch of primes together --- */
207 mpmul_add(&mmul, qq);
209 for (i = 0; i < mm; i++) {
216 dstr_putf(&dn, "%s [%lu] = ", name, seq++);
217 z = mprand(newp, ql, ev.r, 1);
218 z = pgen(dn.buf, z, z, iev, iec,
219 0, pgen_filter, &pf, rabin_iters(ql), pgen_test, &rb);
222 mpmul_add(&mmul, v[i]);
225 /* --- Now do some testing --- */
228 mp *p = mpmul_done(&mmul);
232 /* --- Check for small factors --- */
235 p = mp_add(p, p, MP_ONE);
236 mp_gcd(&g, 0, 0, p, primorial);
237 if (MP_CMP(g, !=, MP_ONE)) {
244 /* --- Send an event out --- */
247 if (oev && oev(PGEN_TRY, &ev, oec) == PGEN_ABORT) {
252 /* --- Do the Rabin testing --- */
254 rabin_create(&rb, p);
257 g = mprand_range(g, p, ev.r, 1);
258 rc = rabin_test(&rb, g);
259 if (rc == PGEN_PASS) {
264 if (oev &&oev(rc, &ev, oec) == PGEN_ABORT)
266 } while (rc == PGEN_PASS);
274 if (rc == PGEN_ABORT)
281 } while (comb_next(c, mm, nn));
283 /* --- That failed --- */
289 oev(PGEN_ABORT, &ev, &oec);
294 for (i = 0; i < mm; i++)
298 /* --- We did it! --- */
306 *f = vv = xmalloc(nn * sizeof(mp *));
309 for (i = 0; i < mm; i++) {
327 /* --- We blew it --- */
330 for (i = 0; i < mm; i++)
340 /*----- That's all, folks -------------------------------------------------*/