3 * $Id: mpmont-mexp.c,v 1.4 2000/06/17 11:45:09 mdw Exp $
5 * Multiple simultaneous exponentiations
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
32 * $Log: mpmont-mexp.c,v $
33 * Revision 1.4 2000/06/17 11:45:09 mdw
34 * Major memory management overhaul. Added arena support. Use the secure
35 * arena for secret integers. Replace and improve the MP management macros
36 * (e.g., replace MP_MODIFY by MP_DEST).
38 * Revision 1.3 1999/12/10 23:18:39 mdw
39 * Change interface for suggested destinations.
41 * Revision 1.2 1999/11/21 11:35:10 mdw
42 * Performance improvement: use @mp_sqr@ and @mpmont_reduce@ instead of
43 * @mpmont_mul@ for squaring in exponentiation.
45 * Revision 1.1 1999/11/19 13:19:29 mdw
46 * Simultaneous exponentiation support.
50 /*----- Header files ------------------------------------------------------*/
55 /*----- Main code ---------------------------------------------------------*/
57 /* --- @mpmont_mexpr@ --- *
59 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
60 * @mp *d@ = fake destination
61 * @mpmont_factor *f@ = pointer to array of factors
62 * @size_t n@ = number of factors supplied
64 * Returns: If the bases are %$g_0, g_1, \ldots, g_{n-1}$% and the
65 * exponents are %$e_0, e_1, \ldots, e_{n-1}$% then the result
68 * %$g_0^{e_0} g_1^{e_1} \ldots g_{n-1}^{e_{n-1}} R \bmod m$%
76 mp *mpmont_mexpr(mpmont *mm, mp *d, mpmont_factor *f, size_t n)
79 mp **v = xmalloc(vn * sizeof(mp *));
83 mp *a = MP_COPY(mm->r);
86 /* --- Perform the precomputation --- */
92 /* --- Fill in the rest of the array --- *
94 * Zero never gets used.
99 for (i = 1; i < vn; i++) {
101 /* --- Check for a new bit entering --- *
103 * If a bit gets set that wasn't set before, then all the lower bits
104 * are zeroes and I've got to introduce a new base into the array.
107 if ((i & mask) == 0) {
108 v[i] = mpmont_mul(mm, MP_NEW, f[j++].base, mm->r2);
112 /* --- Otherwise I can get away with a single multiplication --- *
114 * In particular, if %$i$% has more than one bit set, then I only need
115 * to calculate %$v_i = v_{\mathit{mask}} v_{i - \mathit{mask}}$%.
116 * Since both are less than %$i$%, they must have already been
121 v[i] = mpmont_mul(mm, MP_NEW, v[mask], v[i & ~mask]);
125 /* --- Set up the bitscanners --- *
127 * I must scan the exponents from left to right, which is a shame. It
128 * means that I can't use the standard @mpscan@ stuff, in particular.
130 * If any of the exponents are considered secret then make the accumulator
131 * automatically set the secret bit.
137 s = xmalloc(n * sizeof(scan));
139 for (i = 0; i < n; i++) {
140 s[i].len = MP_LEN(f[i].exp);
143 if (f[i].exp->f & MP_BURN)
149 /* --- Now do the actual calculation --- */
157 /* --- If no more bits, get some more --- */
166 /* --- Work out the next index --- */
170 for (i = 0; i < n; i++) {
172 j |= (((f[i].exp->v[o] >> b) & 1) << i);
175 /* --- Accumulate the result --- */
178 dd = mp_sqr(spare, a);
179 dd = mpmont_reduce(mm, dd, dd);
185 dd = mpmont_mul(mm, spare, a, v[j]);
191 /* --- Tidy up afterwards --- */
195 for (i = 1; i < vn; i++)
209 /* --- @mpmont_mexp@ --- *
211 * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
212 * @mp *d@ = fake destination
213 * @mpmont_factor *f@ = pointer to array of factors
214 * @size_t n@ = number of factors supplied
216 * Returns: Product of bases raised to exponents, all mod @m@.
218 * Use: Convenient interface over @mpmont_mexpr@.
221 mp *mpmont_mexp(mpmont *mm, mp *d, mpmont_factor *f, size_t n)
223 d = mpmont_mexpr(mm, d, f, n);
224 d = mpmont_reduce(mm, d, d);
228 /*----- Test rig ----------------------------------------------------------*/
232 #include <mLib/testrig.h>
234 static int verify(size_t n, dstr *v)
236 mp *m = *(mp **)v[0].buf;
237 mpmont_factor *f = xmalloc(n * sizeof(*f));
244 for (i = 0; i < n; i++) {
245 f[i].base = *(mp **)v[j++].buf;
246 f[i].exp = *(mp **)v[j++].buf;
249 rr = *(mp **)v[j].buf;
250 mpmont_create(&mm, m);
251 r = mpmont_mexp(&mm, MP_NEW, f, n);
252 if (MP_CMP(r, !=, rr)) {
253 fputs("\n*** mexp failed\n", stderr);
254 fputs("m = ", stderr); mp_writefile(m, stderr, 10);
255 for (i = 0; i < n; i++) {
256 fprintf(stderr, "\ng_%u = ", i);
257 mp_writefile(f[i].base, stderr, 10);
258 fprintf(stderr, "\ne_%u = ", i);
259 mp_writefile(f[i].exp, stderr, 10);
261 fputs("\nr = ", stderr); mp_writefile(r, stderr, 10);
262 fputs("\nR = ", stderr); mp_writefile(rr, stderr, 10);
267 for (i = 0; i < n; i++) {
275 assert(mparena_count(MPARENA_GLOBAL) == 0);
279 static int t1(dstr *v) { return verify(1, v); }
280 static int t2(dstr *v) { return verify(2, v); }
281 static int t3(dstr *v) { return verify(3, v); }
282 static int t4(dstr *v) { return verify(4, v); }
283 static int t5(dstr *v) { return verify(5, v); }
285 static test_chunk tests[] = {
286 { "mexp-1", t1, { &type_mp,
289 { "mexp-2", t2, { &type_mp,
293 { "mexp-3", t3, { &type_mp,
298 { "mexp-4", t4, { &type_mp,
304 { "mexp-5", t5, { &type_mp,
314 int main(int argc, char *argv[])
317 test_run(argc, argv, tests, SRCDIR "/tests/mpmont");
323 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob