rand/rand-x86ish.S: Hoist argument register allocation outside.

[catacomb] / math / pgen-granfrob.c

/* -*-c-*-
 *
 * Grantham's Frobenius primality test
 *
 * (c) 2018 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software: you can redistribute it and/or modify it
 * under the terms of the GNU Library General Public License as published
 * by the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb.  If not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 * USA.
 */

/*----- Header files ------------------------------------------------------*/

#include "mp.h"
#include "mpmont.h"
#include "mpscan.h"
#include "pgen.h"

#include "mptext.h"

/*----- Main code ---------------------------------------------------------*/

static int squarep(mp *n)
{
  mp *t = MP_NEW;
  int rc;

  if (MP_NEGP(n)) return (0);
  t = mp_sqrt(t, n); t = mp_sqr(t, t);
  rc = MP_EQ(t, n); mp_drop(t); return (rc);
}

/* --- @pgen_granfrob@ --- *
 *
 * Arguments:   @mp *n@ = an integer to test
 *              @int a, b@ = coefficients; if @a@ is zero then choose
 *                      automatically
 *
 * Returns:     One of the @PGEN_...@ codes.
 *
 * Use:         Performs a quadratic version of Grantham's Frobenius
 *              primality test, which is a simple extension of the standard
 *              Lucas test.
 *
 *              If %$a^2 - 4 b$% is a perfect square then the test can't
 *              work; this function returns @PGEN_ABORT@ under these
 *              circumstances.
 */

int pgen_granfrob(mp *n, int a, int b)
{
  mp *v = MP_NEW, *w = MP_NEW, *aa = MP_NEW, *bb = MP_NEW, *bi = MP_NEW,
    *k = MP_NEW, *x = MP_NEW, *y = MP_NEW, *z = MP_NEW, *t, *u;
  mp ma; mpw wa;
  mp mb; mpw wb;
  mp md; mpw wd; int d;
  mpmont mm;
  mpscan msc;
  int e, bit, rc;

  /* Maybe this is a no-hoper. */
  if (MP_NEGP(n)) return (PGEN_FAIL);
  if (MP_EQ(n, MP_TWO)) return (PGEN_DONE);
  if (!MP_ODDP(n)) return (PGEN_FAIL);

  /* First, build the parameters as large integers. */
  mp_build(&ma, &wa, &wa + 1); mp_build(&mb, &wb, &wb + 1);
  mp_build(&md, &wd, &wd + 1);
  mpmont_create(&mm, n);

  /* Prepare the Lucas sequence parameters.  Here, %$\Delta$% is the
   * disciminant of the polynomial %$p(x) = x^2 - a x + b$%, i.e.,
   * %$\Delta = a^2 - 4 b$%.
   */
  if (a) {
    /* Explicit parameters.  Just set them and check that they'll work. */

    if (a >= 0) wa = a; else { wa = -a; ma.f |= MP_NEG; }
    if (b >= 0) wb = b; else { wb = -b; mb.f |= MP_NEG; }
    d = a*a - 4*b;
    if (d >= 0) wd = d; else { wd = -d; md.f |= MP_NEG; }

    /* Determine the quadratic character of %$\Delta$%.  If %$(\Delta | n)$%
     * is zero then we'll have a problem, but we'll catch that case with the
     * GCD check below.
     */
    e = mp_jacobi(&md, n);

    /* If %$\Delta$% is a perfect square then the test can't work. */
    if (e == 1 && squarep(&md)) { rc = PGEN_ABORT; goto end; }
  } else {
    /* Determine parameters.  Use Selfridge's `Method A': choose the first
     * %$\Delta$% from the sequence %$5$%, %$-7$%, %%\dots%%, such that
     * %$(\Delta | n) = -1$%.
     */

    wa = 1; wd = 5;
    for (;;) {
      e = mp_jacobi(&md, n); if (e != +1) break;
      if (wd == 25 && squarep(n)) { rc = PGEN_FAIL; goto end; }
      wd += 2; md.f ^= MP_NEG;
    }
    a = 1; d = wd;
    if (md.f&MP_NEG) { wb = (wd + 1)/4; d = -d; }
    else { wb = (wd - 1)/4; mb.f |= MP_NEG; }
    b = (1 - d)/4;
  }

  /* The test won't work if %$\gcd(2 a b \Delta, n) \ne 1$%. */
  x = mp_lsl(x, &ma, 1); x = mp_mul(x, x, &mb); x = mp_mul(x, x, &md);
  mp_gcd(&y, 0, 0, x, n);
  if (!MP_EQ(y, MP_ONE))
    { rc = MP_EQ(y, n) ? PGEN_ABORT : PGEN_FAIL; goto end; }

  /* Now we use binary a Lucas chain to evaluate %$V_{n-e}(a, b) \pmod{n}$%.
   * Here,
   *
   *   * %$U_{i+1}(a, b) = a U_i(a, b) - b U_{i-1}(a, b)$%, and
   *   * %$V_{i+1}(a, b) = a V_i(a, b) - b V_{i-1}(a, b)$%; with
   *   * %$U_0(a, b) = 0$%, $%U_1(a, b) = 1$%, %$V_0(a, b) = 2$%, and
   *     %$V_1(a, b) = a$%.
   *
   * To compute this, we use the handy identities
   *
   *    %$V_{i+j}(a, b) = V_i(a, b) V_j(a, b) - b^i V_{j-i}(a, b)$%
   *
   * and
   *
   *    %$U_i(a, b) = (2 V_{i+1}(a, b) - a V_i(a, b))/\Delta$%.
   *
   * Let %$k = n - e$%.  Given %$V_i(a, b)$% and %$V_{i+1}(a, b)$%, we can
   * determine either %$V_{2i}(a, b)$% and %$V_{2i+1}(a, b)$%, or
   * %$V_{2i+1}(a, b)$% and %$V_{2i+2}(a, b)$%.
   *
   * To do this, suppose that %$n < 2^\ell$% and %$0 \le i \le \ell%; we'll
   * start with %$i = 0$%.  Divide %$n = n_i 2^{\ell-i} + n'_i$% with
   * %$n'_i < 2^{\ell-i}$%.  To do this, we maintain %$v_i = V_{n_i}(a, b)$%,
   * %$w_i = V_{n_i+1}(a, b)$%, and %$b_i = b^{n_i}$%, all modulo %$n$%.  If
   * %$n'_i < 2^{\ell-i-1}$% then we have %$n'_{i+1} = n'_i$% and
   * %$n_{i+i} = 2 n_i$%; otherwise %$n'_{i+1} = n'_i - 2^{\ell-i-1}$% and
   * %$n_{i+i} = 2 n_i + 1$%.
   */
  k = mp_add(k, n, e > 0 ? MP_MONE : MP_ONE);
  aa = mpmont_mul(&mm, aa, &ma, mm.r2);
  bb = mpmont_mul(&mm, bb, &mb, mm.r2); bi = MP_COPY(mm.r);
  v = mpmont_mul(&mm, v, MP_TWO, mm.r2); w = MP_COPY(aa);

  for (mpscan_rinitx(&msc, k->v, k->vl); mpscan_rstep(&msc); ) {
    bit = mpscan_rbit(&msc);

    /* We will want %$x = V_{n_i+1}(a, b) = V_{n_i} V_{n_i+1} - a b^{n_i}$%,
     * but we don't yet know whether this is %$v_{i+1}$% or %$w_{i+1}$%.
     */
    x = mpmont_mul(&mm, x, v, w);
    if (a == 1) x = mp_sub(x, x, bi);
    else { y = mpmont_mul(&mm, y, aa, bi); x = mp_sub(x, x, y); }
    if (MP_NEGP(x)) x = mp_add(x, x, n);

    if (!bit) {
      /* We're in the former case: %$n_{i+i} = 2 n_i$%.  So %$w_{i+1} = x$%,
       * %$v_{i+1} = (v_i^2 - 2 b_i$%, and %$b_{i+1} = b_i^2$%.
       */

      y = mp_sqr(y, v); y = mpmont_reduce(&mm, y, y);
      y = mp_sub(y, y, bi); if (MP_NEGP(y)) y = mp_add(y, y, n);
      y = mp_sub(y, y, bi); if (MP_NEGP(y)) y = mp_add(y, y, n);
      bi = mp_sqr(bi, bi); bi = mpmont_reduce(&mm, bi, bi);
      t = v; u = w; v = y; w = x; x = t; y = u;
    } else {
      /* We're in the former case: %$n_{i+i} = 2 n_i + 1$%.  So
       * %$v_{i+1} = x$%, %$w_{i+1} = w_i^2 - 2 b b^i$%$%, and
       * %$b_{i+1} = b b_i^2$%.
       */

      y = mp_sqr(y, w); y = mpmont_reduce(&mm, y, y);
      z = mpmont_mul(&mm, z, bi, bb);
      y = mp_sub(y, y, z); if (MP_NEGP(y)) y = mp_add(y, y, n);
      y = mp_sub(y, y, z); if (MP_NEGP(y)) y = mp_add(y, y, n);
      bi = mpmont_mul(&mm, bi, bi, z);
      t = v; u = w; v = x; w = y; x = t; y = u;
    }
  }

  /* The Lucas test is that %$U_k(a, b) \equiv 0 \pmod{n}$% if %$n$% is
   * prime.  I'm assured that
   *
   *    %$U_k(a, b) = (2 V_{k+1}(a, b) - a V_k(a, b))/\Delta$%
   *
   * so this is just a matter of checking that %$2 w - a v \equiv 0$%.
   */
  x = mp_add(x, w, w); y = mp_sub(y, x, n);
  if (!MP_NEGP(y)) { t = x; x = y; y = t; }
  if (a == 1) x = mp_sub(x, x, v);
  else { y = mpmont_mul(&mm, y, v, aa); x = mp_sub(x, x, y); }
  if (MP_NEGP(x)) x = mp_add(x, x, n);
  if (!MP_ZEROP(x)) { rc = PGEN_FAIL; goto end; }

  /* Grantham's Frobenius test is that, also, %$V_k(a, b) v = \equiv 2 b$%
   * if %$n$% is prime and %$(\Delta | n) = -1$%, or %$v \equiv 2$% if
   * %$(\Delta | n) = +1$%.
   */
  if (MP_ODDP(v)) v = mp_add(v, v, n);
  v = mp_lsr(v, v, 1);
  if (!MP_EQ(v, e == +1 ? mm.r : bb)) { rc = PGEN_FAIL; goto end; }

  /* Looks like we made it. */
  rc = PGEN_PASS;
end:
  mp_drop(v); mp_drop(w); mp_drop(aa); mp_drop(bb); mp_drop(bi);
  mp_drop(k); mp_drop(x); mp_drop(y); mp_drop(z);
  mpmont_destroy(&mm);
  return (rc);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <mLib/testrig.h>

#include "mptext.h"

static int verify(dstr *v)
{
  mp *n = *(mp **)v[0].buf;
  int a = *(int *)v[1].buf, b = *(int *)v[2].buf, xrc = *(int *)v[3].buf, rc;
  int ok = 1;

  rc = pgen_granfrob(n, a, b);
  if (rc != xrc) {
    fputs("\n*** pgen_granfrob failed", stdout);
    fputs("\nn = ", stdout); mp_writefile(n, stdout, 10);
    printf("\na = %d", a);
    printf("\nb = %d", a);
    printf("\nexp rc = %d", xrc);
    printf("\ncalc rc = %d\n", rc);
    ok = 0;
  }

  mp_drop(n);
  assert(mparena_count(MPARENA_GLOBAL) == 0);
  return (ok);
}

static test_chunk tests[] = {
  { "pgen-granfrob", verify,
    { &type_mp, &type_int, &type_int, &type_int, 0 } },
  { 0, 0, { 0 } }
};

int main(int argc, char *argv[])
{
  sub_init();
  test_run(argc, argv, tests, SRCDIR "/t/pgen");
  return (0);
}

#endif

/*----- That's all, folks -------------------------------------------------*/