def getd(n):
D = 5
#while legendre(D, n) != n-1:
# ahh, i think this fails iff n is a perfect square
# clearly, no perfect squares are prime
if int(math.sqrt(n))**2 == n:
return False
#print n
while gmpy.jacobi(D,n) != -1:
#print " %4d %5d %2d %2d" % (D, n, jacobi(D, n), gmpy.jacobi(D,n))
if jacobi(D, n) != gmpy.jacobi(D, n):
print "FAILED AT",D,n
exit(0)
if D > 0:
D += 2
else:
D -= 2
D *= -1
if D > 100:
print "FAILURE"
exit(0)
return D
def getd(n):
D = 5
#while legendre(D, n) != n-1:
# ahh, i think this fails iff n is a perfect square
# clearly, no perfect squares are prime
if int(math.sqrt(n))**2 == n:
return False
#print n
while gmpy.jacobi(D, n) != -1:
#print " %4d %5d %2d %2d" % (D, n, jacobi(D, n), gmpy.jacobi(D,n))
if jacobi(D, n) != gmpy.jacobi(D, n):
print "FAILED AT", D, n
exit(0)
if D > 0:
D += 2
else:
D -= 2
D *= -1
if D > 100:
print "FAILURE"
exit(0)
return D
def resp(publickey, secretkey, r, challenge):
"""is a probabilistic algorithm run by the prover to generate
the third message. The input is the public key, the secret
key, as well as a nonce r and the challenge itself, generated
by genChallenge.
The result of this function is the response as well as the
modulus n.
>>> import os
>>> (publickey, secretkey) = ShoupProtocol.setup()
>>> r = os.urandom(2048)
>>> challenge = ShoupProtocol.genChallenge(os.urandom(32))
>>> ShoupProtocol.resp(publickey, secretkey, r, challenge) # doctest: +ELLIPSIS
(mpz(...), ...)
"""
(y, n) = publickey
(p, q) = secretkey
# We output a random 2^(3*5)th root of +- r * y ^challenge, where
# the sign is chosen such that a root exists.
r = pow(int.from_bytes(r, "little"), 2, n)
base = r * pow(y, challenge, n)
# Choose the sign accordingly
if gmpy.jacobi(base, n) <= 0:
base = (n - base) % n
s = gmpy.invert(p, q)
t = gmpy.invert(q, p)
for i in range(3 * 5): # 5 is the security parameter
# In this loop we compute modular roots
# Since p,q = 3 mod 4, a root mod p is just pow(a, (p + 1) / 4, p)
# but we need to use the chinese remainder theorem to lift
# if to mod n
# compute mod p
ap = base % p
ap = pow(base, (p + 1) // 4, p)
# choose the one which is a quadratic residue
if gmpy.jacobi(ap, p) <= 0:
ap = (p - ap) % p
# compute mod q
aq = base % q
aq = pow(base, (q + 1) // 4, q)
# choose the one which is a quadratic residue
if gmpy.jacobi(aq, q) <= 0:
aq = (q - aq) % q
# we have s, t, such that sp+tq = 1
# so the solution is simply ap*t*q + aq*s*p
base = ap * t * q + aq * s * p
return (base, n)
def jacobi_symbol(a, n):
"""
Calculate Jacobi Symbol
Args:
a : An element of Z/nZ
n : A number
Return:
a is quadratic residue : 1
a is non-quadratic residue : -1
a is factor of n : 0
"""
return int(gmpy.jacobi(a, n))
def check_g(self, results):
self.function_count[10] += 1
#print "g = " + str(results[0].value)
self.g = results[0].value
jacobi = gmpy.jacobi(self.g, self.n_revealed) % self.n_revealed
#print "jacobi = " + str(jacobi)
if jacobi == 1:
if self.runtime.id == 1:
self.phi_i = self.n_revealed - self.p - self.q + 1
print "((N)): " + str(self.n_revealed)
print "((p)): " + str(self.p)
print "((q)): " + str(self.q)
print "<<phi_i>>: " + str(self.phi_i)
base = gmpy.mpz(self.g)
power = gmpy.mpz(self.phi_i / 4)
print "<<power>>: " + str(power)
modulus = gmpy.mpz(self.n_revealed)
self.v = int(pow(base, power, modulus))
#self.v = self.powermod(self.g, (self.n_revealed - self.p - self.q + 1) / 4, self.n_revealed)
else:
self.phi_i = -(self.p + self.q)
self.inverse_v = int(gmpy.divm(1, self.g, self.n_revealed))
base = gmpy.mpz(self.inverse_v)
power = gmpy.mpz(-self.phi_i / 4)
modulus = gmpy.mpz(self.n_revealed)
self.v = int(pow(base, power, modulus))
#print "self.phi_i = " + str(self.phi_i)
else:
self.generate_g()
return
#print "self.v = " + str(self.v)
v1, v2, v3 = self.runtime.shamir_share([1, 2, 3], self.Zp, self.v)
v_tot = v1 * v2 * v3
self.open_v = self.runtime.open(v_tot)
results = gather_shares([self.open_v])
results.addCallback(self.check_v)
def is_prime_ss(n,s): #n,s prirozena, n>3 liche ''' return (rounds, res): - rounds is -1 if it passed all tests (ie: probably prime) ''' for i in xrange(0, s): # 0,1,...,s-1 a = random.randint(2,n-2) #nah. c. mezi 2 a n-2 if gmpy.gcd(a,n) != 1: return (i, 0) #je slozene p = pow(a,(n-1)/2,n) if p == n-1: p = -1 if not gmpy.jacobi(a,n) == p: return (i, 0) #je slozene return (-1, 1) #n proslo testem
def is_prime_ss(n, s): #n,s prirozena, n>3 liche
'''
return (rounds, res):
- rounds is -1 if it passed all tests (ie: probably prime)
'''
for i in xrange(0, s): # 0,1,...,s-1
a = random.randint(2, n - 2) #nah. c. mezi 2 a n-2
if gmpy.gcd(a, n) != 1:
return (i, 0) #je slozene
p = pow(a, (n - 1) / 2, n)
if p == n - 1:
p = -1
if not gmpy.jacobi(a, n) == p:
return (i, 0) #je slozene
return (-1, 1) #n proslo testem
# Carmichael numbers
# that are also strong base 2 psuedoprimes
# jacobi(5, n) == -1
# condition b
for pp in P1:
p = pp*2+1
# half of condition a
if p%8 != 3:
continue
# condition c
if (p+1)/4 not in P2:
continue
# other half of condition a
if gmpy.jacobi(5, p) != -1:
continue
# prime
if not gmpy.is_prime(p):
continue
print p
"""
# half of condition a
for p in xrange(T, pow(T, k), 8):
# prime
if not gmpy.is_prime(p):
continue
# other half of condition a
if gmpy.jacobi(5, p) != -1:
continue
def isprime(n, tb=(3,5,7,11), eb=(2,), mrb=()): # TODO: more streamlining
# tb: trial division basis
# eb: Euler's test basis
# mrb: Miller-Rabin basis
# This test suite's first false positve is unknown but has been shown to be greater than 2**64.
# Infinitely many are thought to exist.
if n%2 == 0 or n < 13 or n == isqrt(n)**2: return n in (2, 3, 5, 7, 11) # Remove evens, squares, and numbers less than 13
if any(n%p == 0 for p in tb): return n in tb # Trial division
for b in eb: # Euler's test
if b >= n: continue
if not pow(b, n-1, n) == 1: return False
r = n - 1
while r%2 == 0: r /= 2
c = pow(b, r, n)
if c == 1: continue
while c != 1 and c != n-1: c = pow(c, 2, n)
if c == 1: return False
s, d = pfactor(n)
if not sprp(n, 2, s, d): return False
if n < 2047: return True
if n >= 3825123056546413051: # BPSW has two phases: SPRP with base 2 and SLPRP. We just did the SPRP; now we do the SLPRP:
d = 5
while True:
if gcd(d, n) > 1:
p, q = 0, 0
break
if jacobi(d, n) == -1:
p, q = 1, (1 - d) / 4
break
d = -d - 2*d/abs(d)
if p == 0: return n == d
s, t = pfactor(n + 2)
u, v, u2, v2, m = 1, p, 1, p, t/2
k = q
while m > 0:
u2, v2, q = (u2*v2)%n, (v2*v2-2*q)%n, (q*q)%n
if m%2 == 1:
u, v = u2*v+u*v2, v2*v+u2*u*d
if u%2 == 1: u += n
if v%2 == 1: v += n
u, v, k = (u/2)%n, (v/2)%n, (q*k)%n
m /= 2
if (u == 0) or (v == 0): return True
for i in xrange(1, s):
v, k = (v*v-2*k)%n, (k*k)%n
if v == 0: return True
return False
if not mrb:
if n < 1373653: mrb = [3]
elif n < 25326001: mrb = [3,5]
elif n < 3215031751: mrb = [3,5,7]
elif n < 2152302898747: mrb = [3,5,7,11]
elif n < 3474749660383: mrb = [3,5,6,11,13]
elif n < 341550071728321: mrb = [3,5,7,11,13,17] # This number is also a false positive for primes(19+1).
elif n < 3825123056546413051: mrb = [3,5,7,11,13,17,19,23] # Also a false positive for primes(31+1).
return all(sprp(n, b, s, d) for b in mrb) # Miller-Rabin
# Carmichael numbers
# that are also strong base 2 psuedoprimes
# jacobi(5, n) == -1
# condition b
for pp in P1:
p = pp * 2 + 1
# half of condition a
if p % 8 != 3:
continue
# condition c
if (p + 1) / 4 not in P2:
continue
# other half of condition a
if gmpy.jacobi(5, p) != -1:
continue
# prime
if not gmpy.is_prime(p):
continue
print p
"""
# half of condition a
for p in xrange(T, pow(T, k), 8):
# prime
if not gmpy.is_prime(p):
continue
# other half of condition a
if gmpy.jacobi(5, p) != -1:
continue
# condition b and c