def factoring(self, mode):
x = 1
y = self._fx_origin(x) if mode == "--origin" else self._fx_nowadays(x)
d = GCD(x, y)
while d == 1:
x = self._fx_origin(x) if mode == "--origin" else self._fx_nowadays(x)
y = self._fx_origin(self._fx_origin(y)) if mode == "--origin" else self._fx_nowadays(self._fx_nowadays(y))
d = GCD(abs(x-y), self.n)
if d == self.n:
return -1
else:
return d
def __init__(self, E:ECC, P:tuple, m:int, n:int):
self.E = E
self.E.calcuDots()
assert P in self.E.dots
self.P = P
assert GCD(m, n) == 1 and Fermat(n)
self.m = m
self.Q = self.E.multi(self.P, self.m)
self.n = n
def encrypt(self, x):
flag = True
while flag:
k = random.randint(2, self.n)
if GCD(k, self.n) == 1:
break
x0y0 = self.E.multi(self.Q, k)
y1 = self._point_compress(self.E.multi(self.P, k))
y2 = Mul(x, x0y0[0], self.E.p)
return (y1, y2)
def __init__(self, nume, deno, layer):
assert GCD(nume, deno) == 1
self.nume = nume
self.deno = deno
self.layer = layer
assert layer >= 2
self.a_arr = []
self.p_arr = []
self.q_arr = []
self.a_gen()
self.pq_gen()
def Fermat(n, iterNum=512):
if n == 2 or n == 3:
return True
for i in range(0, iterNum):
a = random.randint(2, n - 2)
if GCD(a, n) != 1:
return False
if pow(a, n - 1, n) != 1:
return False
else:
return True
def CongEq(a, b, n):
d = GCD(a, n)
if d != 1 and not DIVVerify(d, b):
return [-1]
elif d != 1:
res = CongEq(a // d, b // d, n // d)
k = 1
while k * n // d < n:
res.append(res[0] + k * n // d)
k += 1
return res
else:
return [Mul(b, Inverse(a, n), n)]
def PollardRho(self):
x, a, b = self._fx(1,0,0)
x_,a_,b_ = self._fx(x,a,b)
while x != x_:
x, a, b = self._fx(x, a, b)
x_,a_,b_ = self._fx(x_, a_, b_)
x_,a_,b_ = self._fx(x_, a_, b_)
if GCD(b_-b, self.n) != 1:
return [-1]
else:
'''
using CongEq instead of Mul(a-a_, Inv(b_-b))
cos congruence equation can have several solutions probably
'''
return CongEq(
Sub(b_, b, self.ord),
Sub(a, a_, self.ord),
self.ord
)
def __init__(self, bit, opt='--null', p=None, q=None, a=None):
if opt == '-pq' or opt == '-pqa':
self.p = p
self.q = q
else:
self.p = randprime(2**(bit - 1), 2**bit)
self.q = randprime(2**(bit - 1), 2**bit)
self.phi = (self.p - 1) * (self.q - 1)
self.n = self.p * self.q
if opt == '-pqa':
self.a = a
else:
flag = True
while flag:
a_gen = randint(2**(2 * bit - 1), 2**(2 * bit))
if GCD(a_gen, self.phi) == 1:
flag = False
self.a = a_gen
self.b = Inverse(self.a, self.phi)
def primVerify2(g, m):
assert GCD(g, m) == 1
phi = Euler(m)
prime_fac = []
index = 1
prim = prime(index)
bound = ceil(sqrt(phi))
while prim < bound:
if DIVVerify(prim, phi):
prime_fac.append(prim)
index += 1
prim = prime(index)
for q in prime_fac:
if CMVerify(pow(g, phi // q), 1, m):
return False
else:
return True
def elemPowOrder(elem, lamb, n):
order = elemOrder(elem, n)
return order // GCD(lamb, order)