org.bouncycastle.pqc.legacy.math.linearalgebra.IntegerFunctions Maven / Gradle / Ivy
Show all versions of bcprov-debug-jdk14 Show documentation
package org.bouncycastle.pqc.legacy.math.linearalgebra;
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.util.BigIntegers;
* Class of number-theory related functions for use with integers represented as
* int's or BigInteger objects.
public final class IntegerFunctions
private static final BigInteger ZERO = BigInteger.valueOf(0);
private static final BigInteger ONE = BigInteger.valueOf(1);
private static final BigInteger TWO = BigInteger.valueOf(2);
private static final BigInteger FOUR = BigInteger.valueOf(4);
private static final int[] SMALL_PRIMES = {3, 5, 7, 11, 13, 17, 19, 23,
29, 31, 37, 41};
private static final long SMALL_PRIME_PRODUCT = 3L * 5 * 7 * 11 * 13 * 17
* 19 * 23 * 29 * 31 * 37 * 41;
private static SecureRandom sr = null;
// the jacobi function uses this lookup table
private static final int[] jacobiTable = {0, 1, 0, -1, 0, -1, 0, 1};
private IntegerFunctions()
// empty
* Computes the value of the Jacobi symbol (A|B). The following properties
* hold for the Jacobi symbol which makes it a very efficient way to
* evaluate the Legendre symbol
* (A|B) = 0 IF gcd(A,B) > 1
* (-1|B) = 1 IF n = 1 (mod 1)
* (-1|B) = -1 IF n = 3 (mod 4)
* (A|B) (C|B) = (AC|B)
* (A|B) (A|C) = (A|CB)
* (A|B) = (C|B) IF A = C (mod B)
* (2|B) = 1 IF N = 1 OR 7 (mod 8)
* (2|B) = 1 IF N = 3 OR 5 (mod 8)
* @param A integer value
* @param B integer value
* @return value of the jacobi symbol (A|B)
public static int jacobi(BigInteger A, BigInteger B)
BigInteger a, b, v;
long k = 1;
k = 1;
// test trivial cases
if (B.equals(ZERO))
a = A.abs();
return a.equals(ONE) ? 1 : 0;
if (!A.testBit(0) && !B.testBit(0))
return 0;
a = A;
b = B;
if (b.signum() == -1)
{ // b < 0
b = b.negate(); // b = -b
if (a.signum() == -1)
k = -1;
v = ZERO;
while (!b.testBit(0))
v = v.add(ONE); // v = v + 1
b = b.divide(TWO); // b = b/2
if (v.testBit(0))
k = k * jacobiTable[a.intValue() & 7];
if (a.signum() < 0)
{ // a < 0
if (b.testBit(1))
k = -k; // k = -k
a = a.negate(); // a = -a
// main loop
while (a.signum() != 0)
v = ZERO;
while (!a.testBit(0))
{ // a is even
v = v.add(ONE);
a = a.divide(TWO);
if (v.testBit(0))
k = k * jacobiTable[b.intValue() & 7];
if (a.compareTo(b) < 0)
{ // a < b
// swap and correct intermediate result
BigInteger x = a;
a = b;
b = x;
if (a.testBit(1) && b.testBit(1))
k = -k;
a = a.subtract(b);
return b.equals(ONE) ? (int)k : 0;
* Computes the greatest common divisor of the two specified integers
* @param u - first integer
* @param v - second integer
* @return gcd(a, b)
public static int gcd(int u, int v)
return BigInteger.valueOf(u).gcd(BigInteger.valueOf(v)).intValue();
* Extended euclidian algorithm (computes gcd and representation).
* @param a the first integer
* @param b the second integer
* @return (g,u,v), where g = gcd(abs(a),abs(b)) = ua + vb
public static int[] extGCD(int a, int b)
BigInteger ba = BigInteger.valueOf(a);
BigInteger bb = BigInteger.valueOf(b);
BigInteger[] bresult = extgcd(ba, bb);
int[] result = new int[3];
result[0] = bresult[0].intValue();
result[1] = bresult[1].intValue();
result[2] = bresult[2].intValue();
return result;
public static BigInteger divideAndRound(BigInteger a, BigInteger b)
if (a.signum() < 0)
return divideAndRound(a.negate(), b).negate();
if (b.signum() < 0)
return divideAndRound(a, b.negate()).negate();
return a.shiftLeft(1).add(b).divide(b.shiftLeft(1));
public static BigInteger[] divideAndRound(BigInteger[] a, BigInteger b)
BigInteger[] out = new BigInteger[a.length];
for (int i = 0; i < a.length; i++)
out[i] = divideAndRound(a[i], b);
return out;
* Compute the smallest integer that is greater than or equal to the
* logarithm to the base 2 of the given BigInteger.
* @param a the integer
* @return ceil[log(a)]
public static int ceilLog(BigInteger a)
int result = 0;
BigInteger p = ONE;
while (p.compareTo(a) < 0)
p = p.shiftLeft(1);
return result;
* Compute the smallest integer that is greater than or equal to the
* logarithm to the base 2 of the given integer.
* @param a the integer
* @return ceil[log(a)]
public static int ceilLog(int a)
int log = 0;
int i = 1;
while (i < a)
i <<= 1;
return log;
* Compute ceil(log_256 n), the number of bytes needed to encode
* the integer n.
* @param n the integer
* @return the number of bytes needed to encode n
public static int ceilLog256(int n)
if (n == 0)
return 1;
int m;
if (n < 0)
m = -n;
m = n;
int d = 0;
while (m > 0)
m >>>= 8;
return d;
* Compute ceil(log_256 n), the number of bytes needed to encode
* the long integer n.
* @param n the long integer
* @return the number of bytes needed to encode n
public static int ceilLog256(long n)
if (n == 0)
return 1;
long m;
if (n < 0)
m = -n;
m = n;
int d = 0;
while (m > 0)
m >>>= 8;
return d;
* Compute the integer part of the logarithm to the base 2 of the given
* integer.
* @param a the integer
* @return floor[log(a)]
public static int floorLog(BigInteger a)
int result = -1;
BigInteger p = ONE;
while (p.compareTo(a) <= 0)
p = p.shiftLeft(1);
return result;
* Compute the integer part of the logarithm to the base 2 of the given
* integer.
* @param a the integer
* @return floor[log(a)]
public static int floorLog(int a)
int h = 0;
if (a <= 0)
return -1;
int p = a >>> 1;
while (p > 0)
p >>>= 1;
return h;
* Compute the largest h with 2^h | a if a!=0.
* @param a an integer
* @return the largest h with 2^h | a if a!=0,
* 0 otherwise
public static int maxPower(int a)
int h = 0;
if (a != 0)
int p = 1;
while ((a & p) == 0)
p <<= 1;
return h;
* @param a an integer
* @return the number of ones in the binary representation of an integer
* a
public static int bitCount(int a)
int h = 0;
while (a != 0)
h += a & 1;
a >>>= 1;
return h;
* determines the order of g modulo p, p prime and 1 < g < p. This algorithm
* is only efficient for small p (see X9.62-1998, p. 68).
* @param g an integer with 1 < g < p
* @param p a prime
* @return the order k of g (that is k is the smallest integer with
* g k = 1 mod p
public static int order(int g, int p)
int b, j;
b = g % p; // Reduce g mod p first.
j = 1;
// Check whether g == 0 mod p (avoiding endless loop).
if (b == 0)
throw new IllegalArgumentException(g + " is not an element of Z/("
+ p + "Z)^*; it is not meaningful to compute its order.");
// Compute the order of g mod p:
while (b != 1)
b *= g;
b %= p;
if (b < 0)
b += p;
return j;
* Reduces an integer into a given interval
* @param n - the integer
* @param begin - left bound of the interval
* @param end - right bound of the interval
* @return n reduced into [begin,end]
public static BigInteger reduceInto(BigInteger n, BigInteger begin,
BigInteger end)
return n.subtract(begin).mod(end.subtract(begin)).add(begin);
* Compute a e.
* @param a the base
* @param e the exponent
* @return a e
public static int pow(int a, int e)
int result = 1;
while (e > 0)
if ((e & 1) == 1)
result *= a;
a *= a;
e >>>= 1;
return result;
* Compute a e.
* @param a the base
* @param e the exponent
* @return a e
public static long pow(long a, int e)
long result = 1;
while (e > 0)
if ((e & 1) == 1)
result *= a;
a *= a;
e >>>= 1;
return result;
* Compute a e mod n.
* @param a the base
* @param e the exponent
* @param n the modulus
* @return a e mod n
public static int modPow(int a, int e, int n)
if (n <= 0 || (n * n) > Integer.MAX_VALUE || e < 0)
return 0;
int result = 1;
a = (a % n + n) % n;
while (e > 0)
if ((e & 1) == 1)
result = (result * a) % n;
a = (a * a) % n;
e >>>= 1;
return result;
* Extended euclidian algorithm (computes gcd and representation).
* @param a - the first integer
* @param b - the second integer
* @return (d,u,v), where d = gcd(a,b) = ua + vb
public static BigInteger[] extgcd(BigInteger a, BigInteger b)
BigInteger u = ONE;
BigInteger v = ZERO;
BigInteger d = a;
if (b.signum() != 0)
BigInteger v1 = ZERO;
BigInteger v3 = b;
while (v3.signum() != 0)
BigInteger[] tmp = d.divideAndRemainder(v3);
BigInteger q = tmp[0];
BigInteger t3 = tmp[1];
BigInteger t1 = u.subtract(q.multiply(v1));
u = v1;
d = v3;
v1 = t1;
v3 = t3;
v = d.subtract(a.multiply(u)).divide(b);
return new BigInteger[]{d, u, v};
* Computation of the least common multiple of a set of BigIntegers.
* @param numbers - the set of numbers
* @return the lcm(numbers)
public static BigInteger leastCommonMultiple(BigInteger[] numbers)
int n = numbers.length;
BigInteger result = numbers[0];
for (int i = 1; i < n; i++)
BigInteger gcd = result.gcd(numbers[i]);
result = result.multiply(numbers[i]).divide(gcd);
return result;
* Returns a long integer whose value is (a mod m). This method
* differs from % in that it always returns a non-negative
* integer.
* @param a value on which the modulo operation has to be performed.
* @param m the modulus.
* @return a mod m
public static long mod(long a, long m)
long result = a % m;
if (result < 0)
result += m;
return result;
* Computes the modular inverse of an integer a
* @param a - the integer to invert
* @param mod - the modulus
* @return a -1 mod n
public static int modInverse(int a, int mod)
return BigInteger.valueOf(a).modInverse(BigInteger.valueOf(mod))
* Computes the modular inverse of an integer a
* @param a - the integer to invert
* @param mod - the modulus
* @return a -1 mod n
public static long modInverse(long a, long mod)
return BigInteger.valueOf(a).modInverse(BigInteger.valueOf(mod))
* Tests whether an integer a is power of another integer
* p.
* @param a - the first integer
* @param p - the second integer
* @return n if a = p^n or -1 otherwise
public static int isPower(int a, int p)
if (a <= 0)
return -1;
int n = 0;
int d = a;
while (d > 1)
if (d % p != 0)
return -1;
d /= p;
return n;
* Find and return the least non-trivial divisor of an integer a.
* @param a - the integer
* @return divisor p >1 or 1 if a = -1,0,1
public static int leastDiv(int a)
if (a < 0)
a = -a;
if (a == 0)
return 1;
if ((a & 1) == 0)
return 2;
int p = 3;
while (p <= (a / p))
if ((a % p) == 0)
return p;
p += 2;
return a;
* Miller-Rabin-Test, determines wether the given integer is probably prime
* or composite. This method returns true if the given integer is
* prime with probability 1 - 2 -20.
* @param n the integer to test for primality
* @return true if the given integer is prime with probability
* 2 -100, false otherwise
public static boolean isPrime(int n)
if (n < 2)
return false;
if (n == 2)
return true;
if ((n & 1) == 0)
return false;
if (n < 42)
for (int i = 0; i < SMALL_PRIMES.length; i++)
if (n == SMALL_PRIMES[i])
return true;
if ((n % 3 == 0) || (n % 5 == 0) || (n % 7 == 0) || (n % 11 == 0)
|| (n % 13 == 0) || (n % 17 == 0) || (n % 19 == 0)
|| (n % 23 == 0) || (n % 29 == 0) || (n % 31 == 0)
|| (n % 37 == 0) || (n % 41 == 0))
return false;
return BigInteger.valueOf(n).isProbablePrime(20);
* Short trial-division test to find out whether a number is not prime. This
* test is usually used before a Miller-Rabin primality test.
* @param candidate the number to test
* @return true if the number has no factor of the tested primes,
* false if the number is definitely composite
public static boolean passesSmallPrimeTest(BigInteger candidate)
final int[] smallPrime = {2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37,
41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103,
107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167,
173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233,
239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307,
311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379,
383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449,
457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523,
541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607,
613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677,
683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761,
769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853,
857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937,
941, 947, 953, 967, 971, 977, 983, 991, 997, 1009, 1013, 1019,
1021, 1031, 1033, 1039, 1049, 1051, 1061, 1063, 1069, 1087,
1091, 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, 1153,
1163, 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, 1229,
1231, 1237, 1249, 1259, 1277, 1279, 1283, 1289, 1291, 1297,
1301, 1303, 1307, 1319, 1321, 1327, 1361, 1367, 1373, 1381,
1399, 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, 1453,
1459, 1471, 1481, 1483, 1487, 1489, 1493, 1499};
for (int i = 0; i < smallPrime.length; i++)
if (candidate.mod(BigInteger.valueOf(smallPrime[i])).equals(
return false;
return true;
* Returns the largest prime smaller than the given integer
* @param n - upper bound
* @return the largest prime smaller than n, or 1 if
* n <= 2
public static int nextSmallerPrime(int n)
if (n <= 2)
return 1;
if (n == 3)
return 2;
if ((n & 1) == 0)
n -= 2;
while (n > 3 && !isPrime(n))
n -= 2;
return n;
* Compute the next probable prime greater than n with the
* specified certainty.
* @param n a integer number
* @param certainty the certainty that the generated number is prime
* @return the next prime greater than n
public static BigInteger nextProbablePrime(BigInteger n, int certainty)
if (n.signum() < 0 || n.signum() == 0 || n.equals(ONE))
return TWO;
BigInteger result = n.add(ONE);
// Ensure an odd number
if (!result.testBit(0))
result = result.add(ONE);
while (true)
// Do cheap "pre-test" if applicable
if (result.bitLength() > 6)
long r = result.remainder(
if ((r % 3 == 0) || (r % 5 == 0) || (r % 7 == 0)
|| (r % 11 == 0) || (r % 13 == 0) || (r % 17 == 0)
|| (r % 19 == 0) || (r % 23 == 0) || (r % 29 == 0)
|| (r % 31 == 0) || (r % 37 == 0) || (r % 41 == 0))
result = result.add(TWO);
continue; // Candidate is composite; try another
// All candidates of bitLength 2 and 3 are prime by this point
if (result.bitLength() < 4)
return result;
// The expensive test
if (result.isProbablePrime(certainty))
return result;
result = result.add(TWO);
* Compute the next probable prime greater than n with the default
* certainty (20).
* @param n a integer number
* @return the next prime greater than n
public static BigInteger nextProbablePrime(BigInteger n)
return nextProbablePrime(n, 20);
* Computes the next prime greater than n.
* @param n a integer number
* @return the next prime greater than n
public static BigInteger nextPrime(long n)
long i;
boolean found = false;
long result = 0;
if (n <= 1)
return BigInteger.valueOf(2);
if (n == 2)
return BigInteger.valueOf(3);
for (i = n + 1 + (n & 1); (i <= n << 1) && !found; i += 2)
for (long j = 3; (j <= i >> 1) && !found; j += 2)
if (i % j == 0)
found = true;
if (found)
found = false;
result = i;
found = true;
return BigInteger.valueOf(result);
* Computes the binomial coefficient (n|t) ("n over t"). Formula:
* if n !=0 and t != 0 then (n|t) = Mult(i=1, t): (n-(i-1))/i
* if t = 0 then (n|t) = 1
* if n = 0 and t > 0 then (n|t) = 0
* @param n - the "upper" integer
* @param t - the "lower" integer
* @return the binomialcoefficient "n over t" as BigInteger
public static BigInteger binomial(int n, int t)
BigInteger result = ONE;
if (n == 0)
if (t == 0)
return result;
return ZERO;
// the property (n|t) = (n|n-t) be used to reduce numbers of operations
if (t > (n >>> 1))
t = n - t;
for (int i = 1; i <= t; i++)
result = (result.multiply(BigInteger.valueOf(n - (i - 1))))
return result;
public static BigInteger randomize(BigInteger upperBound)
if (sr == null)
sr = CryptoServicesRegistrar.getSecureRandom();
return randomize(upperBound, sr);
public static BigInteger randomize(BigInteger upperBound,
SecureRandom prng)
int blen = upperBound.bitLength();
BigInteger randomNum = BigInteger.valueOf(0);
if (prng == null)
prng = sr != null ? sr : CryptoServicesRegistrar.getSecureRandom();
for (int i = 0; i < 20; i++)
randomNum = BigIntegers.createRandomBigInteger(blen, prng);
if (randomNum.compareTo(upperBound) < 0)
return randomNum;
return randomNum.mod(upperBound);
* Extract the truncated square root of a BigInteger.
* @param a - value out of which we extract the square root
* @return the truncated square root of a
public static BigInteger squareRoot(BigInteger a)
int bl;
BigInteger result, remainder, b;
if (a.compareTo(ZERO) < 0)
throw new ArithmeticException(
"cannot extract root of negative number" + a + ".");
bl = a.bitLength();
result = ZERO;
remainder = ZERO;
// if the bit length is odd then extra step
if ((bl & 1) != 0)
result = result.add(ONE);
while (bl > 0)
remainder = remainder.multiply(FOUR);
remainder = remainder.add(BigInteger.valueOf((a.testBit(--bl) ? 2
: 0)
+ (a.testBit(--bl) ? 1 : 0)));
b = result.multiply(FOUR).add(ONE);
result = result.multiply(TWO);
if (remainder.compareTo(b) != -1)
result = result.add(ONE);
remainder = remainder.subtract(b);
return result;
* Takes an approximation of the root from an integer base, using newton's
* algorithm
* @param base the base to take the root from
* @param root the root, for example 2 for a square root
public static float intRoot(int base, int root)
float gNew = base / root;
float gOld = 0;
int counter = 0;
while (Math.abs(gOld - gNew) > 0.0001)
float gPow = floatPow(gNew, root);
while (Float.isInfinite(gPow))
gNew = (gNew + gOld) / 2;
gPow = floatPow(gNew, root);
counter += 1;
gOld = gNew;
gNew = gOld - (gPow - base) / (root * floatPow(gOld, root - 1));
return gNew;
* int power of a base float, only use for small ints
* @param f base float
* @param i power to be raised to.
* @return int power i of f
public static float floatPow(float f, int i)
float g = 1;
for (; i > 0; i--)
g *= f;
return g;
* calculate the logarithm to the base 2.
* @param x any double value
* @return log_2(x)
* @deprecated use MathFunctions.log(double) instead
public static double log(double x)
if (x > 0 && x < 1)
double d = 1 / x;
double result = -log(d);
return result;
int tmp = 0;
double tmp2 = 1;
double d = x;
while (d > 2)
d = d / 2;
tmp += 1;
tmp2 *= 2;
double rem = x / tmp2;
rem = logBKM(rem);
return tmp + rem;
* calculate the logarithm to the base 2.
* @param x any long value >=1
* @return log_2(x)
* @deprecated use MathFunctions.log(long) instead
public static double log(long x)
int tmp = floorLog(BigInteger.valueOf(x));
long tmp2 = 1 << tmp;
double rem = (double)x / (double)tmp2;
rem = logBKM(rem);
return tmp + rem;
* BKM Algorithm to calculate logarithms to the base 2.
* @param arg a double value with 1<= arg<= 4.768462058
* @return log_2(arg)
* @deprecated use MathFunctions.logBKM(double) instead
private static double logBKM(double arg)
double ae[] = // A_e[k] = log_2 (1 + 0.5^k)
int n = 53;
double x = 1;
double y = 0;
double z;
double s = 1;
int k;
for (k = 0; k < n; k++)
z = x + x * s;
if (z <= arg)
x = z;
y += ae[k];
s *= 0.5;
return y;
public static boolean isIncreasing(int[] a)
for (int i = 1; i < a.length; i++)
if (a[i - 1] >= a[i])
return false;
return true;
public static byte[] integerToOctets(BigInteger val)
byte[] valBytes = val.abs().toByteArray();
// check whether the array includes a sign bit
if ((val.bitLength() & 7) != 0)
return valBytes;
// get rid of the sign bit (first byte)
byte[] tmp = new byte[val.bitLength() >> 3];
System.arraycopy(valBytes, 1, tmp, 0, tmp.length);
return tmp;
public static BigInteger octetsToInteger(byte[] data, int offset,
int length)
byte[] val = new byte[length + 1];
val[0] = 0;
System.arraycopy(data, offset, val, 1, length);
return new BigInteger(val);
public static BigInteger octetsToInteger(byte[] data)
return octetsToInteger(data, 0, data.length);