| line | stmt | bran | cond | sub | pod | time | code | 
| 1 |  |  |  |  |  |  | package Math::Prime::Util::PrimalityProving; | 
| 2 | 5 |  |  | 5 |  | 1721 | use strict; | 
|  | 5 |  |  |  |  | 11 |  | 
|  | 5 |  |  |  |  | 176 |  | 
| 3 | 5 |  |  | 5 |  | 30 | use warnings; | 
|  | 5 |  |  |  |  | 11 |  | 
|  | 5 |  |  |  |  | 221 |  | 
| 4 | 5 |  |  | 5 |  | 28 | use Carp qw/carp croak confess/; | 
|  | 5 |  |  |  |  | 9 |  | 
|  | 5 |  |  |  |  | 383 |  | 
| 5 | 5 |  |  |  |  | 31 | use Math::Prime::Util qw/is_prob_prime is_strong_pseudoprime | 
| 6 |  |  |  |  |  |  | is_provable_prime_with_cert | 
| 7 |  |  |  |  |  |  | lucas_sequence | 
| 8 |  |  |  |  |  |  | factor | 
| 9 |  |  |  |  |  |  | prime_get_config | 
| 10 | 5 |  |  | 5 |  | 27 | /; | 
|  | 5 |  |  |  |  | 10 |  | 
| 11 |  |  |  |  |  |  |  | 
| 12 |  |  |  |  |  |  | BEGIN { | 
| 13 | 5 |  |  | 5 |  | 18 | $Math::Prime::Util::PrimalityProving::AUTHORITY = 'cpan:DANAJ'; | 
| 14 | 5 |  |  |  |  | 211 | $Math::Prime::Util::PrimalityProving::VERSION = '0.68'; | 
| 15 |  |  |  |  |  |  | } | 
| 16 |  |  |  |  |  |  |  | 
| 17 |  |  |  |  |  |  | BEGIN { | 
| 18 | 5 | 50 |  | 5 |  | 29419 | do { require Math::BigInt;  Math::BigInt->import(try=>"GMP,Pari"); } | 
|  | 0 |  |  |  |  | 0 |  | 
|  | 0 |  |  |  |  | 0 |  | 
| 19 |  |  |  |  |  |  | unless defined $Math::BigInt::VERSION; | 
| 20 |  |  |  |  |  |  | } | 
| 21 |  |  |  |  |  |  |  | 
| 22 |  |  |  |  |  |  | my $_smallval = Math::BigInt->new("18446744073709551615"); | 
| 23 |  |  |  |  |  |  | my $_maxint = Math::BigInt->new( (~0 > 4294967296 && $] < 5.008) ? "562949953421312" : ''.~0 ); | 
| 24 |  |  |  |  |  |  |  | 
| 25 |  |  |  |  |  |  |  | 
| 26 |  |  |  |  |  |  | ############################################################################### | 
| 27 |  |  |  |  |  |  | # Pure Perl proofs | 
| 28 |  |  |  |  |  |  | ############################################################################### | 
| 29 |  |  |  |  |  |  |  | 
| 30 |  |  |  |  |  |  | my @_fsublist = ( | 
| 31 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pbrent_factor (shift,   32*1024, 1) }, | 
| 32 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pminus1_factor(shift, 1_000_000) }, | 
| 33 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::ecm_factor    (shift,     1_000,   5_000, 15) }, | 
| 34 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pbrent_factor (shift,  512*1024, 7) }, | 
| 35 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pminus1_factor(shift, 4_000_000) }, | 
| 36 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::ecm_factor    (shift,    10_000,  50_000, 10) }, | 
| 37 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pbrent_factor (shift,  512*1024, 11) }, | 
| 38 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pminus1_factor(shift,20_000_000) }, | 
| 39 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::ecm_factor    (shift,   100_000, 800_000, 10) }, | 
| 40 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pbrent_factor (shift, 2048*1024, 13) }, | 
| 41 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::ecm_factor    (shift, 1_000_000, 1_000_000, 20)}, | 
| 42 |  |  |  |  |  |  | sub { Math::Prime::Util::PP::pminus1_factor(shift, 100_000_000, 500_000_000)}, | 
| 43 |  |  |  |  |  |  | ); | 
| 44 |  |  |  |  |  |  |  | 
| 45 |  |  |  |  |  |  | sub _small_cert { | 
| 46 | 0 |  |  | 0 |  | 0 | my $n = shift; | 
| 47 | 0 | 0 |  |  |  | 0 | return '' unless is_prob_prime($n); | 
| 48 | 0 |  |  |  |  | 0 | return join "\n", "[MPU - Primality Certificate]", | 
| 49 |  |  |  |  |  |  | "Version 1.0", | 
| 50 |  |  |  |  |  |  | "", | 
| 51 |  |  |  |  |  |  | "Proof for:", | 
| 52 |  |  |  |  |  |  | "N $n", | 
| 53 |  |  |  |  |  |  | "", | 
| 54 |  |  |  |  |  |  | "Type Small", | 
| 55 |  |  |  |  |  |  | "N $n", | 
| 56 |  |  |  |  |  |  | ""; | 
| 57 |  |  |  |  |  |  | } | 
| 58 |  |  |  |  |  |  |  | 
| 59 |  |  |  |  |  |  | # For stripping off the header on certificates so they can be combined. | 
| 60 |  |  |  |  |  |  | sub _strip_proof_header { | 
| 61 | 2 |  |  | 2 |  | 64 | my $proof = shift; | 
| 62 | 2 |  |  |  |  | 17 | $proof =~ s/^\[MPU - Primality Certificate\]\nVersion \S+\n+Proof for:\nN (\d+)\n+//ms; | 
| 63 | 2 |  |  |  |  | 10 | return $proof; | 
| 64 |  |  |  |  |  |  | } | 
| 65 |  |  |  |  |  |  |  | 
| 66 |  |  |  |  |  |  |  | 
| 67 |  |  |  |  |  |  | sub primality_proof_lucas { | 
| 68 | 1 |  |  | 1 | 1 | 783 | my ($n) = shift; | 
| 69 | 1 |  |  |  |  | 4 | my @composite = (0, ''); | 
| 70 |  |  |  |  |  |  |  | 
| 71 |  |  |  |  |  |  | # Since this can take a very long time with a composite, try some easy cuts | 
| 72 | 1 | 50 | 33 |  |  | 8 | return @composite if !defined $n || $n < 2; | 
| 73 | 1 | 50 |  |  |  | 4 | return (2, _small_cert($n)) if $n < 4; | 
| 74 | 1 | 50 |  |  |  | 31 | return @composite if is_strong_pseudoprime($n,2,15,325) == 0; | 
| 75 |  |  |  |  |  |  |  | 
| 76 | 1 |  |  |  |  | 3 | my $nm1 = $n-1; | 
| 77 | 1 |  |  |  |  | 8 | my @factors = factor($nm1); | 
| 78 |  |  |  |  |  |  | { # remove duplicate factors and make a sorted array of bigints | 
| 79 | 1 |  |  |  |  | 2 | my %uf; | 
|  | 1 |  |  |  |  | 2 |  | 
| 80 | 1 |  |  |  |  | 6 | undef @uf{@factors}; | 
| 81 | 1 |  |  |  |  | 4 | @factors = sort {$a<=>$b} map { Math::BigInt->new("$_") } keys %uf; | 
|  | 5 |  |  |  |  | 128 |  | 
|  | 4 |  |  |  |  | 130 |  | 
| 82 |  |  |  |  |  |  | } | 
| 83 | 1 |  |  |  |  | 24 | my $cert = "[MPU - Primality Certificate]\nVersion 1.0\n\nProof for:\nN $n\n\n"; | 
| 84 | 1 |  |  |  |  | 4 | $cert .= "Type Lucas\nN $n\n"; | 
| 85 | 1 |  |  |  |  | 4 | foreach my $i (1 .. scalar @factors) { | 
| 86 | 4 |  |  |  |  | 65 | $cert .= "Q[$i] " . $factors[$i-1] . "\n"; | 
| 87 |  |  |  |  |  |  | } | 
| 88 | 1 |  |  |  |  | 19 | for (my $a = 2; $a < $nm1; $a++) { | 
| 89 | 1 |  |  |  |  | 5 | my $ap = Math::BigInt->new("$a"); | 
| 90 |  |  |  |  |  |  | # 1. a must be coprime to n | 
| 91 | 1 | 50 |  |  |  | 36 | next unless Math::BigInt::bgcd($ap, $n) == 1; | 
| 92 |  |  |  |  |  |  | # 2. a^(n-1) = 1 mod n. | 
| 93 | 1 | 50 |  |  |  | 295 | next unless $ap->copy->bmodpow($nm1, $n) == 1; | 
| 94 |  |  |  |  |  |  | # 3. a^((n-1)/f) != 1 mod n for all f. | 
| 95 | 4 |  |  |  |  | 704 | next if (scalar grep { $_ == 1 } | 
| 96 | 1 | 50 |  |  |  | 775 | map { $ap->copy->bmodpow(int($nm1/$_),$n); } | 
|  | 4 |  |  |  |  | 2323 |  | 
| 97 |  |  |  |  |  |  | @factors) > 0; | 
| 98 |  |  |  |  |  |  | # Verify each factor and add to proof | 
| 99 | 1 |  |  |  |  | 84 | my @fac_proofs; | 
| 100 | 1 |  |  |  |  | 3 | foreach my $f (@factors) { | 
| 101 | 4 |  |  |  |  | 106 | my ($isp, $fproof) = Math::Prime::Util::is_provable_prime_with_cert($f); | 
| 102 | 4 | 50 |  |  |  | 9 | if ($isp != 2) { | 
| 103 | 0 |  |  |  |  | 0 | carp "could not prove primality of $n.\n"; | 
| 104 | 0 |  |  |  |  | 0 | return (1, ''); | 
| 105 |  |  |  |  |  |  | } | 
| 106 | 4 | 50 |  |  |  | 10 | push @fac_proofs, _strip_proof_header($fproof) if $f > $_smallval; | 
| 107 |  |  |  |  |  |  | } | 
| 108 | 1 |  |  |  |  | 30 | $cert .= "A $a\n"; | 
| 109 | 1 |  |  |  |  | 4 | foreach my $proof (@fac_proofs) { | 
| 110 | 0 |  |  |  |  | 0 | $cert .= "\n$proof"; | 
| 111 |  |  |  |  |  |  | } | 
| 112 | 1 |  |  |  |  | 11 | return (2, $cert); | 
| 113 |  |  |  |  |  |  | } | 
| 114 | 0 |  |  |  |  | 0 | return @composite; | 
| 115 |  |  |  |  |  |  | } | 
| 116 |  |  |  |  |  |  |  | 
| 117 |  |  |  |  |  |  | sub primality_proof_bls75 { | 
| 118 | 13 |  |  | 13 | 1 | 93 | my ($n) = shift; | 
| 119 | 13 |  |  |  |  | 45 | my @composite = (0, ''); | 
| 120 |  |  |  |  |  |  |  | 
| 121 |  |  |  |  |  |  | # Since this can take a very long time with a composite, try some easy tests | 
| 122 | 13 | 50 | 33 |  |  | 81 | return @composite if !defined $n || $n < 2; | 
| 123 | 13 | 50 |  |  |  | 1174 | return (2, _small_cert($n)) if $n < 4; | 
| 124 | 13 | 50 |  |  |  | 1003 | return @composite if ($n & 1) == 0; | 
| 125 | 13 | 50 |  |  |  | 5008 | return @composite if is_strong_pseudoprime($n,2,15,325) == 0; | 
| 126 |  |  |  |  |  |  |  | 
| 127 | 13 |  |  |  |  | 470 | require Math::Prime::Util::PP; | 
| 128 | 13 | 100 |  |  |  | 66 | $n = Math::BigInt->new("$n") unless ref($n) eq 'Math::BigInt'; | 
| 129 | 13 |  |  |  |  | 167 | my $nm1 = $n->copy->bdec; | 
| 130 | 13 |  |  |  |  | 1130 | my $ONE = $nm1->copy->bone; | 
| 131 | 13 |  |  |  |  | 1407 | my $TWO = $ONE->copy->binc; | 
| 132 | 13 |  |  |  |  | 748 | my $A = $ONE->copy;         # factored part | 
| 133 | 13 |  |  |  |  | 220 | my $B = $nm1->copy;         # unfactored part | 
| 134 | 13 |  |  |  |  | 226 | my @factors = ($TWO); | 
| 135 | 13 | 50 |  |  |  | 58 | croak "BLS75 error: n-1 not even" unless $nm1->is_even(); | 
| 136 |  |  |  |  |  |  | { | 
| 137 | 13 |  |  |  |  | 199 | while ($B->is_even) { $B->bdiv($TWO); $A->bmul($TWO); } | 
|  | 13 |  |  |  |  | 41 |  | 
|  | 19 |  |  |  |  | 482 |  | 
|  | 19 |  |  |  |  | 3047 |  | 
| 138 | 13 |  |  |  |  | 776 | my @tf; | 
| 139 | 13 | 100 | 66 |  |  | 57 | if ($B <= $_maxint && prime_get_config->{'xs'}) { | 
| 140 | 2 |  |  |  |  | 8 | @tf = Math::Prime::Util::trial_factor("$B", 20000); | 
| 141 | 2 | 100 |  |  |  | 141 | pop @tf if $tf[-1] > 20000; | 
| 142 |  |  |  |  |  |  | } else { | 
| 143 | 11 |  |  |  |  | 510 | @tf = Math::Prime::Util::PP::trial_factor($B, 5000); | 
| 144 | 11 | 50 |  |  |  | 49 | pop @tf if $tf[-1] > 5000; | 
| 145 |  |  |  |  |  |  | } | 
| 146 | 13 |  |  |  |  | 451 | foreach my $f (@tf) { | 
| 147 | 45 | 100 |  |  |  | 8643 | next if $f == $factors[-1]; | 
| 148 | 34 |  |  |  |  | 1578 | push @factors, $f; | 
| 149 | 34 |  |  |  |  | 102 | while (($B % $f) == 0) { $B /= $f;  $A *= $f; } | 
|  | 45 |  |  |  |  | 14770 |  | 
|  | 45 |  |  |  |  | 9170 |  | 
| 150 |  |  |  |  |  |  | } | 
| 151 |  |  |  |  |  |  | } | 
| 152 | 13 |  |  |  |  | 4792 | my @nstack; | 
| 153 |  |  |  |  |  |  | # nstack should only hold composites | 
| 154 | 13 | 100 |  |  |  | 71 | if ($B->is_one) { | 
|  |  | 100 |  |  |  |  |  | 
| 155 |  |  |  |  |  |  | # Completely factored.  Nothing. | 
| 156 |  |  |  |  |  |  | } elsif (is_prob_prime($B)) { | 
| 157 | 3 |  |  |  |  | 362 | push @factors, $B; | 
| 158 | 3 |  |  |  |  | 8 | $A *= $B;  $B /= $B;   # completely factored already | 
|  | 3 |  |  |  |  | 338 |  | 
| 159 |  |  |  |  |  |  | } else { | 
| 160 | 9 |  |  |  |  | 453 | push @nstack, $B; | 
| 161 |  |  |  |  |  |  | } | 
| 162 | 13 |  |  |  |  | 578 | while (@nstack) { | 
| 163 | 14 |  |  |  |  | 72 | my ($s,$r) = $B->copy->bdiv($A->copy->bmul($TWO)); | 
| 164 | 14 |  |  |  |  | 4240 | my $fpart = ($A+$ONE) * ($TWO*$A*$A + ($r-$ONE) * $A + $ONE); | 
| 165 | 14 | 100 |  |  |  | 8677 | last if $n < $fpart; | 
| 166 |  |  |  |  |  |  |  | 
| 167 | 13 |  |  |  |  | 500 | my $m = pop @nstack; | 
| 168 |  |  |  |  |  |  | # Don't use bignum if it has gotten small enough. | 
| 169 | 13 | 100 | 100 |  |  | 80 | $m = int($m->bstr) if ref($m) eq 'Math::BigInt' && $m <= $_maxint; | 
| 170 |  |  |  |  |  |  | # Try to find factors of m, using the default set of factor subs. | 
| 171 | 13 |  |  |  |  | 517 | my @ftry; | 
| 172 | 13 |  |  |  |  | 38 | foreach my $sub (@_fsublist) { | 
| 173 | 13 |  |  |  |  | 49 | @ftry = $sub->($m); | 
| 174 | 13 | 50 |  |  |  | 73 | last if scalar @ftry >= 2; | 
| 175 |  |  |  |  |  |  | } | 
| 176 |  |  |  |  |  |  | # If we couldn't find a factor, skip it. | 
| 177 | 13 | 50 |  |  |  | 59 | next unless scalar @ftry > 1; | 
| 178 |  |  |  |  |  |  | # Process each factor | 
| 179 | 13 |  |  |  |  | 48 | foreach my $f (@ftry) { | 
| 180 | 26 | 50 | 33 |  |  | 3405 | croak "Invalid factoring: B=$B m=$m f=$f" if $f == 1 || $f == $m || !$B->copy->bmod($f)->is_zero; | 
|  |  |  | 33 |  |  |  |  | 
| 181 | 26 | 100 |  |  |  | 7192 | if (is_prob_prime($f)) { | 
| 182 | 21 |  |  |  |  | 785 | push @factors, $f; | 
| 183 | 21 |  |  |  |  | 44 | do { $B /= $f;  $A *= $f; } while $B->copy->bmod($f)->is_zero; | 
|  | 21 |  |  |  |  | 93 |  | 
|  | 21 |  |  |  |  | 4610 |  | 
| 184 |  |  |  |  |  |  | } else { | 
| 185 | 5 |  |  |  |  | 72 | push @nstack, $f; | 
| 186 |  |  |  |  |  |  | } | 
| 187 |  |  |  |  |  |  | } | 
| 188 |  |  |  |  |  |  | } | 
| 189 |  |  |  |  |  |  | { # remove duplicate factors and make a sorted array of bigints | 
| 190 | 13 |  |  |  |  | 2976 | my %uf = map { $_ => 1 } @factors; | 
|  | 13 |  |  |  |  | 46 |  | 
|  | 71 |  |  |  |  | 177 |  | 
| 191 | 13 |  |  |  |  | 679 | @factors = sort {$a<=>$b} map { Math::BigInt->new("$_") } keys %uf; | 
|  | 110 |  |  |  |  | 2425 |  | 
|  | 71 |  |  |  |  | 2165 |  | 
| 192 |  |  |  |  |  |  | } | 
| 193 |  |  |  |  |  |  | # Just in case: | 
| 194 | 13 |  |  |  |  | 336 | foreach my $f (@factors) { | 
| 195 | 71 |  |  |  |  | 5650 | while ($B->copy->bmod($f)->is_zero) { | 
| 196 | 0 |  |  |  |  | 0 | $B /= $f;  $A *= $f; | 
|  | 0 |  |  |  |  | 0 |  | 
| 197 |  |  |  |  |  |  | } | 
| 198 |  |  |  |  |  |  | } | 
| 199 |  |  |  |  |  |  | # Did we factor enough? | 
| 200 | 13 |  |  |  |  | 1401 | my ($s,$r) = $B->copy->bdiv($A->copy->bmul($TWO)); | 
| 201 | 13 |  |  |  |  | 3383 | my $fpart = ($A+$ONE) * ($TWO*$A*$A + ($r-$ONE) * $A + $ONE); | 
| 202 | 13 | 50 |  |  |  | 10140 | return (1,'') if $n >= $fpart; | 
| 203 |  |  |  |  |  |  | # Check we didn't mess up | 
| 204 | 13 | 50 |  |  |  | 539 | croak "BLS75 error: $A * $B != $nm1" unless $A*$B == $nm1; | 
| 205 | 13 | 50 |  |  |  | 1631 | croak "BLS75 error: $A not even" unless $A->is_even(); | 
| 206 | 13 | 50 |  |  |  | 238 | croak "BLS75 error: A and B not coprime" unless Math::BigInt::bgcd($A, $B)->is_one; | 
| 207 |  |  |  |  |  |  |  | 
| 208 | 13 |  |  |  |  | 3547 | my $rtest = $r*$r - 8*$s; | 
| 209 | 13 |  |  |  |  | 3632 | my $rtestroot = $rtest->copy->bsqrt; | 
| 210 | 13 | 50 | 66 |  |  | 1712 | return @composite if $s != 0 && ($rtestroot*$rtestroot) == $rtest; | 
| 211 |  |  |  |  |  |  |  | 
| 212 | 13 |  |  |  |  | 2404 | my $cert = "[MPU - Primality Certificate]\nVersion 1.0\n\nProof for:\nN $n\n\n"; | 
| 213 | 13 |  |  |  |  | 493 | $cert .= "Type BLS5\nN $n\n"; | 
| 214 | 13 |  |  |  |  | 323 | my $qnum = 0; | 
| 215 | 13 |  |  |  |  | 29 | my $atext = ''; | 
| 216 | 13 |  |  |  |  | 27 | my @fac_proofs; | 
| 217 | 13 |  |  |  |  | 34 | foreach my $f (@factors) { | 
| 218 | 71 |  |  |  |  | 2447 | my $success = 0; | 
| 219 | 71 | 100 |  |  |  | 267 | if ($qnum == 0) { | 
| 220 | 13 | 50 |  |  |  | 37 | die "BLS5 Perl proof: Internal error, first factor not 2" unless $f == 2; | 
| 221 |  |  |  |  |  |  | } else { | 
| 222 | 58 |  |  |  |  | 270 | $cert .= "Q[$qnum] $f\n"; | 
| 223 |  |  |  |  |  |  | } | 
| 224 | 71 |  |  |  |  | 2612 | my $nm1_div_f = $nm1 / $f; | 
| 225 | 71 |  |  |  |  | 15017 | foreach my $a (2 .. 10000) { | 
| 226 | 81 |  |  |  |  | 202625 | my $ap = Math::BigInt->new($a); | 
| 227 | 81 | 50 |  |  |  | 3253 | next unless $ap->copy->bmodpow($nm1, $n)->is_one; | 
| 228 | 81 | 100 |  |  |  | 2245639 | next unless Math::BigInt::bgcd($ap->copy->bmodpow($nm1_div_f, $n)->bdec, $n)->is_one; | 
| 229 | 71 | 100 |  |  |  | 1950781 | $atext .= "A[$qnum] $a\n" unless $a == 2; | 
| 230 | 71 |  |  |  |  | 203 | $success = 1; | 
| 231 | 71 |  |  |  |  | 311 | last; | 
| 232 |  |  |  |  |  |  | } | 
| 233 | 71 |  |  |  |  | 175 | $qnum++; | 
| 234 | 71 | 50 |  |  |  | 185 | return @composite unless $success; | 
| 235 | 71 |  |  |  |  | 506 | my ($isp, $fproof) = is_provable_prime_with_cert($f); | 
| 236 | 71 | 50 |  |  |  | 246 | if ($isp != 2) { | 
| 237 | 0 |  |  |  |  | 0 | carp "could not prove primality of $n.\n"; | 
| 238 | 0 |  |  |  |  | 0 | return (1, ''); | 
| 239 |  |  |  |  |  |  | } | 
| 240 | 71 | 100 |  |  |  | 258 | push @fac_proofs, _strip_proof_header($fproof) if $f > $_smallval; | 
| 241 |  |  |  |  |  |  | } | 
| 242 | 13 |  |  |  |  | 520 | $cert .= $atext; | 
| 243 | 13 |  |  |  |  | 45 | $cert .= "----\n"; | 
| 244 | 13 |  |  |  |  | 36 | foreach my $proof (@fac_proofs) { | 
| 245 | 2 |  |  |  |  | 7 | $cert .= "\n$proof"; | 
| 246 |  |  |  |  |  |  | } | 
| 247 | 13 |  |  |  |  | 315 | return (2, $cert); | 
| 248 |  |  |  |  |  |  | } | 
| 249 |  |  |  |  |  |  |  | 
| 250 |  |  |  |  |  |  | ############################################################################### | 
| 251 |  |  |  |  |  |  | # Convert certificates from old array format to new string format | 
| 252 |  |  |  |  |  |  | ############################################################################### | 
| 253 |  |  |  |  |  |  |  | 
| 254 |  |  |  |  |  |  | sub _convert_cert { | 
| 255 | 38 |  |  | 38 |  | 65 | my $pdata = shift;   # pdata is a ref | 
| 256 |  |  |  |  |  |  |  | 
| 257 | 38 | 50 |  |  |  | 98 | return '' if scalar @$pdata == 0; | 
| 258 | 38 |  |  |  |  | 67 | my $n = shift @$pdata; | 
| 259 | 38 | 100 |  |  |  | 100 | if (length($n) == 1) { | 
| 260 | 3 | 100 |  |  |  | 15 | return "Type Small\nN $n\n" if $n =~ /^[2357]$/; | 
| 261 | 2 |  |  |  |  | 5 | return ''; | 
| 262 |  |  |  |  |  |  | } | 
| 263 | 35 | 50 |  |  |  | 164 | $n = Math::BigInt->new("$n") if ref($n) ne 'Math::BigInt'; | 
| 264 | 35 | 100 |  |  |  | 1742 | return '' if $n->is_even; | 
| 265 |  |  |  |  |  |  |  | 
| 266 | 34 | 100 |  |  |  | 419 | my $method = (scalar @$pdata > 0) ? shift @$pdata : 'BPSW'; | 
| 267 |  |  |  |  |  |  |  | 
| 268 | 34 | 100 |  |  |  | 86 | if ($method eq 'BPSW') { | 
| 269 | 3 | 100 |  |  |  | 8 | return '' if $n > $_smallval; | 
| 270 | 2 | 50 |  |  |  | 62 | return '' if is_prob_prime($n) != 2; | 
| 271 | 0 |  |  |  |  | 0 | return "Type Small\nN $n\n"; | 
| 272 |  |  |  |  |  |  | } | 
| 273 |  |  |  |  |  |  |  | 
| 274 | 31 | 100 | 66 |  |  | 117 | if ($method eq 'Pratt' || $method eq 'Lucas') { | 
| 275 | 12 | 50 | 33 |  |  | 80 | if (scalar @$pdata != 2 || ref($$pdata[0]) ne 'ARRAY' || ref($$pdata[1]) eq 'ARRAY') { | 
|  |  |  | 33 |  |  |  |  | 
| 276 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect Pratt format, must have factors and a value\n"; | 
| 277 | 0 |  |  |  |  | 0 | return ''; | 
| 278 |  |  |  |  |  |  | } | 
| 279 | 12 |  |  |  |  | 20 | my @factors = @{shift @$pdata}; | 
|  | 12 |  |  |  |  | 29 |  | 
| 280 | 12 |  |  |  |  | 21 | my $a = shift @$pdata; | 
| 281 | 12 |  |  |  |  | 36 | my $cert = "Type Lucas\nN     $n\n"; | 
| 282 | 12 |  |  |  |  | 248 | foreach my $i (0 .. $#factors) { | 
| 283 | 49 | 100 |  |  |  | 90 | my $f = (ref($factors[$i]) eq 'ARRAY') ? $factors[$i]->[0] : $factors[$i]; | 
| 284 | 49 |  |  |  |  | 135 | $cert .= sprintf("Q[%d]  %s\n", $i+1, $f); | 
| 285 |  |  |  |  |  |  | } | 
| 286 | 12 |  |  |  |  | 30 | $cert .= "A     $a\n\n"; | 
| 287 |  |  |  |  |  |  |  | 
| 288 | 12 |  |  |  |  | 17 | foreach my $farray (@factors) { | 
| 289 | 49 | 100 |  |  |  | 85 | if (ref($farray) eq 'ARRAY') { | 
| 290 | 4 |  |  |  |  | 8 | $cert .= _convert_cert($farray); | 
| 291 |  |  |  |  |  |  | } | 
| 292 |  |  |  |  |  |  | } | 
| 293 | 12 |  |  |  |  | 43 | return $cert; | 
| 294 |  |  |  |  |  |  | } | 
| 295 | 19 | 100 |  |  |  | 45 | if ($method eq 'n-1') { | 
| 296 | 12 | 0 | 33 |  |  | 38 | if (scalar @$pdata == 3 && ref($$pdata[0]) eq 'ARRAY' && $$pdata[0]->[0] =~ /^(B|T7|Theorem\s*7)$/i) { | 
|  |  |  | 33 |  |  |  |  | 
| 297 | 0 |  |  |  |  | 0 | croak "Unsupported BLS7 proof in conversion"; | 
| 298 |  |  |  |  |  |  | } | 
| 299 | 12 | 50 | 33 |  |  | 77 | if (scalar @$pdata != 2 || ref($$pdata[0]) ne 'ARRAY' || ref($$pdata[1]) ne 'ARRAY') { | 
|  |  |  | 33 |  |  |  |  | 
| 300 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect n-1 format, must have factors and a values\n"; | 
| 301 | 0 |  |  |  |  | 0 | return ''; | 
| 302 |  |  |  |  |  |  | } | 
| 303 | 12 |  |  |  |  | 24 | my @factors = @{shift @$pdata}; | 
|  | 12 |  |  |  |  | 28 |  | 
| 304 | 12 |  |  |  |  | 19 | my @as = @{shift @$pdata}; | 
|  | 12 |  |  |  |  | 21 |  | 
| 305 | 12 | 50 |  |  |  | 34 | if (scalar @factors != scalar @as) { | 
| 306 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect n-1 format, must have a value for each factor\n"; | 
| 307 | 0 |  |  |  |  | 0 | return ''; | 
| 308 |  |  |  |  |  |  | } | 
| 309 |  |  |  |  |  |  | # Make sure 2 is at the top | 
| 310 | 12 |  |  |  |  | 32 | foreach my $i (1 .. $#factors) { | 
| 311 | 38 | 100 |  |  |  | 79 | my $f = (ref($factors[$i]) eq 'ARRAY') ? $factors[$i]->[0] : $factors[$i]; | 
| 312 | 38 | 50 |  |  |  | 79 | if ($f == 2) { | 
| 313 | 0 |  |  |  |  | 0 | my $tf = $factors[0];  $factors[0] = $factors[$i];  $factors[$i] = $tf; | 
|  | 0 |  |  |  |  | 0 |  | 
|  | 0 |  |  |  |  | 0 |  | 
| 314 | 0 |  |  |  |  | 0 | my $ta = $as[0];  $as[0] = $as[$i];  $as[$i] = $ta; | 
|  | 0 |  |  |  |  | 0 |  | 
|  | 0 |  |  |  |  | 0 |  | 
| 315 |  |  |  |  |  |  | } | 
| 316 |  |  |  |  |  |  | } | 
| 317 | 12 | 100 |  |  |  | 58 | return '' unless $factors[0] == 2; | 
| 318 | 11 |  |  |  |  | 37 | my $cert = "Type BLS5\nN     $n\n"; | 
| 319 | 11 |  |  |  |  | 278 | foreach my $i (1 .. $#factors) { | 
| 320 | 35 | 100 |  |  |  | 81 | my $f = (ref($factors[$i]) eq 'ARRAY') ? $factors[$i]->[0] : $factors[$i]; | 
| 321 | 35 |  |  |  |  | 97 | $cert .= sprintf("Q[%d]  %s\n", $i, $f); | 
| 322 |  |  |  |  |  |  | } | 
| 323 | 11 |  |  |  |  | 27 | foreach my $i (0 .. $#as) { | 
| 324 | 46 | 100 |  |  |  | 89 | $cert .= sprintf("A[%d]  %s\n", $i, $as[$i]) if $as[$i] != 2; | 
| 325 |  |  |  |  |  |  | } | 
| 326 | 11 |  |  |  |  | 21 | $cert .= "----\n\n"; | 
| 327 | 11 |  |  |  |  | 21 | foreach my $farray (@factors) { | 
| 328 | 46 | 100 |  |  |  | 80 | if (ref($farray) eq 'ARRAY') { | 
| 329 | 3 |  |  |  |  | 38 | $cert .= _convert_cert($farray); | 
| 330 |  |  |  |  |  |  | } | 
| 331 |  |  |  |  |  |  | } | 
| 332 | 11 |  |  |  |  | 79 | return $cert; | 
| 333 |  |  |  |  |  |  | } | 
| 334 | 7 | 50 | 33 |  |  | 28 | if ($method eq 'ECPP' || $method eq 'AGKM') { | 
| 335 | 7 | 50 |  |  |  | 19 | if (scalar @$pdata < 1) { | 
| 336 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect AGKM format\n"; | 
| 337 | 0 |  |  |  |  | 0 | return ''; | 
| 338 |  |  |  |  |  |  | } | 
| 339 | 7 |  |  |  |  | 10 | my $cert = ''; | 
| 340 | 7 |  |  |  |  | 15 | my $q = $n; | 
| 341 | 7 |  |  |  |  | 14 | foreach my $block (@$pdata) { | 
| 342 | 14 | 50 | 33 |  |  | 70 | if (ref($block) ne 'ARRAY' || scalar @$block != 6) { | 
| 343 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect AGKM block format\n"; | 
| 344 | 0 |  |  |  |  | 0 | return ''; | 
| 345 |  |  |  |  |  |  | } | 
| 346 | 14 |  |  |  |  | 45 | my($ni, $a, $b, $m, $qval, $P) = @$block; | 
| 347 | 14 | 50 |  |  |  | 43 | if (Math::BigInt->new("$ni") != Math::BigInt->new("$q")) { | 
| 348 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect AGKM block format: block n != q\n"; | 
| 349 | 0 |  |  |  |  | 0 | return ''; | 
| 350 |  |  |  |  |  |  | } | 
| 351 | 14 | 100 |  |  |  | 1546 | $q = ref($qval) eq 'ARRAY' ? $qval->[0] : $qval; | 
| 352 | 14 | 50 | 33 |  |  | 63 | if (ref($P) ne 'ARRAY' || scalar @$P != 2) { | 
| 353 | 0 |  |  |  |  | 0 | carp "verify_prime: incorrect AGKM block point format\n"; | 
| 354 | 0 |  |  |  |  | 0 | return ''; | 
| 355 |  |  |  |  |  |  | } | 
| 356 | 14 |  |  |  |  | 24 | my ($x, $y) = @{$P}; | 
|  | 14 |  |  |  |  | 28 |  | 
| 357 | 14 |  |  |  |  | 98 | $cert .= "Type ECPP\nN $ni\nA $a\nB $b\nM $m\nQ $q\nX $x\nY $y\n\n"; | 
| 358 | 14 | 100 |  |  |  | 45 | if (ref($qval) eq 'ARRAY') { | 
| 359 | 1 |  |  |  |  | 3 | $cert .= _convert_cert($qval); | 
| 360 |  |  |  |  |  |  | } | 
| 361 |  |  |  |  |  |  | } | 
| 362 | 7 |  |  |  |  | 25 | return $cert; | 
| 363 |  |  |  |  |  |  | } | 
| 364 | 0 |  |  |  |  | 0 | carp "verify_prime: Unknown method: '$method'.\n"; | 
| 365 | 0 |  |  |  |  | 0 | return ''; | 
| 366 |  |  |  |  |  |  | } | 
| 367 |  |  |  |  |  |  |  | 
| 368 |  |  |  |  |  |  |  | 
| 369 |  |  |  |  |  |  | sub convert_array_cert_to_string { | 
| 370 | 31 |  |  | 31 | 1 | 84 | my @pdata = @_; | 
| 371 |  |  |  |  |  |  |  | 
| 372 |  |  |  |  |  |  | # Convert reference input to array | 
| 373 | 31 | 100 | 66 |  |  | 174 | @pdata = @{$pdata[0]} if scalar @pdata == 1 && ref($pdata[0]) eq 'ARRAY'; | 
|  | 29 |  |  |  |  | 83 |  | 
| 374 |  |  |  |  |  |  |  | 
| 375 | 31 | 100 |  |  |  | 92 | return '' if scalar @pdata == 0; | 
| 376 |  |  |  |  |  |  |  | 
| 377 | 30 |  |  |  |  | 59 | my $n = $pdata[0]; | 
| 378 | 30 |  |  |  |  | 87 | my $header = "[MPU - Primality Certificate]\nVersion 1.0\n\nProof for:\nN $n\n\n"; | 
| 379 |  |  |  |  |  |  |  | 
| 380 | 30 |  |  |  |  | 82 | my $cert = _convert_cert(\@pdata); | 
| 381 | 30 | 100 |  |  |  | 183 | return '' if $cert eq ''; | 
| 382 | 25 |  |  |  |  | 154 | return $header . $cert; | 
| 383 |  |  |  |  |  |  | } | 
| 384 |  |  |  |  |  |  |  | 
| 385 |  |  |  |  |  |  |  | 
| 386 |  |  |  |  |  |  | ############################################################################### | 
| 387 |  |  |  |  |  |  | # Verify certificate | 
| 388 |  |  |  |  |  |  | ############################################################################### | 
| 389 |  |  |  |  |  |  |  | 
| 390 |  |  |  |  |  |  | sub _primality_error ($) {  ## no critic qw(ProhibitSubroutinePrototypes) | 
| 391 | 0 | 0 |  | 0 |  | 0 | print "primality fail: $_[0]\n" if prime_get_config->{'verbose'}; | 
| 392 | 0 |  |  |  |  | 0 | return;  # error in certificate | 
| 393 |  |  |  |  |  |  | } | 
| 394 |  |  |  |  |  |  |  | 
| 395 |  |  |  |  |  |  | sub _pfail ($) {            ## no critic qw(ProhibitSubroutinePrototypes) | 
| 396 | 19 | 50 |  | 19 |  | 15833 | print "primality fail: $_[0]\n" if prime_get_config->{'verbose'}; | 
| 397 | 19 |  |  |  |  | 156 | return;  # Failed a condition | 
| 398 |  |  |  |  |  |  | } | 
| 399 |  |  |  |  |  |  |  | 
| 400 |  |  |  |  |  |  | sub _read_vars { | 
| 401 | 72 |  |  | 72 |  | 125 | my $lines = shift; | 
| 402 | 72 |  |  |  |  | 131 | my $type = shift; | 
| 403 | 72 |  |  |  |  | 168 | my %vars = map { $_ => 1 } @_; | 
|  | 178 |  |  |  |  | 499 |  | 
| 404 | 72 |  |  |  |  | 155 | my %return; | 
| 405 | 72 |  |  |  |  | 218 | while (scalar keys %vars) { | 
| 406 | 178 |  |  |  |  | 285 | my $line = shift @$lines; | 
| 407 | 178 | 50 |  |  |  | 324 | return _primality_error("end of file during type $type") unless defined $line; | 
| 408 |  |  |  |  |  |  | # Skip comments and blank lines | 
| 409 | 178 | 50 | 33 |  |  | 688 | next if $line =~ /^\s*#/ or $line =~ /^\s*$/; | 
| 410 | 178 |  |  |  |  | 297 | chomp($line); | 
| 411 | 178 | 50 |  |  |  | 370 | return _primality_error("Still missing values in type $type") if $line =~ /^Type /; | 
| 412 | 178 | 50 |  |  |  | 557 | if ($line =~ /^(\S+)\s+(-?\d+)/) { | 
| 413 | 178 |  |  |  |  | 435 | my ($var, $val) = ($1, $2); | 
| 414 | 178 |  |  |  |  | 292 | $var =~ tr/a-z/A-Z/; | 
| 415 | 178 | 50 |  |  |  | 369 | return _primality_error("Type $type: repeated or inappropriate var: $line") unless defined $vars{$var}; | 
| 416 | 178 |  |  |  |  | 302 | $return{$var} = $val; | 
| 417 | 178 |  |  |  |  | 448 | delete $vars{$var}; | 
| 418 |  |  |  |  |  |  | } else { | 
| 419 | 0 |  |  |  |  | 0 | return _primality_error("Unrecognized line: $line"); | 
| 420 |  |  |  |  |  |  | } | 
| 421 |  |  |  |  |  |  | } | 
| 422 |  |  |  |  |  |  | # Now return them in the order given, turned into bigints. | 
| 423 | 72 |  |  |  |  | 143 | return map { Math::BigInt->new("$return{$_}") } @_; | 
|  | 178 |  |  |  |  | 4411 |  | 
| 424 |  |  |  |  |  |  | } | 
| 425 |  |  |  |  |  |  |  | 
| 426 |  |  |  |  |  |  | sub _is_perfect_square { | 
| 427 | 4 |  |  | 4 |  | 2258 | my($n) = @_; | 
| 428 |  |  |  |  |  |  |  | 
| 429 | 4 | 50 |  |  |  | 17 | if (ref($n) eq 'Math::BigInt') { | 
| 430 | 4 |  |  |  |  | 14 | my $mc = int(($n & 31)->bstr); | 
| 431 | 4 | 50 | 66 |  |  | 1230 | if ($mc==0||$mc==1||$mc==4||$mc==9||$mc==16||$mc==17||$mc==25) { | 
|  |  |  | 66 |  |  |  |  | 
|  |  |  | 100 |  |  |  |  | 
|  |  |  | 66 |  |  |  |  | 
|  |  |  | 100 |  |  |  |  | 
|  |  |  | 66 |  |  |  |  | 
| 432 | 4 |  |  |  |  | 12 | my $sq = $n->copy->bsqrt->bfloor; | 
| 433 | 4 |  |  |  |  | 7773 | $sq->bmul($sq); | 
| 434 | 4 | 50 |  |  |  | 632 | return 1 if $sq == $n; | 
| 435 |  |  |  |  |  |  | } | 
| 436 |  |  |  |  |  |  | } else { | 
| 437 | 0 |  |  |  |  | 0 | my $mc = $n & 31; | 
| 438 | 0 | 0 | 0 |  |  | 0 | if ($mc==0||$mc==1||$mc==4||$mc==9||$mc==16||$mc==17||$mc==25) { | 
|  |  |  | 0 |  |  |  |  | 
|  |  |  | 0 |  |  |  |  | 
|  |  |  | 0 |  |  |  |  | 
|  |  |  | 0 |  |  |  |  | 
|  |  |  | 0 |  |  |  |  | 
| 439 | 0 |  |  |  |  | 0 | my $sq = int(sqrt($n)); | 
| 440 | 0 | 0 |  |  |  | 0 | return 1 if ($sq*$sq) == $n; | 
| 441 |  |  |  |  |  |  | } | 
| 442 |  |  |  |  |  |  | } | 
| 443 | 4 |  |  |  |  | 179 | 0; | 
| 444 |  |  |  |  |  |  | } | 
| 445 |  |  |  |  |  |  |  | 
| 446 |  |  |  |  |  |  | # Calculate Jacobi symbol (M|N) | 
| 447 |  |  |  |  |  |  | sub _jacobi { | 
| 448 | 1 |  |  | 1 |  | 22 | my($n, $m) = @_; | 
| 449 | 1 | 50 | 33 |  |  | 3 | return 0 if $m <= 0 || ($m % 2) == 0; | 
| 450 | 1 |  |  |  |  | 434 | my $j = 1; | 
| 451 | 1 | 50 |  |  |  | 4 | if ($n < 0) { | 
| 452 | 1 |  |  |  |  | 154 | $n = -$n; | 
| 453 | 1 | 50 |  |  |  | 30 | $j = -$j if ($m % 4) == 3; | 
| 454 |  |  |  |  |  |  | } | 
| 455 |  |  |  |  |  |  | # Split loop so we can reduce n/m to non-bigints after first iteration. | 
| 456 | 1 | 50 |  |  |  | 227 | if ($n != 0) { | 
| 457 | 1 |  |  |  |  | 152 | while (($n % 2) == 0) { | 
| 458 | 3 |  |  |  |  | 1751 | $n >>= 1; | 
| 459 | 3 | 50 | 33 |  |  | 424 | $j = -$j if ($m % 8) == 3 || ($m % 8) == 5; | 
| 460 |  |  |  |  |  |  | } | 
| 461 | 1 |  |  |  |  | 771 | ($n, $m) = ($m, $n); | 
| 462 | 1 | 50 | 33 |  |  | 3 | $j = -$j if ($n % 4) == 3 && ($m % 4) == 3; | 
| 463 | 1 |  |  |  |  | 227 | $n = $n % $m; | 
| 464 | 1 | 50 | 33 |  |  | 87 | $n = int($n->bstr) if ref($n) eq 'Math::BigInt' && $n <= $_maxint; | 
| 465 | 1 | 50 | 33 |  |  | 54 | $m = int($m->bstr) if ref($m) eq 'Math::BigInt' && $m <= $_maxint; | 
| 466 |  |  |  |  |  |  | } | 
| 467 | 1 |  |  |  |  | 42 | while ($n != 0) { | 
| 468 | 0 |  |  |  |  | 0 | while (($n % 2) == 0) { | 
| 469 | 0 |  |  |  |  | 0 | $n >>= 1; | 
| 470 | 0 | 0 | 0 |  |  | 0 | $j = -$j if ($m % 8) == 3 || ($m % 8) == 5; | 
| 471 |  |  |  |  |  |  | } | 
| 472 | 0 |  |  |  |  | 0 | ($n, $m) = ($m, $n); | 
| 473 | 0 | 0 | 0 |  |  | 0 | $j = -$j if ($n % 4) == 3 && ($m % 4) == 3; | 
| 474 | 0 |  |  |  |  | 0 | $n = $n % $m; | 
| 475 |  |  |  |  |  |  | } | 
| 476 | 1 | 50 |  |  |  | 5 | return ($m == 1) ? $j : 0; | 
| 477 |  |  |  |  |  |  | } | 
| 478 |  |  |  |  |  |  |  | 
| 479 |  |  |  |  |  |  | # Proof handlers (parse input and call verification) | 
| 480 |  |  |  |  |  |  |  | 
| 481 |  |  |  |  |  |  | sub _prove_ecpp { | 
| 482 | 13 |  |  | 13 |  | 49 | _verify_ecpp( _read_vars($_[0], 'ECPP', qw/N A B M Q X Y/) ); | 
| 483 |  |  |  |  |  |  | } | 
| 484 |  |  |  |  |  |  | sub _prove_ecpp3 { | 
| 485 | 1 |  |  | 1 |  | 6 | _verify_ecpp3( _read_vars($_[0], 'ECPP3', qw/N S R A B T/) ); | 
| 486 |  |  |  |  |  |  | } | 
| 487 |  |  |  |  |  |  | sub _prove_ecpp4 { | 
| 488 | 0 |  |  | 0 |  | 0 | _verify_ecpp4( _read_vars($_[0], 'ECPP4', qw/N S R J T/) ); | 
| 489 |  |  |  |  |  |  | } | 
| 490 |  |  |  |  |  |  | sub _prove_bls15 { | 
| 491 | 1 |  |  | 1 |  | 5 | _verify_bls15( _read_vars($_[0], 'BLS15', qw/N Q LP LQ/) ); | 
| 492 |  |  |  |  |  |  | } | 
| 493 |  |  |  |  |  |  | sub _prove_bls3 { | 
| 494 | 5 |  |  | 5 |  | 28 | _verify_bls3( _read_vars($_[0], 'BLS3', qw/N Q A/) ); | 
| 495 |  |  |  |  |  |  | } | 
| 496 |  |  |  |  |  |  | sub _prove_pock { | 
| 497 | 5 |  |  | 5 |  | 26 | _verify_pock( _read_vars($_[0], 'POCKLINGTON', qw/N Q A/) ); | 
| 498 |  |  |  |  |  |  | } | 
| 499 |  |  |  |  |  |  | sub _prove_small { | 
| 500 | 3 |  |  | 3 |  | 13 | _verify_small( _read_vars($_[0], 'Small', qw/N/) ); | 
| 501 |  |  |  |  |  |  | } | 
| 502 |  |  |  |  |  |  | sub _prove_bls5 { | 
| 503 | 16 |  |  | 16 |  | 34 | my $lines = shift; | 
| 504 |  |  |  |  |  |  | # No good way to do this using read_vars | 
| 505 | 16 |  |  |  |  | 34 | my ($n, @Q, @A); | 
| 506 | 16 |  |  |  |  | 28 | my $index = 0; | 
| 507 | 16 |  |  |  |  | 60 | $Q[0] = Math::BigInt->new(2);  # 2 is implicit | 
| 508 | 16 |  |  |  |  | 592 | while (1) { | 
| 509 | 124 |  |  |  |  | 3647 | my $line = shift @$lines; | 
| 510 | 124 | 50 |  |  |  | 228 | return _primality_error("end of file during type BLS5") unless defined $line; | 
| 511 |  |  |  |  |  |  | # Skip comments and blank lines | 
| 512 | 124 | 50 | 33 |  |  | 475 | next if $line =~ /^\s*#/ or $line =~ /^\s*$/; | 
| 513 |  |  |  |  |  |  | # Stop when we see a line starting with -. | 
| 514 | 124 | 100 |  |  |  | 226 | last if $line =~ /^-/; | 
| 515 | 108 |  |  |  |  | 140 | chomp($line); | 
| 516 | 108 | 100 |  |  |  | 387 | if ($line =~ /^N\s+(\d+)/) { | 
|  |  | 100 |  |  |  |  |  | 
|  |  | 50 |  |  |  |  |  | 
| 517 | 16 | 50 |  |  |  | 42 | return _primality_error("BLS5: N redefined") if defined $n; | 
| 518 | 16 |  |  |  |  | 64 | $n = Math::BigInt->new("$1"); | 
| 519 |  |  |  |  |  |  | } elsif ($line =~ /^Q\[(\d+)\]\s+(\d+)/) { | 
| 520 | 64 |  |  |  |  | 88 | $index++; | 
| 521 | 64 | 50 |  |  |  | 145 | return _primality_error("BLS5: Invalid index: $1") unless $1 == $index; | 
| 522 | 64 |  |  |  |  | 171 | $Q[$1] = Math::BigInt->new("$2"); | 
| 523 |  |  |  |  |  |  | } elsif ($line =~ /^A\[(\d+)\]\s+(\d+)/) { | 
| 524 | 28 | 50 | 33 |  |  | 105 | return _primality_error("BLS5: Invalid index: A[$1]") unless $1 >= 0 && $1 <= $index; | 
| 525 | 28 |  |  |  |  | 73 | $A[$1] = Math::BigInt->new("$2"); | 
| 526 |  |  |  |  |  |  | } else { | 
| 527 | 0 |  |  |  |  | 0 | return _primality_error("Unrecognized line: $line"); | 
| 528 |  |  |  |  |  |  | } | 
| 529 |  |  |  |  |  |  | } | 
| 530 | 16 |  |  |  |  | 56 | _verify_bls5($n, \@Q, \@A); | 
| 531 |  |  |  |  |  |  | } | 
| 532 |  |  |  |  |  |  |  | 
| 533 |  |  |  |  |  |  | sub _prove_lucas { | 
| 534 | 11 |  |  | 11 |  | 18 | my $lines = shift; | 
| 535 |  |  |  |  |  |  | # No good way to do this using read_vars | 
| 536 | 11 |  |  |  |  | 22 | my ($n, @Q, $a); | 
| 537 | 11 |  |  |  |  | 13 | my $index = 0; | 
| 538 | 11 |  |  |  |  | 19 | while (1) { | 
| 539 | 67 |  |  |  |  | 1789 | my $line = shift @$lines; | 
| 540 | 67 | 50 |  |  |  | 114 | return _primality_error("end of file during type Lucas") unless defined $line; | 
| 541 |  |  |  |  |  |  | # Skip comments and blank lines | 
| 542 | 67 | 50 | 33 |  |  | 241 | next if $line =~ /^\s*#/ or $line =~ /^\s*$/; | 
| 543 | 67 |  |  |  |  | 90 | chomp($line); | 
| 544 | 67 | 100 |  |  |  | 222 | if ($line =~ /^N\s+(\d+)/) { | 
|  |  | 100 |  |  |  |  |  | 
|  |  | 50 |  |  |  |  |  | 
| 545 | 11 | 50 |  |  |  | 24 | return _primality_error("Lucas: N redefined") if defined $n; | 
| 546 | 11 |  |  |  |  | 38 | $n = Math::BigInt->new("$1"); | 
| 547 |  |  |  |  |  |  | } elsif ($line =~ /^Q\[(\d+)\]\s+(\d+)/) { | 
| 548 | 45 |  |  |  |  | 58 | $index++; | 
| 549 | 45 | 50 |  |  |  | 96 | return _primality_error("Lucas: Invalid index: $1") unless $1 == $index; | 
| 550 | 45 |  |  |  |  | 112 | $Q[$1] = Math::BigInt->new("$2"); | 
| 551 |  |  |  |  |  |  | } elsif ($line =~ /^A\s+(\d+)/) { | 
| 552 | 11 |  |  |  |  | 38 | $a = Math::BigInt->new("$1"); | 
| 553 | 11 |  |  |  |  | 390 | last; | 
| 554 |  |  |  |  |  |  | } else { | 
| 555 | 0 |  |  |  |  | 0 | return _primality_error("Unrecognized line: $line"); | 
| 556 |  |  |  |  |  |  | } | 
| 557 |  |  |  |  |  |  | } | 
| 558 | 11 |  |  |  |  | 29 | _verify_lucas($n, \@Q, $a); | 
| 559 |  |  |  |  |  |  | } | 
| 560 |  |  |  |  |  |  |  | 
| 561 |  |  |  |  |  |  | # Verification routines | 
| 562 |  |  |  |  |  |  |  | 
| 563 |  |  |  |  |  |  | sub _verify_ecpp { | 
| 564 | 14 |  |  | 14 |  | 1258 | my ($n, $a, $b, $m, $q, $x, $y) = @_; | 
| 565 | 14 | 50 |  |  |  | 43 | return unless defined $n; | 
| 566 | 14 | 50 |  |  |  | 47 | $a %= $n if $a < 0; | 
| 567 | 14 | 50 |  |  |  | 1958 | $b %= $n if $b < 0; | 
| 568 | 14 | 50 |  |  |  | 1851 | return _pfail "ECPP: $n failed N > 0" unless $n > 0; | 
| 569 | 14 | 100 |  |  |  | 1913 | return _pfail "ECPP: $n failed gcd(N, 6) = 1" unless Math::BigInt::bgcd($n, 6) == 1; | 
| 570 | 13 | 100 |  |  |  | 3380 | return _pfail "ECPP: $n failed gcd(4*a^3 + 27*b^2, N) = 1" | 
| 571 |  |  |  |  |  |  | unless Math::BigInt::bgcd(4*$a*$a*$a+27*$b*$b,$n) == 1; | 
| 572 | 12 | 50 |  |  |  | 11821 | return _pfail "ECPP: $n failed Y^2 = X^3 + A*X + B mod N" | 
| 573 |  |  |  |  |  |  | unless ($y*$y) % $n == ($x*$x*$x + $a*$x + $b) % $n; | 
| 574 | 12 | 100 |  |  |  | 8439 | return _pfail "ECPP: $n failed M >= N - 2*sqrt(N) + 1" unless $m >= $n + 1 - $n->copy->bmul(4)->bsqrt(); | 
| 575 | 11 | 50 |  |  |  | 9171 | return _pfail "ECPP: $n failed M <= N + 2*sqrt(N) + 1" unless $m <= $n + 1 + $n->copy->bmul(4)->bsqrt(); | 
| 576 | 11 | 100 |  |  |  | 8644 | return _pfail "ECPP: $n failed Q > (N^(1/4)+1)^2" unless $q > $n->copy->broot(4)->badd(1)->bpow(2); | 
| 577 | 10 | 50 |  |  |  | 13732 | return _pfail "ECPP: $n failed Q < N" unless $q < $n; | 
| 578 | 10 | 50 |  |  |  | 274 | return _pfail "ECPP: $n failed M != Q" unless $m != $q; | 
| 579 | 10 |  |  |  |  | 284 | my ($mdivq, $rem) = $m->copy->bdiv($q); | 
| 580 | 10 | 100 |  |  |  | 1793 | return _pfail "ECPP: $n failed Q divides M" unless $rem == 0; | 
| 581 |  |  |  |  |  |  |  | 
| 582 |  |  |  |  |  |  | # Now verify the elliptic curve | 
| 583 | 9 |  |  |  |  | 1204 | my $correct_point = 0; | 
| 584 | 9 | 50 | 33 |  |  | 36 | if (prime_get_config->{'gmp'} && defined &Math::Prime::Util::GMP::_validate_ecpp_curve) { | 
| 585 | 0 |  |  |  |  | 0 | $correct_point = Math::Prime::Util::GMP::_validate_ecpp_curve($a, $b, $n, $x, $y, $m, $q); | 
| 586 |  |  |  |  |  |  | } else { | 
| 587 | 9 | 100 |  |  |  | 29 | if (!defined $Math::Prime::Util::ECAffinePoint::VERSION) { | 
| 588 | 1 |  |  |  |  | 540 | eval { require Math::Prime::Util::ECAffinePoint; 1; } | 
|  | 1 |  |  |  |  | 5 |  | 
| 589 | 1 | 50 |  |  |  | 2 | or do { die "Cannot load Math::Prime::Util::ECAffinePoint"; }; | 
|  | 0 |  |  |  |  | 0 |  | 
| 590 |  |  |  |  |  |  | } | 
| 591 | 9 |  |  |  |  | 50 | my $ECP = Math::Prime::Util::ECAffinePoint->new($a, $b, $n, $x, $y); | 
| 592 |  |  |  |  |  |  | # Compute U = (m/q)P, check U != point at infinity | 
| 593 | 9 |  |  |  |  | 25 | $ECP->mul( $m->copy->bdiv($q)->as_int ); | 
| 594 | 9 | 50 |  |  |  | 48 | if (!$ECP->is_infinity) { | 
| 595 |  |  |  |  |  |  | # Compute V = qU, check V = point at infinity | 
| 596 | 9 |  |  |  |  | 134 | $ECP->mul( $q ); | 
| 597 | 9 | 50 |  |  |  | 44 | $correct_point = 1 if $ECP->is_infinity; | 
| 598 |  |  |  |  |  |  | } | 
| 599 |  |  |  |  |  |  | } | 
| 600 | 9 | 50 |  |  |  | 280 | return _pfail "ECPP: $n failed elliptic curve conditions" unless $correct_point; | 
| 601 | 9 |  |  |  |  | 66 | ($n, $q); | 
| 602 |  |  |  |  |  |  | } | 
| 603 |  |  |  |  |  |  | sub _verify_ecpp3 { | 
| 604 | 1 |  |  | 1 |  | 55 | my ($n, $s, $r, $a, $b, $t) = @_; | 
| 605 | 1 | 50 |  |  |  | 6 | return unless defined $n; | 
| 606 | 1 | 50 |  |  |  | 6 | return _pfail "ECPP3: $n failed |A| <= N/2" unless abs($a) <= $n/2; | 
| 607 | 1 | 50 |  |  |  | 303 | return _pfail "ECPP3: $n failed |B| <= N/2" unless abs($b) <= $n/2; | 
| 608 | 1 | 50 |  |  |  | 243 | return _pfail "ECPP3: $n failed T >= 0" unless $t >= 0; | 
| 609 | 1 | 50 |  |  |  | 169 | return _pfail "ECPP3: $n failed T < N" unless $t < $n; | 
| 610 | 1 |  |  |  |  | 52 | my $l = ($t*$t*$t + $a*$t + $b) % $n; | 
| 611 | 1 |  |  |  |  | 382 | _verify_ecpp( $n, | 
| 612 |  |  |  |  |  |  | ($a * $l*$l) % $n, | 
| 613 |  |  |  |  |  |  | ($b * $l*$l*$l) % $n, | 
| 614 |  |  |  |  |  |  | $r*$s, | 
| 615 |  |  |  |  |  |  | $r, | 
| 616 |  |  |  |  |  |  | ($t*$l) % $n, | 
| 617 |  |  |  |  |  |  | ($l*$l) % $n    ); | 
| 618 |  |  |  |  |  |  | } | 
| 619 |  |  |  |  |  |  | sub _verify_ecpp4 { | 
| 620 | 0 |  |  | 0 |  | 0 | my ($n, $s, $r, $j, $t) = @_; | 
| 621 | 0 | 0 |  |  |  | 0 | return unless defined $n; | 
| 622 | 0 | 0 |  |  |  | 0 | return _pfail "ECPP4: $n failed |J| <= N/2" unless abs($j) <= $n/2; | 
| 623 | 0 | 0 |  |  |  | 0 | return _pfail "ECPP4: $n failed T >= 0" unless $t >= 0; | 
| 624 | 0 | 0 |  |  |  | 0 | return _pfail "ECPP4: $n failed T < N" unless $t < $n; | 
| 625 | 0 |  |  |  |  | 0 | my $a = 3 * $j * (1728 - $j); | 
| 626 | 0 |  |  |  |  | 0 | my $b = 2 * $j * (1728 - $j) * (1728 - $j); | 
| 627 | 0 |  |  |  |  | 0 | my $l = ($t*$t*$t + $a*$t + $b) % $n; | 
| 628 | 0 |  |  |  |  | 0 | _verify_ecpp( $n, | 
| 629 |  |  |  |  |  |  | ($a * $l*$l) % $n, | 
| 630 |  |  |  |  |  |  | ($b * $l*$l*$l) % $n, | 
| 631 |  |  |  |  |  |  | $r*$s, | 
| 632 |  |  |  |  |  |  | $r, | 
| 633 |  |  |  |  |  |  | ($t*$l) % $n, | 
| 634 |  |  |  |  |  |  | ($l*$l) % $n    ); | 
| 635 |  |  |  |  |  |  | } | 
| 636 |  |  |  |  |  |  |  | 
| 637 |  |  |  |  |  |  | sub _verify_bls15 { | 
| 638 | 1 |  |  | 1 |  | 32 | my ($n, $q, $lp, $lq) = @_; | 
| 639 | 1 | 50 |  |  |  | 4 | return unless defined $n; | 
| 640 | 1 | 50 |  |  |  | 5 | return _pfail "BLS15: $n failed Q odd" unless $q->is_odd(); | 
| 641 | 1 | 50 |  |  |  | 16 | return _pfail "BLS15: $n failed Q > 2" unless $q > 2; | 
| 642 | 1 |  |  |  |  | 128 | my ($m, $rem) = ($n+1)->copy->bdiv($q); | 
| 643 | 1 | 50 |  |  |  | 421 | return _pfail "BLS15: $n failed Q divides N+1" unless $rem == 0; | 
| 644 | 1 | 50 |  |  |  | 133 | return _pfail "BLS15: $n failed MQ-1 = N" unless $m*$q-1 == $n; | 
| 645 | 1 | 50 |  |  |  | 297 | return _pfail "BLS15: $n failed M > 0" unless $m > 0; | 
| 646 | 1 | 50 |  |  |  | 161 | return _pfail "BLS15: $n failed 2Q-1 > sqrt(N)" unless 2*$q-1 > $n->copy->bsqrt(); | 
| 647 | 1 |  |  |  |  | 1145 | my $D = $lp*$lp - 4*$lq; | 
| 648 | 1 | 50 |  |  |  | 274 | return _pfail "BLS15: $n failed D != 0" unless $D != 0; | 
| 649 | 1 | 50 |  |  |  | 127 | return _pfail "BLS15: $n failed jacobi(D,N) = -1" unless _jacobi($D,$n) == -1; | 
| 650 | 1 | 50 |  |  |  | 4 | return _pfail "BLS15: $n failed V_{m/2} mod N != 0" | 
| 651 |  |  |  |  |  |  | unless (lucas_sequence($n, $lp, $lq, $m/2))[1] != 0; | 
| 652 | 1 | 50 |  |  |  | 227 | return _pfail "BLS15: $n failed V_{(N+1)/2} mod N == 0" | 
| 653 |  |  |  |  |  |  | unless (lucas_sequence($n, $lp, $lq, ($n+1)/2))[1] == 0; | 
| 654 | 1 |  |  |  |  | 207 | ($n, $q); | 
| 655 |  |  |  |  |  |  | } | 
| 656 |  |  |  |  |  |  |  | 
| 657 |  |  |  |  |  |  | sub _verify_bls3 { | 
| 658 | 5 |  |  | 5 |  | 170 | my ($n, $q, $a) = @_; | 
| 659 | 5 | 50 |  |  |  | 57 | return unless defined $n; | 
| 660 | 5 | 50 |  |  |  | 26 | return _pfail "BLS3: $n failed Q odd" unless $q->is_odd(); | 
| 661 | 5 | 50 |  |  |  | 111 | return _pfail "BLS3: $n failed Q > 2" unless $q > 2; | 
| 662 | 5 |  |  |  |  | 518 | my ($m, $rem) = ($n-1)->copy->bdiv($q); | 
| 663 | 5 | 50 |  |  |  | 2215 | return _pfail "BLS3: $n failed Q divides N-1" unless $rem == 0; | 
| 664 | 5 | 50 |  |  |  | 735 | return _pfail "BLS3: $n failed MQ+1 = N" unless $m*$q+1 == $n; | 
| 665 | 5 | 50 |  |  |  | 1448 | return _pfail "BLS3: $n failed M > 0" unless $m > 0; | 
| 666 | 5 | 50 |  |  |  | 755 | return _pfail "BLS3: $n failed 2Q+1 > sqrt(n)" unless 2*$q+1 > $n->copy->bsqrt(); | 
| 667 | 5 | 50 |  |  |  | 5310 | return _pfail "BLS3: $n failed A^((N-1)/2) = N-1 mod N" unless $a->copy->bmodpow(($n-1)/2, $n) == $n-1; | 
| 668 | 5 | 50 |  |  |  | 122982 | return _pfail "BLS3: $n failed A^(M/2) != N-1 mod N" unless $a->copy->bmodpow($m/2,$n) != $n-1; | 
| 669 | 5 |  |  |  |  | 51933 | ($n, $q); | 
| 670 |  |  |  |  |  |  | } | 
| 671 |  |  |  |  |  |  | sub _verify_pock { | 
| 672 | 5 |  |  | 5 |  | 206 | my ($n, $q, $a) = @_; | 
| 673 | 5 | 50 |  |  |  | 20 | return unless defined $n; | 
| 674 | 5 |  |  |  |  | 21 | my ($m, $rem) = ($n-1)->copy->bdiv($q); | 
| 675 | 5 | 50 |  |  |  | 2213 | return _pfail "Pocklington: $n failed Q divides N-1" unless $rem == 0; | 
| 676 | 5 | 50 |  |  |  | 691 | return _pfail "Pocklington: $n failed M is even" unless $m->is_even(); | 
| 677 | 5 | 50 |  |  |  | 83 | return _pfail "Pocklington: $n failed M > 0" unless $m > 0; | 
| 678 | 5 | 50 |  |  |  | 749 | return _pfail "Pocklington: $n failed M < Q" unless $m < $q; | 
| 679 | 5 | 50 |  |  |  | 171 | return _pfail "Pocklington: $n failed MQ+1 = N" unless $m*$q+1 == $n; | 
| 680 | 5 | 50 |  |  |  | 1405 | return _pfail "Pocklington: $n failed A > 1" unless $a > 1; | 
| 681 | 5 | 50 |  |  |  | 448 | return _pfail "Pocklington: $n failed A^(N-1) mod N = 1" | 
| 682 |  |  |  |  |  |  | unless $a->copy->bmodpow($n-1, $n) == 1; | 
| 683 | 5 | 50 |  |  |  | 158144 | return _pfail "Pocklington: $n failed gcd(A^M - 1, N) = 1" | 
| 684 |  |  |  |  |  |  | unless Math::BigInt::bgcd($a->copy->bmodpow($m, $n)-1, $n) == 1; | 
| 685 | 5 |  |  |  |  | 106631 | ($n, $q); | 
| 686 |  |  |  |  |  |  | } | 
| 687 |  |  |  |  |  |  | sub _verify_small { | 
| 688 | 3 |  |  | 3 |  | 117 | my ($n) = @_; | 
| 689 | 3 | 50 |  |  |  | 7 | return unless defined $n; | 
| 690 | 3 | 50 |  |  |  | 7 | return _pfail "Small n $n is > 2^64\n" if $n > $_smallval; | 
| 691 | 3 | 50 |  |  |  | 117 | return _pfail "Small n $n does not pass BPSW" unless is_prob_prime($n); | 
| 692 | 3 |  |  |  |  | 132 | ($n); | 
| 693 |  |  |  |  |  |  | } | 
| 694 |  |  |  |  |  |  |  | 
| 695 |  |  |  |  |  |  | sub _verify_bls5 { | 
| 696 | 16 |  |  | 16 |  | 34 | my ($n, $Qr, $Ar) = @_; | 
| 697 | 16 | 50 |  |  |  | 54 | return unless defined $n; | 
| 698 | 16 |  |  |  |  | 25 | my @Q = @{$Qr}; | 
|  | 16 |  |  |  |  | 46 |  | 
| 699 | 16 |  |  |  |  | 34 | my @A = @{$Ar}; | 
|  | 16 |  |  |  |  | 32 |  | 
| 700 | 16 |  |  |  |  | 52 | my $nm1 = $n - 1; | 
| 701 | 16 |  |  |  |  | 3119 | my $F = Math::BigInt->bone; | 
| 702 | 16 |  |  |  |  | 416 | my $R = $nm1->copy; | 
| 703 | 16 |  |  |  |  | 284 | my $index = $#Q; | 
| 704 | 16 |  |  |  |  | 47 | foreach my $i (0 .. $index) { | 
| 705 | 77 | 50 |  |  |  | 25676 | return _primality_error "BLS5: $n failed Q[$i] doesn't exist" unless defined $Q[$i]; | 
| 706 | 77 | 100 |  |  |  | 206 | $A[$i] = Math::BigInt->new(2) unless defined $A[$i]; | 
| 707 | 77 | 50 |  |  |  | 1606 | return _pfail "BLS5: $n failed Q[$i] > 1" unless $Q[$i] > 1; | 
| 708 | 77 | 50 |  |  |  | 6634 | return _pfail "BLS5: $n failed Q[$i] < N-1" unless $Q[$i] < $nm1; | 
| 709 | 77 | 50 |  |  |  | 2162 | return _pfail "BLS5: $n failed A[$i] > 1" unless $A[$i] > 1; | 
| 710 | 77 | 50 |  |  |  | 6376 | return _pfail "BLS5: $n failed A[$i] < N" unless $A[$i] < $n; | 
| 711 | 77 | 100 |  |  |  | 2154 | return _pfail "BLS5: $n failed Q[$i] divides N-1" unless ($nm1 % $Q[$i]) == 0; | 
| 712 | 76 |  |  |  |  | 19959 | while (($R % $Q[$i]) == 0) { | 
| 713 | 88 |  |  |  |  | 22886 | $F *= $Q[$i]; | 
| 714 | 88 |  |  |  |  | 5001 | $R /= $Q[$i]; | 
| 715 |  |  |  |  |  |  | } | 
| 716 |  |  |  |  |  |  | } | 
| 717 | 15 | 50 |  |  |  | 5069 | die "BLS5: Internal error R != (N-1)/F\n" unless $R == $nm1/$F; | 
| 718 | 15 | 50 |  |  |  | 3769 | return _pfail "BLS5: $n failed F is even" unless $F->is_even(); | 
| 719 | 15 | 50 |  |  |  | 196 | return _pfail "BLS5: $n failed gcd(F, R) = 1\n" unless Math::BigInt::bgcd($F,$R) == 1; | 
| 720 | 15 |  |  |  |  | 16277 | my ($s, $r) = $R->copy->bdiv(2*$F); | 
| 721 | 15 |  |  |  |  | 4962 | my $P = ($F+1) * (2 * $F * $F + ($r-1)*$F + 1); | 
| 722 | 15 | 100 |  |  |  | 14647 | return _pfail "BLS5: $n failed n < P" unless $n < $P; | 
| 723 | 13 | 50 | 66 |  |  | 401 | return _pfail "BLS5: $n failed s=0 OR r^2-8s not a perfect square" | 
| 724 |  |  |  |  |  |  | unless $s == 0 or !_is_perfect_square($r*$r - 8*$s); | 
| 725 | 13 |  |  |  |  | 1176 | foreach my $i (0 .. $index) { | 
| 726 | 68 |  |  |  |  | 34338384 | my $a = $A[$i]; | 
| 727 | 68 |  |  |  |  | 163 | my $q = $Q[$i]; | 
| 728 | 68 | 50 |  |  |  | 232 | return _pfail "BLS5: $n failed A[i]^(N-1) mod N = 1" | 
| 729 |  |  |  |  |  |  | unless $a->copy->bmodpow($nm1, $n)->is_one; | 
| 730 | 68 | 100 |  |  |  | 48507451 | return _pfail "BLS5: $n failed gcd(A[i]^((N-1)/Q[i])-1, N) = 1" | 
| 731 |  |  |  |  |  |  | unless Math::BigInt::bgcd($a->copy->bmodpow($nm1/$q, $n)->bdec, $n)->is_one; | 
| 732 |  |  |  |  |  |  | } | 
| 733 | 12 |  |  |  |  | 2764348 | ($n, @Q); | 
| 734 |  |  |  |  |  |  | } | 
| 735 |  |  |  |  |  |  |  | 
| 736 |  |  |  |  |  |  | sub _verify_lucas { | 
| 737 | 11 |  |  | 11 |  | 25 | my ($n, $Qr, $a) = @_; | 
| 738 | 11 | 50 |  |  |  | 23 | return unless defined $n; | 
| 739 | 11 |  |  |  |  | 19 | my @Q = @{$Qr}; | 
|  | 11 |  |  |  |  | 26 |  | 
| 740 | 11 |  |  |  |  | 16 | my $index = $#Q; | 
| 741 | 11 | 50 |  |  |  | 30 | return _pfail "Lucas: $n failed A > 1" unless $a > 1; | 
| 742 | 11 | 100 |  |  |  | 998 | return _pfail "Lucas: $n failed A < N" unless $a < $n; | 
| 743 | 10 |  |  |  |  | 332 | my $nm1 = $n - 1; | 
| 744 | 10 |  |  |  |  | 1784 | my $F = Math::BigInt->bone; | 
| 745 | 10 |  |  |  |  | 242 | my $R = $nm1->copy; | 
| 746 | 10 | 50 |  |  |  | 161 | return _pfail "Lucas: $n failed A^(N-1) mod N = 1" | 
| 747 |  |  |  |  |  |  | unless $a->copy->bmodpow($nm1, $n) == 1; | 
| 748 | 10 |  |  |  |  | 37749 | foreach my $i (1 .. $index) { | 
| 749 | 26 | 50 |  |  |  | 5002 | return _primality_error "Lucas: $n failed Q[$i] doesn't exist" unless defined $Q[$i]; | 
| 750 | 26 | 50 |  |  |  | 61 | return _pfail "Lucas: $n failed Q[$i] > 1" unless $Q[$i] > 1; | 
| 751 | 26 | 50 |  |  |  | 2323 | return _pfail "Lucas: $n failed Q[$i] < N-1" unless $Q[$i] < $nm1; | 
| 752 | 26 | 100 |  |  |  | 708 | return _pfail "Lucas: $n failed Q[$i] divides N-1" unless ($nm1 % $Q[$i]) == 0; | 
| 753 | 23 | 100 |  |  |  | 5153 | return _pfail "Lucas: $n failed A^((N-1)/Q[$i]) mod N != 1" | 
| 754 |  |  |  |  |  |  | unless $a->copy->bmodpow($nm1/$Q[$i], $n) != 1; | 
| 755 | 22 |  |  |  |  | 60857 | while (($R % $Q[$i]) == 0) { | 
| 756 | 29 |  |  |  |  | 6806 | $F *= $Q[$i]; | 
| 757 | 29 |  |  |  |  | 1398 | $R /= $Q[$i]; | 
| 758 |  |  |  |  |  |  | } | 
| 759 |  |  |  |  |  |  | } | 
| 760 | 6 | 100 | 66 |  |  | 1840 | return _pfail("Lucas: $n failed N-1 has only factors Q") unless $R == 1 && $F == $nm1; | 
| 761 | 5 |  |  |  |  | 568 | shift @Q;  # Remove Q[0] | 
| 762 | 5 |  |  |  |  | 30 | ($n, @Q); | 
| 763 |  |  |  |  |  |  | } | 
| 764 |  |  |  |  |  |  |  | 
| 765 |  |  |  |  |  |  | sub verify_cert { | 
| 766 | 50 | 100 |  | 50 | 1 | 170 | my $cert = (@_ == 1) ? $_[0] : convert_array_cert_to_string(@_); | 
| 767 | 50 | 100 |  |  |  | 179 | $cert = convert_array_cert_to_string($cert) if ref($cert) eq 'ARRAY'; | 
| 768 | 50 | 100 |  |  |  | 164 | return 0 if $cert eq ''; | 
| 769 |  |  |  |  |  |  |  | 
| 770 | 44 |  |  |  |  | 74 | my %parts;  # Map of "N is prime if Q is prime" | 
| 771 | 44 |  |  |  |  | 370 | my %proof_funcs = ( | 
| 772 |  |  |  |  |  |  | ECPP        =>  \&_prove_ecpp,    # Standard ECPP proof | 
| 773 |  |  |  |  |  |  | ECPP3       =>  \&_prove_ecpp3,   # Primo type 3 | 
| 774 |  |  |  |  |  |  | ECPP4       =>  \&_prove_ecpp4,   # Primo type 4 | 
| 775 |  |  |  |  |  |  | BLS15       =>  \&_prove_bls15,   # basic n+1, includes Primo type 2 | 
| 776 |  |  |  |  |  |  | BLS3        =>  \&_prove_bls3,    # basic n-1 | 
| 777 |  |  |  |  |  |  | BLS5        =>  \&_prove_bls5,    # much better n-1 | 
| 778 |  |  |  |  |  |  | SMALL       =>  \&_prove_small,   # n <= 2^64 | 
| 779 |  |  |  |  |  |  | POCKLINGTON =>  \&_prove_pock,    # simple n-1, Primo type 1 | 
| 780 |  |  |  |  |  |  | LUCAS       =>  \&_prove_lucas,   # n-1 completely factored | 
| 781 |  |  |  |  |  |  | ); | 
| 782 | 44 |  |  |  |  | 81 | my $base = 10; | 
| 783 | 44 |  |  |  |  | 74 | my $cert_type = 'Unknown'; | 
| 784 | 44 |  |  |  |  | 79 | my $N; | 
| 785 |  |  |  |  |  |  |  | 
| 786 | 44 |  |  |  |  | 253 | my @lines = split /^/, $cert; | 
| 787 | 44 |  |  |  |  | 92 | my $lines = \@lines; | 
| 788 | 44 |  |  |  |  | 116 | while (@$lines)  { | 
| 789 | 287 |  |  |  |  | 1079 | my $line = shift @$lines; | 
| 790 | 287 | 100 | 66 |  |  | 1393 | next if $line =~ /^\s*#/ or $line =~ /^\s*$/;  # Skip comments / blank lines | 
| 791 | 187 |  |  |  |  | 369 | chomp($line); | 
| 792 | 187 | 100 |  |  |  | 502 | if ($line =~ /^\[(\S+) - Primality Certificate\]/) { | 
| 793 | 44 | 50 |  |  |  | 157 | if ($1 ne 'MPU') { | 
| 794 | 0 |  |  |  |  | 0 | return _primality_error "Unknown certificate type: $1"; | 
| 795 |  |  |  |  |  |  | } | 
| 796 | 44 |  |  |  |  | 90 | $cert_type = $1; | 
| 797 | 44 |  |  |  |  | 105 | next; | 
| 798 |  |  |  |  |  |  | } | 
| 799 | 143 | 100 | 33 |  |  | 861 | if ( ($cert_type eq 'PRIMO' && $line =~ /^\[Candidate\]/) || ($cert_type eq 'MPU' && $line =~ /^Proof for:/) ) { | 
|  |  |  | 66 |  |  |  |  | 
|  |  |  | 66 |  |  |  |  | 
| 800 | 44 | 50 |  |  |  | 122 | return _primality_error "Certificate with multiple N values" if defined $N; | 
| 801 | 44 |  |  |  |  | 126 | ($N) = _read_vars($lines, 'Proof for', qw/N/); | 
| 802 | 44 | 100 |  |  |  | 2425 | if (!is_prob_prime($N)) { | 
| 803 | 2 |  |  |  |  | 116 | _pfail "N '$N' does not look prime."; | 
| 804 | 2 |  |  |  |  | 14 | return 0; | 
| 805 |  |  |  |  |  |  | } | 
| 806 | 42 |  |  |  |  | 4234 | next; | 
| 807 |  |  |  |  |  |  | } | 
| 808 | 99 | 50 |  |  |  | 253 | if ($line =~ /^Base (\d+)/) { | 
| 809 | 0 |  |  |  |  | 0 | $base = $1; | 
| 810 | 0 | 0 |  |  |  | 0 | return _primality_error "Only base 10 supported, sorry" unless $base == 10; | 
| 811 | 0 |  |  |  |  | 0 | next; | 
| 812 |  |  |  |  |  |  | } | 
| 813 | 99 | 100 |  |  |  | 405 | if ($line =~ /^Type (.*?)\s*$/) { | 
| 814 | 55 | 50 |  |  |  | 170 | return _primality_error("Starting type without telling me the N value!") unless defined $N; | 
| 815 | 55 |  |  |  |  | 151 | my $type = $1; | 
| 816 | 55 |  |  |  |  | 121 | $type =~ tr/a-z/A-Z/; | 
| 817 | 55 | 50 |  |  |  | 172 | error("Unknown type: $type") unless defined $proof_funcs{$type}; | 
| 818 | 55 |  |  |  |  | 157 | my ($n, @q) = $proof_funcs{$type}->($lines); | 
| 819 | 55 | 100 |  |  |  | 392 | return 0 unless defined $n; | 
| 820 | 40 |  |  |  |  | 173 | $parts{$n} = [@q]; | 
| 821 |  |  |  |  |  |  | } | 
| 822 |  |  |  |  |  |  | } | 
| 823 |  |  |  |  |  |  |  | 
| 824 | 27 | 50 |  |  |  | 854 | return _primality_error("No N") unless defined $N; | 
| 825 | 27 |  |  |  |  | 103 | my @qs = ($N); | 
| 826 | 27 |  |  |  |  | 89 | while (@qs) { | 
| 827 | 126 |  |  |  |  | 3348 | my $q = shift @qs; | 
| 828 |  |  |  |  |  |  | # Check that this q has a chain | 
| 829 | 126 | 100 |  |  |  | 257 | if (!defined $parts{$q}) { | 
| 830 | 90 | 50 |  |  |  | 1584 | if ($q > $_smallval) { | 
| 831 | 0 |  |  |  |  | 0 | _primality_error "q value $q has no proof\n"; | 
| 832 | 0 |  |  |  |  | 0 | return 0; | 
| 833 |  |  |  |  |  |  | } | 
| 834 | 90 | 100 |  |  |  | 2949 | if (!is_prob_prime($q)) { | 
| 835 | 2 |  |  |  |  | 68 | _pfail "Small n $q does not pass BPSW"; | 
| 836 | 2 |  |  |  |  | 29 | return 0; | 
| 837 |  |  |  |  |  |  | } | 
| 838 |  |  |  |  |  |  | } else { | 
| 839 | 36 | 50 |  |  |  | 879 | die "Internal error: Invalid parts entry" if ref($parts{$q}) ne 'ARRAY'; | 
| 840 |  |  |  |  |  |  | # q is prime if all it's chains are prime. | 
| 841 | 36 |  |  |  |  | 829 | push @qs, @{$parts{$q}}; | 
|  | 36 |  |  |  |  | 77 |  | 
| 842 |  |  |  |  |  |  | } | 
| 843 |  |  |  |  |  |  | } | 
| 844 | 25 |  |  |  |  | 1777 | 1; | 
| 845 |  |  |  |  |  |  | } | 
| 846 |  |  |  |  |  |  |  | 
| 847 |  |  |  |  |  |  | 1; | 
| 848 |  |  |  |  |  |  |  | 
| 849 |  |  |  |  |  |  | __END__ |