aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-07-07 02:06:03 +0000
committerlloyd <[email protected]>2008-07-07 02:06:03 +0000
commit45558407b8d28c8f6099239f16c87034917b4a61 (patch)
treefaa0850cf59b490b859c62369d8cd11fdd3bf14d /src
parent879343baccf98c23d3b3f9a3faba64b65df31eac (diff)
Add an implementation of the Shanks-Tonelli algorithm, which is used to
find square roots modulo a prime. Contributed by FlexSecure GmbH
Diffstat (limited to 'src')
-rw-r--r--src/ressol.cpp82
1 files changed, 82 insertions, 0 deletions
diff --git a/src/ressol.cpp b/src/ressol.cpp
new file mode 100644
index 000000000..e0967eae4
--- /dev/null
+++ b/src/ressol.cpp
@@ -0,0 +1,82 @@
+/*************************************************
+* Shanks-Tonnelli (RESSOL) Source File *
+* (C) 2007-2008 Falko Strenzke, FlexSecure GmbH *
+* (C) 2008 Jack Lloyd *
+*************************************************/
+
+#include <botan/numthry.h>
+#include <botan/reducer.h>
+
+#include <iostream>
+
+namespace Botan {
+
+/*************************************************
+* Shanks-Tonnelli algorithm *
+*************************************************/
+BigInt ressol(const BigInt& a, const BigInt& p)
+ {
+ if(a < 0)
+ throw Invalid_Argument("ressol(): a to solve for must be positive");
+ if(p <= 1)
+ throw Invalid_Argument("ressol(): prime must be > 1");
+
+ if(a == 0)
+ return 0;
+ if(p == 2)
+ return a;
+
+ if(jacobi(a, p) != 1) // not a quadratic residue
+ return -1;
+
+ if(p % 4 == 3)
+ return power_mod(a, ((p+1) >> 2), p);
+
+ u32bit s = low_zero_bits(p - 1);
+ BigInt q = p >> s;
+
+ q -= 1;
+ q >>= 1;
+
+ Modular_Reducer mod_p(p);
+
+ BigInt r = power_mod(a, q, p);
+ BigInt n = mod_p.multiply(a, mod_p.square(r));
+ r = mod_p.multiply(r, a);
+
+ if(n == 1)
+ return r;
+
+ // find random non quadratic residue z
+ BigInt z = 2;
+ while(jacobi(z, p) == 1) // while z quadratic residue
+ ++z;
+
+ BigInt c = power_mod(z, (q << 1) + 1, p);
+
+ while(n > 1)
+ {
+ q = n;
+
+ u32bit i = 0;
+ while(q != 1)
+ {
+ q = mod_p.square(q);
+ ++i;
+ }
+ u32bit t = s;
+
+ if(t <= i)
+ return -1;
+
+ c = power_mod(c, BigInt(BigInt::Power2, t-i-1), p);
+ r = mod_p.multiply(r, c);
+ c = mod_p.square(c);
+ n = mod_p.multiply(n, c);
+ s = i;
+ }
+
+ return r;
+ }
+
+}