drygdryg/calc
1
0
Fork 0
mirror of https://github.com/lcn2/calc.git synced 2025-08-19 01:13:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Release calc version 2.11.0t10

Browse Source
This commit is contained in:
Landon Curt Noll
1999-11-11 05:15:39 -08:00
parent 86c8e6dcf1
commit 96c34adee3
283 changed files with 2380 additions and 3032 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
zrandom.c
View File

@@ -20,11 +20,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*
* Prior to calc 2.9.3t9, these routines existed as a calc library called
* cryrand.cal. They have been rewritten in C for performance as well
* cryrand.cal. They have been rewritten in C for performance as well
* as to make them available directly from libcalc.a.
*
* Comments, suggestions, bug fixes and questions about these routines
* are welcome. Send EMail to the address given below.
* are welcome. Send EMail to the address given below.
*
* Happy bit twiddling,
*
@@ -77,7 +77,7 @@
* no better way to predict the sequence than by tossing a coin
* (as with TRULY random numbers) EVEN IF YOU KNOW THE MODULUS!
* Furthermore, having a large chunk of output from the sequence
* does not help. The BITS THAT FOLLOW OR PRECEDE A SEQUENCE
* does not help. The BITS THAT FOLLOW OR PRECEDE A SEQUENCE
* ARE UNPREDICTABLE!
*
* Of course the Blum modulus should have a long period. The default
@@ -131,7 +131,7 @@
* The Blum generator is the best generator in this package. It
* produces a cryptographically strong pseudo-random bit sequence.
* Internally, a fixed number of bits are generated after each
* generator iteration. Any unused bits are saved for the next call
* generator iteration. Any unused bits are saved for the next call
* to the generator. The Blum generator is not too slow, though
* seeding the generator via srandom(seed,plen,qlen) can be slow.
* Shortcuts and pre-defined generators have been provided for this reason.
@@ -153,7 +153,7 @@
*
* randombit(x) (where x > 0)
*
* Same as random(0, 2^x). Print x bits.
* Same as random(0, 2^x). Print x bits.
*
* randombit(skip) (where skip < 0)
*
@@ -334,12 +334,12 @@
*
* The follow calc script produces an equivalent effect:
*
* n = n[newn]; (* n is new Blum modulus, see below *)
* n = n[newn]; (* n is new Blum modulus, see below *)
* r = seed;
* do {
* last_r = r;
* r = pmod(last_r, 2, n);
* } while (r > last_r); (* r is the new quadratic residue *)
* } while (r > last_r); (* r is the new quadratic residue *)
*
* 0 < seed < 2^32, 0 < newn <= 20:
* --------------------------------
@@ -369,12 +369,12 @@
*
* for an explination of how the lavarand random number generator works.
*
* For a given newn, we select a given bit length. For 0 < newn <= 20,
* For a given newn, we select a given bit length. For 0 < newn <= 20,
* the bit length selected was by:
*
* bitlen = 2^(int((newn-1)/4)+7) + small_random_value;
*
* where small_random_value is also generated by lavarand. For
* where small_random_value is also generated by lavarand. For
* 1 <= newn <= 16, small_random_value is a random value in [0,40).
* For 17 < newn <= 20, small_random_value is a random value in [0,120).
* Given two random integers generated by lavarand, we used the following
@@ -411,122 +411,122 @@
* For a given 'newn' the Blum modulus 'n[newn]' (product of 2 Blum
* (primes) and new quadratic residue 'r[newn]' is set as follows:
*
* newn == 1: (Blum modulus bit length 130)
* newn == 1: (Blum modulus bit length 130)
* n[ 1] = 0x5049440736fe328caf0db722d83de9361
* r[ 1] = 0xb226980f11d952e74e5dbb01a4cc42ec
*
* newn == 2: (Blum modulus bit length 137)
* newn == 2: (Blum modulus bit length 137)
* n[ 2] = 0x2c5348a2555dd374a18eb286ea9353443f1
* r[ 2] = 0x40f3d643446cd710e3e893616b21e3a218
*
* newn == 3: (Blum modulus bit length 147)
* newn == 3: (Blum modulus bit length 147)
* n[ 3] = 0x9cfd959d6ce4e3a81f1e0f2ca661f11d001f1
* r[ 3] = 0xfae5b44d9b64ff5cea4f3e142de2a0d7d76a
*
* newn == 4: (Blum modulus bit length 157)
* newn == 4: (Blum modulus bit length 157)
* n[ 4] = 0x3070f9245c894ed75df12a1a2decc680dfcc0751
* r[ 4] = 0x20c2d8131b2bdca2c0af8aa220ddba4b984570
*
* newn == 5: (Blum modulus bit length 257)
* newn == 5: (Blum modulus bit length 257)
* n[ 5] = 0x2109b1822db81a85b38f75aac680bc2fa5d3fe1118769a0108b99e5e799
* 166ef1
* r[ 5] = 0x5e9b890eae33b792e821a9605f5df6db234f7b7d1e70aeed0e6c77c859e
* 2efa9
*
* newn == 6: (Blum modulus bit length 259)
* newn == 6: (Blum modulus bit length 259)
* n[ 6] = 0xa7bfd9d7d9ada2c79f2dbf2185c6440263a38db775ee732dad85557f1e1
* ddf431
* r[ 6] = 0x5e94a02f88667154e097aedece1c925ce1f3495d2c98eccfc5dc2e80c94
* 04daf
*
* newn == 7: (Blum modulus bit length 286)
* newn == 7: (Blum modulus bit length 286)
* n[ 7] = 0x43d87de8f2399ef237801cd5628643fcff569d6b0dcf53ce52882e7f602
* f9125cf9ec751
* f9125cf9ec751
* r[ 7] = 0x13522d1ee014c7bfbe90767acced049d876aefcf18d4dd64f0b58c3992d
* 2e5098d25e6
* 2e5098d25e6
*
* newn == 8: (Blum modulus bit length 294)
* newn == 8: (Blum modulus bit length 294)
* n[ 8] = 0x5847126ca7eb4699b7f13c9ce7bdc91fed5bdbd2f99ad4a6c2b59cd9f0b
* c42e66a26742f11
* c42e66a26742f11
* r[ 8] = 0x853016dca3269116b7e661fa3d344f9a28e9c9475597b4b8a35da929aae
* 95f3a489dc674
* 95f3a489dc674
*
* newn == 9: (Blum modulus bit length 533)
* newn == 9: (Blum modulus bit length 533)
* n[ 9] = 0x39e8be52322fd3218d923814e81b003d267bb0562157a3c1797b4f4a867
* 52a84d895c3e08eb61c36a6ff096061c6fd0fdece0d62b16b66b980f95112
* 52a84d895c3e08eb61c36a6ff096061c6fd0fdece0d62b16b66b980f95112
* 745db4ab27e3d1
* r[ 9] = 0xb458f8ad1e6bbab915bfc01508864b787343bc42a8aa82d9d2880107e3f
* d8357c0bd02de3222796b2545e5ab7d81309a89baedaa5d9e8e59f959601e
* d8357c0bd02de3222796b2545e5ab7d81309a89baedaa5d9e8e59f959601e
* f2b87d4ed20d
*
* newn == 10: (Blum modulus bit length 537)
* n[10] = 0x25f2435c9055666c23ef596882d7f98bd1448bf23b50e88250d3cc952c8
* 1b3ba524a02fd38582de74511c4008d4957302abe36c6092ce222ef9c73cc
* 1b3ba524a02fd38582de74511c4008d4957302abe36c6092ce222ef9c73cc
* 3cdc363b7e64b89
* r[10] = 0x66bb7e47b20e0c18401468787e2b707ca81ec9250df8cfc24b5ffbaaf2c
* f3008ed8b408d075d56f62c669fadc4f1751baf950d145f40ce23442aee59
* f3008ed8b408d075d56f62c669fadc4f1751baf950d145f40ce23442aee59
* 4f5ad494cfc482
*
* newn == 11: (Blum modulus bit length 542)
* n[11] = 0x497864de82bdb3094217d56b874ecd7769a791ea5ec5446757f3f9b6286
* e58704499daa2dd37a74925873cfa68f27533920ee1a9a729cf522014dab2
* e58704499daa2dd37a74925873cfa68f27533920ee1a9a729cf522014dab2
* 2e1a530c546ee069
* r[11] = 0x8684881cb5e630264a4465ae3af8b69ce3163f806549a7732339eea2c54
* d5c590f47fbcedfa07c1ef5628134d918fee5333fed9c094d65461d88b13a
* d5c590f47fbcedfa07c1ef5628134d918fee5333fed9c094d65461d88b13a
* 0aded356e38b04
*
* newn == 12: (Blum modulus bit length 549)
* n[12] = 0x3457582ab3c0ccb15f08b8911665b18ca92bb7c2a12b4a1a66ee4251da1
* 90b15934c94e315a1bf41e048c7c7ce812fdd25d653416557d3f09887efad
* 90b15934c94e315a1bf41e048c7c7ce812fdd25d653416557d3f09887efad
* 2b7f66d151f14c7b99
* r[12] = 0xdf719bd1f648ed935870babd55490137758ca3b20add520da4c5e8cdcbf
* c4333a13f72a10b604eb7eeb07c573dd2c0208e736fe56ed081aa9488fbc4
* c4333a13f72a10b604eb7eeb07c573dd2c0208e736fe56ed081aa9488fbc4
* 5227dd68e207b4a0
*
* newn == 13: (Blum modulus bit length 1048)
* n[13] = 0x1517c19166b7dd21b5af734ed03d833daf66d82959a553563f4345bd439
* 510a7bda8ee0cb6bf6a94286bfd66e49e25678c1ee99ceec891da8b18e843
* 510a7bda8ee0cb6bf6a94286bfd66e49e25678c1ee99ceec891da8b18e843
* 7575113aaf83c638c07137fdd3a76c3a49322a11b5a1a84c32d99cbb2b056
* 671589917ed14cc7f1b5915f6495dd1892b4ed7417d79a63cc8aaa503a208
* e3420cca200323314fc49
* r[13] = 0xd42e8e9a560d1263fa648b04f6a69b706d2bc4918c3317ddd162cb4be7a
* 5e3bbdd1564a4aadae9fd9f00548f730d5a68dc146f05216fe509f0b8f404
* 5e3bbdd1564a4aadae9fd9f00548f730d5a68dc146f05216fe509f0b8f404
* 902692de080bbeda0a11f445ff063935ce78a67445eae5c9cea5a8f6b9883
* faeda1bbe5f1ad3ef6409600e2f67b92ed007aba432b567cc26cf3e965e20
* 722407bfe46b7736f5
*
* newn == 14: (Blum modulus bit length 1054)
* n[14] = 0x5e56a00e93c6f4e87479ac07b9d983d01f564618b314b4bfec7931eee85
* eb909179161e23e78d32110560b22956b22f3bc7e4a034b0586e463fd40c6
* eb909179161e23e78d32110560b22956b22f3bc7e4a034b0586e463fd40c6
* f01a33e30ede912acb86a0c1e03483c45f289a271d14bd52792d0a076fdfe
* fe32159054b217092237f0767434b3db112fee83005b33f925bacb3185cc4
* 409a1abdef8c0fc116af01
* r[14] = 0xf7aa7cb67335096ef0c5d09b18f15415b9a564b609913f75f627fc6b0c5
* b686c86563fe86134c5a0ea19d243350dfc6b9936ba1512abafb81a0a6856
* b686c86563fe86134c5a0ea19d243350dfc6b9936ba1512abafb81a0a6856
* c9ae7816bf2073c0fb58d8138352b261a704b3ce64d69dee6339010186b98
* 3677c84167d4973444194649ad6d71f8fa8f1f1c313edfbbbb6b1b220913c
* c8ea47a4db680ff9f190
*
* newn == 15: (Blum modulus bit length 1055)
* n[15] = 0x97dd840b9edfbcdb02c46c175ba81ca845352ebe470be6075326a26770c
* ab84bfc0f2e82aa95aac14f40de42a0590445b902c2b8ebb916753e72ab86
* ab84bfc0f2e82aa95aac14f40de42a0590445b902c2b8ebb916753e72ab86
* c3278cccc1a783b3e962d81b80df03e4380a8fa08b0d86ed0caa515c196a5
* 30e49c558ddb53082310b1d0c7aee6f92b619798624ffe6c337299bc51ff5
* d2c721061e7597c8d97079
* r[15] = 0xb8220703b8c75869ab99f9b50025daa8d77ca6df8cef423ede521f55b1c
* 25d74fbf6d6cc31f5ef45e3b29660ef43797f226860a4aa1023dbe522b1fe
* 25d74fbf6d6cc31f5ef45e3b29660ef43797f226860a4aa1023dbe522b1fe
* 6224d01eb77dee9ad97e8970e4a9e28e7391a6a70557fa0e46eca78866241
* ba3c126fc0c5469f8a2f65c33db95d1749d3f0381f401b9201e6abd43d98d
* b92e808f0aaa6c3e2110
*
* newn == 16: (Blum modulus bit length 1062)
* n[16] = 0x456e348549b82fbb12b56f84c39f544cb89e43536ae8b2b497d426512c7
* f3c9cc2311e0503928284391959e379587bc173e6bc51ba51c856ba557fee
* f3c9cc2311e0503928284391959e379587bc173e6bc51ba51c856ba557fee
* 8dd69cee4bd40845bd34691046534d967e40fe15b6d7cf61e30e283c05be9
* 93c44b6a2ea8ade0f5578bd3f618336d9731fed1f1c5996a5828d4ca857ac
* 2dc9bd36184183f6d84346e1
* r[16] = 0xb0d7dcb19fb27a07973e921a4a4b6dcd7895ae8fced828de8a81a3dbf25
* 24def719225404bfd4977a1508c4bac0f3bc356e9d83b9404b5bf86f6d19f
* 24def719225404bfd4977a1508c4bac0f3bc356e9d83b9404b5bf86f6d19f
* f75645dffc9c5cc153a41772670a5e1ae87a9521416e117a0c0d415fb15d2
* 454809bad45d6972f1ab367137e55ad0560d29ada9a2bcda8f4a70fbe04a1
* abe4a570605db87b4e8830
@@ -541,7 +541,7 @@
* 0974f0b3868ff772ab2ceaf77f328d7244c9ad30e11a2700a120a314aff74
* c7f14396e2a39cc14a9fa6922ca0fce40304166b249b574ffd9cbb927f766
* c9b150e970a8d1edc24ebf72b72051
* r[17] = 0x53720b6eaf3bc3b8adf1dd665324c2d2fc5b2a62f32920c4e167537284d
* r[17] = 0x53720b6eaf3bc3b8adf1dd665324c2d2fc5b2a62f32920c4e167537284d
* a802fc106be4b0399caf97519486f31e0fa45a3a677c6cb265c5551ba4a51
* 68a7ce3c29731a4e9345eac052ee1b84b7b3a82f906a67aaf7b35949fd7fc
* 2f9f4fbc8c18689694c8d30810fff31ebee99b1cf029a33bd736750e7fe0a
@@ -625,10 +625,10 @@
*
* 1 <= newn <= 4 PC using ECM in a short amount of time
* 5 <= newn <= 8 Workstation using MPQS in a short amount of time
* 8 <= newn <= 12 High end supercomputer or high parallel processor
* 8 <= newn <= 12 High end supercomputer or high parallel processor
* using state of the art factoring over a long time
* 12 <= newn <= 16 Beyond Feb 1997 systems and factoring methods
* 17 <= newn <= 20 Well beyond Feb 1997 systems and factoring methods
* 12 <= newn <= 16 Beyond Feb 1997 systems and factoring methods
* 17 <= newn <= 20 Well beyond Feb 1997 systems and factoring methods
*
* See the section titled 'FOR THE PARANOID' for more details.
*
@@ -660,9 +660,9 @@
*
* The follow calc script produces an equivalent effect:
*
* p = nextcand(ip-2, trials, 0, 3, 4); (* find the 1st Blum prime *)
* q = nextcand(iq-2, trials, 0, 3, 4); (* find the 2nd Blum prime *)
* n = p * q; (* n is the new Blum modulus *)
* p = nextcand(ip-2, trials, 0, 3, 4); (* find the 1st Blum prime *)
* q = nextcand(iq-2, trials, 0, 3, 4); (* find the 2nd Blum prime *)
* n = p * q; (* n is the new Blum modulus *)
* r = seed;
* do {
* last_r = r;
@@ -693,9 +693,9 @@
* or in other words:
*
* (* trials, if omitted, is assumed to be 1 *)
* p = nextcand(ip-2, trials, 0, 3, 4); (* find the 1st Blum prime *)
* q = nextcand(iq-2, trials, 0, 3, 4); (* find the 2nd Blum prime *)
* n = p * q; (* n is the new Blum modulus *)
* p = nextcand(ip-2, trials, 0, 3, 4); (* find the 1st Blum prime *)
* q = nextcand(iq-2, trials, 0, 3, 4); (* find the 2nd Blum prime *)
* n = p * q; (* n is the new Blum modulus *)
* r = default_residue; (* as used by the initial state *)
* do {
* last_r = r;
@@ -751,7 +751,7 @@
* nextcand(value, 25, 0, 3, 4)
*
* The odds that a number returned by the above call is not prime is
* less than 1 in 4^25. For our purposes, this is sufficient as the
* less than 1 in 4^25. For our purposes, this is sufficient as the
* chance of returning a composite is much smaller than the chance that
* a hardware glitch will cause nextcand() to return a bogus result.
*
@@ -795,7 +795,7 @@
*
* Taking some care to select a good initial residue helps eliminate cheap
* search attacks. It is true that a subsequent residue could be one of the
* residues that we would first avoid. However such an occurrence will
* residues that we would first avoid. However such an occurrence will
* happen after the generator is well underway and any such seed information
* has been lost.
*
@@ -809,7 +809,7 @@
*
* The size of default Blum modulus 'n=p*q' was taken to be > 2^259, or
* 260 bits (79 digits) long. A modulus > 2^256 will generate 8 bits
* per crank of the generator. The period of this generator is long
* per crank of the generator. The period of this generator is long
* enough to be reasonable, and the modulus is small enough to be fast.
*
* The default Blum modulus is not a secure modulus because it can
@@ -871,7 +871,7 @@
*
* These Blum primes were found after 1.81s of CPU time on a 195 Mhz IP28
* R10000 version 2.5 processor. The first Blum prime 'p' was 31716 higher
* than the initial search value 'ip'. The second Blum prime 'q' was 18762
* than the initial search value 'ip'. The second Blum prime 'q' was 18762
* higher than the initial starting 'iq'.
*
* The product of the two Blum primes results in a 260 bit Blum modulus of:
@@ -881,7 +881,7 @@
* The selection if the initial quadratic residue comes from the next
* unused digits of the Rand Book of Random Numbers. Now the two initial
* search values 'ip' and 'iq' used above needed the first 38 digits and
* the next 42 digits. Thus we will skip the first 38+42=80 digits
* the next 42 digits. Thus we will skip the first 38+42=80 digits
* and begin to build in initial search value for a quadratic residue (most
* significant digit first) from the Rand Book of Numbers digits until we
* have a value whose square mod n > 4th power mod n. In other words, we
@@ -925,7 +925,7 @@
* lambda(n) = lcm(2,2,fp,fq) = 2*fp*fq = ~2*(p/2)*(q/2) = ~n/2
*
* The process above resulted in a default generator Blum modulus n > 2^259
* with period of at least 2^258 bits. To be exact, the period of the
* with period of at least 2^258 bits. To be exact, the period of the
* default Blum generator is:
*
* 0x79560c818ab57cf1b9ebc309f68746881adc15e79c05e476f741e5f904b9beb1a
@@ -946,7 +946,7 @@
* The lengths of the two Blum probable primes 'p' and 'q' used to make up
* the 20 Blum modului 'n=p*q' differ slightly to avoid certain
* factorization attacks that work on numbers that are a perfect square,
* or where the two primes are nearly the same. I elected to have the
* or where the two primes are nearly the same. I elected to have the
* sizes differ by up to 6% of the product size to avoid such attacks.
* Clearly one does not want the size of the two factors to differ
* by a large percentage: p=3 and q large would result in a easy
@@ -963,7 +963,7 @@
* FOR THE PARANOID:
*
* The truly paranoid might suggest that my claims in the MAGIC NUMBERS
* section are a lie intended to entrap people. Well they are not, but
* section are a lie intended to entrap people. Well they are not, but
* you need not take my word for it.
*
***
@@ -1030,7 +1030,7 @@
* pass before being considered a probable prime (must be >0, perhaps 25), and
* where 'ip' is the initial search location for the Blum prime 'p', and
* where 'iq' is the initial search location for the Blum prime 'q', and
* where 'ir' is the initial Blum quadratic residue generator. The 'ir'
* where 'ir' is the initial Blum quadratic residue generator. The 'ir'
* value should be a random value in the range [2^(binsize*4/5), 2^(binsize-2))
* where 2^(binsize-1) < n=p*q <= 2^binsize.
*
@@ -1048,12 +1048,12 @@
* primes used in these special pre-defined generators are unknown.
*
* Not being able to factor 'n=p*q' into 'p' and 'q' does not directly
* improve the quality Blum generator. On the other hand, it does
* improve the quality Blum generator. On the other hand, it does
* improve the security of it.
*
* I (Landon Curt Noll) did not keep the search values of these 20 special
* pre-defined generators. While some of the smaller Blum moduli is
* within the range of some factoring methods, others are not. As of
* within the range of some factoring methods, others are not. As of
* Feb 1997, the following is the estimate of what can factor the
* pre-defined moduli:
*
@@ -2037,7 +2037,7 @@ zrandomskip(long cnt)
/* buffer contains more bits than we need to toss */
blum.buffer >>= cnt;
blum.bits -= cnt;
return; /* skip need satisfied */
return; /* skip need satisfied */
}
}
@@ -2297,7 +2297,7 @@ zrandomrange(CONST ZVALUE low, CONST ZVALUE high, ZVALUE *res)
* generate a random value between [0, diff)
*
* We will not fall into the trap of thinking that we can simply take
* a value mod 'range'. Consider the case where 'range' is '80'
* a value mod 'range'. Consider the case where 'range' is '80'
* and we are given pseudo-random numbers [0,100). If we took them
* mod 80, then the numbers [0,20) would be produced more frequently
* because the numbers [81,100) mod 80 wrap back into [0,20).
@@ -2507,7 +2507,7 @@ randomprint(CONST RANDOM *state, int flags)
* This call is needed only by libcalc_call_me_last() to help clean up any
* unneeded storage.
*
* Do not call this function directly! Let libcalc_call_me_last() do it.
* Do not call this function directly! Let libcalc_call_me_last() do it.
*/
void
random_libcalc_cleanup(void)