Skip to content

Commit

Permalink
LibCrypto: Update ModularInverse implementation to use extended GCD
Browse files Browse the repository at this point in the history
The previous implementation of `ModularInverse` was flaky and did not
compute the correct value in many occasions, especially with big numbers
like in RSA.

Also added a bunch of tests with big numbers.
  • Loading branch information
devgianlu authored and alimpfard committed Dec 15, 2024
1 parent b35764d commit f49a55d
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 80 deletions.
86 changes: 16 additions & 70 deletions Libraries/LibCrypto/BigInt/Algorithms/ModularInverse.cpp
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
/*
* Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
* Copyright (c) 2020-2021, Dex♪ <dexes.ttp@gmail.com>
* Copyright (c) 2024, Altomani Gianluca <altomanigianluca@gmail.com>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
Expand All @@ -12,79 +13,24 @@ namespace Crypto {
void UnsignedBigIntegerAlgorithms::modular_inverse_without_allocation(
UnsignedBigInteger const& a,
UnsignedBigInteger const& b,
UnsignedBigInteger& temp_1,
UnsignedBigInteger& temp_minus,
UnsignedBigInteger& result,
UnsignedBigInteger& temp_y,
UnsignedBigInteger& temp_gcd,
UnsignedBigInteger& temp_quotient,
UnsignedBigInteger& temp_d,
UnsignedBigInteger& temp_u,
UnsignedBigInteger& temp_v,
UnsignedBigInteger& temp_x,
UnsignedBigInteger& result)
UnsignedBigInteger& temp_1,
UnsignedBigInteger& temp_2,
UnsignedBigInteger& temp_shift_result,
UnsignedBigInteger& temp_shift_plus,
UnsignedBigInteger& temp_shift,
UnsignedBigInteger& temp_r,
UnsignedBigInteger& temp_s,
UnsignedBigInteger& temp_t)
{
UnsignedBigInteger one { 1 };

temp_u.set_to(a);
if (!a.is_odd()) {
// u += b
add_into_accumulator_without_allocation(temp_u, b);
}

temp_v.set_to(b);
temp_x.set_to(0);

// d = b - 1
subtract_without_allocation(b, one, temp_d);

while (!(temp_v == 1)) {
while (temp_v < temp_u) {
// u -= v
subtract_without_allocation(temp_u, temp_v, temp_minus);
temp_u.set_to(temp_minus);

// d += x
add_into_accumulator_without_allocation(temp_d, temp_x);

while (!temp_u.is_odd()) {
if (temp_d.is_odd()) {
// d += b
add_into_accumulator_without_allocation(temp_d, b);
}

// u /= 2
divide_u16_without_allocation(temp_u, 2, temp_quotient, temp_1);
temp_u.set_to(temp_quotient);

// d /= 2
divide_u16_without_allocation(temp_d, 2, temp_quotient, temp_1);
temp_d.set_to(temp_quotient);
}
}

// v -= u
subtract_without_allocation(temp_v, temp_u, temp_minus);
temp_v.set_to(temp_minus);

// x += d
add_into_accumulator_without_allocation(temp_x, temp_d);

while (!temp_v.is_odd()) {
if (temp_x.is_odd()) {
// x += b
add_into_accumulator_without_allocation(temp_x, b);
}

// v /= 2
divide_u16_without_allocation(temp_v, 2, temp_quotient, temp_1);
temp_v.set_to(temp_quotient);

// x /= 2
divide_u16_without_allocation(temp_x, 2, temp_quotient, temp_1);
temp_x.set_to(temp_quotient);
}
}
extended_GCD_without_allocation(a, b, result, temp_y, temp_gcd, temp_quotient, temp_1, temp_2, temp_shift_result, temp_shift_plus, temp_shift, temp_r, temp_s, temp_t);

// return x % b
divide_without_allocation(temp_x, b, temp_quotient, result);
divide_without_allocation(result, b, temp_quotient, temp_1);
add_into_accumulator_without_allocation(temp_1, b);
divide_without_allocation(temp_1, b, temp_quotient, result);
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ class UnsignedBigIntegerAlgorithms {

static void extended_GCD_without_allocation(UnsignedBigInteger const& a, UnsignedBigInteger const& b, UnsignedBigInteger& x, UnsignedBigInteger& y, UnsignedBigInteger& gcd, UnsignedBigInteger& temp_quotient, UnsignedBigInteger& temp_1, UnsignedBigInteger& temp_2, UnsignedBigInteger& temp_shift_result, UnsignedBigInteger& temp_shift_plus, UnsignedBigInteger& temp_shift, UnsignedBigInteger& temp_r, UnsignedBigInteger& temp_s, UnsignedBigInteger& temp_t);
static void destructive_GCD_without_allocation(UnsignedBigInteger& temp_a, UnsignedBigInteger& temp_b, UnsignedBigInteger& temp_quotient, UnsignedBigInteger& temp_remainder, UnsignedBigInteger& output);
static void modular_inverse_without_allocation(UnsignedBigInteger const& a_, UnsignedBigInteger const& b, UnsignedBigInteger& temp_1, UnsignedBigInteger& temp_minus, UnsignedBigInteger& temp_quotient, UnsignedBigInteger& temp_d, UnsignedBigInteger& temp_u, UnsignedBigInteger& temp_v, UnsignedBigInteger& temp_x, UnsignedBigInteger& result);
static void modular_inverse_without_allocation(UnsignedBigInteger const& a, UnsignedBigInteger const& b, UnsignedBigInteger& result, UnsignedBigInteger& temp_y, UnsignedBigInteger& temp_gcd, UnsignedBigInteger& temp_quotient, UnsignedBigInteger& temp_1, UnsignedBigInteger& temp_2, UnsignedBigInteger& temp_shift_result, UnsignedBigInteger& temp_shift_plus, UnsignedBigInteger& temp_shift, UnsignedBigInteger& temp_r, UnsignedBigInteger& temp_s, UnsignedBigInteger& temp_t);
static void destructive_modular_power_without_allocation(UnsignedBigInteger& ep, UnsignedBigInteger& base, UnsignedBigInteger const& m, UnsignedBigInteger& temp_1, UnsignedBigInteger& temp_2, UnsignedBigInteger& temp_3, UnsignedBigInteger& temp_multiply, UnsignedBigInteger& temp_quotient, UnsignedBigInteger& temp_remainder, UnsignedBigInteger& result);
static void montgomery_modular_power_with_minimal_allocations(UnsignedBigInteger const& base, UnsignedBigInteger const& exponent, UnsignedBigInteger const& modulo, UnsignedBigInteger& temp_z0, UnsignedBigInteger& temp_rr, UnsignedBigInteger& temp_one, UnsignedBigInteger& temp_z, UnsignedBigInteger& temp_zz, UnsignedBigInteger& temp_x, UnsignedBigInteger& temp_extra, UnsignedBigInteger& result);

Expand Down
23 changes: 14 additions & 9 deletions Libraries/LibCrypto/NumberTheory/ModularFunctions.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,21 +19,26 @@ UnsignedBigInteger Mod(UnsignedBigInteger const& a, UnsignedBigInteger const& b)
return result;
}

UnsignedBigInteger ModularInverse(UnsignedBigInteger const& a_, UnsignedBigInteger const& b)
UnsignedBigInteger ModularInverse(UnsignedBigInteger const& a, UnsignedBigInteger const& b)
{
if (b == 1)
return { 1 };

UnsignedBigInteger temp_1;
UnsignedBigInteger temp_minus;
UnsignedBigInteger temp_quotient;
UnsignedBigInteger temp_d;
UnsignedBigInteger temp_u;
UnsignedBigInteger temp_v;
UnsignedBigInteger temp_x;
UnsignedBigInteger result;
UnsignedBigInteger temp_y;
UnsignedBigInteger temp_gcd;
UnsignedBigInteger temp_quotient;
UnsignedBigInteger temp_1;
UnsignedBigInteger temp_2;
UnsignedBigInteger temp_shift_result;
UnsignedBigInteger temp_shift_plus;
UnsignedBigInteger temp_shift;
UnsignedBigInteger temp_r;
UnsignedBigInteger temp_s;
UnsignedBigInteger temp_t;

UnsignedBigIntegerAlgorithms::modular_inverse_without_allocation(a, b, result, temp_y, temp_gcd, temp_quotient, temp_1, temp_2, temp_shift_result, temp_shift_plus, temp_shift, temp_r, temp_s, temp_t);

UnsignedBigIntegerAlgorithms::modular_inverse_without_allocation(a_, b, temp_1, temp_minus, temp_quotient, temp_d, temp_u, temp_v, temp_x, result);
return result;
}

Expand Down
34 changes: 34 additions & 0 deletions Tests/LibCrypto/TestBigInteger.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,40 @@ TEST_CASE(test_bigint_modular_inverse)
{
auto result = Crypto::NumberTheory::ModularInverse(7, 87);
EXPECT_EQ(result, 25);

// RSA-like calculations (non-prime modulus)
// 256 bits
auto result0 = Crypto::NumberTheory::ModularInverse("65537"_bigint, "7716818999704200055673002605512017774829533873852931754420182187116755406508851421710377874835807810150544004124020368281638431187393087109588616395722976"_bigint);
EXPECT_EQ(result0, "6957112022178657251467710742735822058162610570160374638904992058315050936014396238029779769209358140634220249380773356423403675888538086147825555026035553"_bigint);

// 512 bits
auto result1 = Crypto::NumberTheory::ModularInverse("65537"_bigint, "66371585251075966819781098993500728937583856843831372038905151148345437332287092304882812087499010029105588098364783005919549558874442528396629248591406931414614111891501372333038520092291512484438801203423887203269149674846124095871663987547448839320258336408613886916453844596419759100107324930878071769740"_bigint);
EXPECT_EQ(result1, "26054622179142032720028508076442212084428946778480090764681215551421076128717366124902270573494164075542052047036494993565348604622774660543816175267575966621965870525545200512871843484053034799993241047965063186879250098185242452576259203314665246947408123972479812452501763277722372741633903726089081777013"_bigint);

// 1024 bits
auto result2 = Crypto::NumberTheory::ModularInverse("65537"_bigint, "15138018815872997670379340569590053786751606702300795170195880218956355437896550248537760818855924336022497803648355813501714375226639621651553768492566347398869904156530722997508431839019744455406614130583767126628559642684420295498410584657359791127851130600248257172505371207271304207113156882020325681053619922800978652053485848563399633561547330701503189380714480104549363705442836720246845910476607566548831148092234175836086100548136352482086041752239158391127234701836987492763766422215181929557528346258876471603164358341122158423252911442143627060117356562382539931055979839928020375814577774568506219095460"_bigint);
EXPECT_EQ(result2, "352944027811067647898738611629058427852304118911692860827613485123904223707309287574434266615985662838432895066522539680342700540859443396609154496797860427323087928211223350781892424890095206186754144857591836206851688878370908212484113910561145014928308094010701389437847432819789627667865537264858898647327940583790765221748422671237234540519772362358619915066782513690761367501055197957446641610208834119453346877106578279102485033455183279561583102635479714079717024343606159710438913791366678187343078155600092293050263813498247677964057687773249647494687288513671987040199233950440440274115001289968681855713"_bigint);

// 2048 bits
auto result3 = Crypto::NumberTheory::ModularInverse("65537"_bigint, "523474308603627394504956180621539730601163404544670078344572546811775850669696720017356530287979625576623354887741212994543899068001220583437221973327752079153585098984263865181019654102487287512742287583901185619943683690635892036920956164864785078974721208937251159192154678447234191958275430233568974368064153896258338157469723619961352235804796084551641896006827645045906990423304676288895690876254935487456610269572418962650650646690483258846109000171328266193988292013017586921119096421585767248613790649741313360067618201749482055683058067852760706162692126354831896695191672470846960268467251962491660154005556677209860743434696351971155125630603082354855591129257818487022326288868392996237441507506020729258165681956915422119008555908702541877086255318047295376505201886687588318922810022094799926224262663342802397393873785019139429897232975310359190270883355499980682538341383918065122655507451050546937038544941011313947405743092260202204107637846238518077467613057097554476001838993189751185435880317537273891467684330982378878693444450893688310488368914140946077563025119239896138217432169087237109636595561779480434253413579986644072788364909696328314076474006110809917696250643811113150325166438321806889977329096600"_bigint);
EXPECT_EQ(result3, "240127075385672984131139625830070783237907982221133353148189335410568341527428666156244401941613614961167400369106979053892812269120049657443477793981296225881475026790422579290126094592109424058098042199594448071964950528580600611958965243821505925343196113711042336371725072831518096843639993577853488509194999139161304606985554742922290191265996073819003163398587965470117671744141606775913928846496667921317852122223410154174992910744403897198385261335591218191096175027653809536744181084305551380061284286787205754668550681282247875856383030865885608272716379977803550823924611280514398989134855055135065370857211199581305881103457229188227055584369447256267812626743332730752890660577238791001818881550170150963398307775313919391546061252167851998883746488646960356804185182713413302894188591089552011567206439844281374992020196210238318522369271354430754186391905586095171569497490344824935263935189296620116395162680037583825943495347400986600883286030356418038099224122793594156156724989735012128839569555916857118867097884284041934024459778861054849599643478734444083949177169533378055193717492397723564200451231728283569509748271283984325804303130753631049728871294775611922359924670108389072405289815451858958044897456873"_bigint);

// Prime modulus
// 256 bits
auto result4 = Crypto::NumberTheory::ModularInverse("79065576377430658630291493727884901955697921969202460485568061955796483998089"_bigint, "105236333148230907525852233540677623156492475210517338560791379084799836582587"_bigint);
EXPECT_EQ(result4, "93504545219772953643321957341999793447107631393924073671776287172945600034443"_bigint);

// 512 bits
auto result5 = Crypto::NumberTheory::ModularInverse("6732413992718219635342848318074302303731222168385940253721776224551974038416513462421454674844777721589563127965274488341922551419528552939608455047714128"_bigint, "11522413189509252702442551731783393581283708206969207645140596867187940532466129960582867971721932546048110673296094625661627355203044884987258434322393611"_bigint);
EXPECT_EQ(result5, "11152730475146621030888388443393672975086889576414759677260744095766476531703359323453287638858041043666073703397243706949753685433502205695232485731849432"_bigint);

// 1024 bits
auto result6 = Crypto::NumberTheory::ModularInverse("74263833960189886466939196560269216955870235656416128238251461763825971916420974189969964837983352188966833052749715539825280552531258436173317484112004327881741531787519471213020298642984697548930887036556763982001107471012474873100069623257613164741565312643996566523133343615723683010756027848816042939202"_bigint, "95381964444589883427387341140753255405844325814158762996484790475715776875097467150855290612578232487289384615394165716659709100194630793773552674979686871441395261056953751419334210618336786252840280983695277648363095334709545375311967459037971278965116324165577308183006400447807648095049414919774916252747"_bigint);
EXPECT_EQ(result6, "58709722343881170435829301168583511620090591717154752336044125040931850388422639576614097557227300205781894345595418512100748823628637201919915110093901598005111776632116568475789059078360021536835127742733773460624284681421890935681567846755324337116900649074136799388542272888156479298282951539364264931616"_bigint);

// 2048 bits
auto result7 = Crypto::NumberTheory::ModularInverse("2083841562885492721290501151318058444158766003544222347122338319668970762119890042933475358898503059392439888781978346524976708635055122364241675726844930777696927712106305827918390408155067866218977660488635746552929258625544335318963328074495878439935663659069731717795216882935427203069231010795298950025561648743468756200717796561939220399337004980456668273620158478615916791124020696059432601192990947530965055857904582283829896086691653209249081553530465663724181700972927069397922147671340499270418643905380501155480764913403727582416414800901222394379992981688837765818280499497151738855424231982306618396076"_bigint, "16224364484369166277359386410182421629585266346687261081219199035627872465058014536404366328330233633748201670077151313307023144281234188494904998208639551259034363175330775169605905250528606169313713885192955997968412296964554695990505670926075345389730833276243454625387707778469967380099142375244892915645788614606443180803179195164798643205708829861402784554710221097157040790522116753790155662203858533778060827797234218324190122635514071740918420043227885163450453517325211468174509897086842869675754300089020572195273927710496253921910012981005407132203227555676309198192189264516679445448908377225879137304001"_bigint);
EXPECT_EQ(result7, "1920241917211855356722925925154440229550377096185083909958775862353126205660695403426655365321463320876264364542077391170885582314150929024605918556565268345499952616868512453484734433431514794042936426911598410457811519189984561227978039512706300456181926682048163061548216104149539350320019907684566461197120360812572564919099529762677479436223515410468281993579286727653390573176288887687204943283770190210493492026862067176323654605190038514894818679839404911730667301011930597975461644362994301634764766641419232360033891763076329125623575026815152128746383453332269905123747535275999442797020400268408062413004"_bigint);
}

TEST_CASE(test_bigint_even_simple_modular_power)
Expand Down

0 comments on commit f49a55d

Please sign in to comment.