Overhaul of the prime-tests

 - Removal of the Fermat test mp_prime_fermat
 - Replacement of the Strong Lucas-Selfridge test with the
   Extra Strong Lucas test with Robert Baillie's parameters
   P = 3 and Q = 1
 - Additional tests to check the implementations of the
   Miller-Rabin and Extra Strong Lucas tests

Author: czurnieden

demo/test.c

@@ -824,6 +824,165 @@ static int test_mp_prime_rand(void)
    return EXIT_FAILURE;
 }
 
+/* Some small pseudoprimes to test the individual implementations */
+
+/* Miller-Rabin base 2 */
+static const uint32_t SPSP_2[] = {
+   2047, 3277, 4033, 4681, 8321, 15841, 29341, 42799,
+   49141, 52633, 65281, 74665, 80581, 85489, 88357, 90751
+};
+
+/* Miller-Rabin base 3 */
+static const uint32_t SPSP_3[] = {
+   121, 703, 1891, 3281, 8401, 8911, 10585, 12403, 16531,
+   18721, 19345, 23521, 31621, 44287, 47197, 55969, 63139,
+   74593, 79003, 82513, 87913, 88573, 97567
+};
+
+/* SPSP to all bases < 100 */
+/* still needs computing
+static const char *SPSP_2_100_LARGE[] = {
+   "",
+   "",
+   "",
+   "",
+   ""
+};
+*/
+
+/* Extra strong Lucas test with Baillie's parameters Q = 1, P = 3 */
+static const uint32_t ESLPSP[] =  {
+   989, 3239, 5777, 10877, 27971, 29681, 30739, 31631, 39059, 72389,
+   73919, 75077, 100127, 113573, 125249, 137549, 137801, 153931, 155819,
+   161027, 162133, 189419, 218321, 231703, 249331, 370229, 429479, 430127,
+   459191, 473891, 480689, 600059, 621781, 632249, 635627
+};
+
+/*
+   Almost extra strong Lucas test with Baillie's parameters Q = 1, P = 3
+   Only those that are not in ESLPSP.
+ */
+static const uint32_t AESLPSP[] = {
+   10469, 154697, 233659, 472453, 629693, 852389, 1091093, 1560437,
+   1620673, 1813601, 1969109, 2415739, 2595329, 2756837, 3721549,
+   4269341, 5192309, 7045433, 7226669, 7265561
+};
+
+/* Some randomly choosen 200 decimal digits large primes (https://primes.utm.edu/lists/small/small2.html) */
+static const char *medium_primes[10] = {
+   "C8Ckh0vviS3HUPdB1NSrSm+gOodw/f1aQ5+aaH1W6RMB0jVkO6lTaL54O3o7U5BSGUFGxm5gAvisbJamasuLZS8g3ZsJ2JM4Vtn9cQZRfkP6b8V",
+   "64xDN9FqLBiovZ/9q/EPm0DONpIfn5MbJKHa+IjT0fjAzkg34FpAmad+CwhcpKaiTbZEpErut+DhpVyiQfqBFrgcGnGhhIrMF/XkyY3aVx6E96B",
+   "8cyuMlENm0vh/eWwgHUpDKqmLyCSsRQZRWvbHpA2jHDZv1EhHkVhceg3OFRZn/aXRBnbdtsc2xO6sWh9KZ5Mo7u9rJgBJMVtDnu094MCExj1YvB",
+   "BRFZFsYjSz45un8qptnuSqEsy9wV0BzbMpVAB1TrwImENOVIc1cASZNQ/mXG2xtazqgn/juVzFo91XLx9PtIlkcK0L2T6fBNgy8Lc7dSVoKQ+XP",
+   "Ez/mDl+to2gm69+VdIHI9Q7vaO3DuIdLVT69myM3HYwVBE+G24KffAOUAp3FGrSOU+LtERMiIYIEtxPI7n/DRJtmL2i0+REwGpTMge2d2EpabfB",
+   "5+Uz1gPFjZJ/nNdEOmOaMouJSGzygo42qz7xOwXn/moSUvBpPjo4twRGbK0+qaeU/RI8yYYxXr3OBP4w+/jgL3mN9GiENDM5LtEKMiQrZ9jIVEb",
+   "AQ5nD1+G1grv41s/XlK+0YTGyZgr/88PzdQJ8QT9tavisTgyG6k8/80A4HQhnFndskHNAaB2EW5fE7KH3kk7m89s8JnVqkJyGZWSfs1+JlmHLPf",
+   "3F19vPmM0Ih89KZ04Xmd62QB9F6E2sztT10A7Kcqc44eKvsNHh+JY6Z6gJXkbWg1Iw7xr29QAhEF/o1YAgfutQtpdzHkex06Yd71kPsaZdKXiC5",
+   "2fIcJ1t/VYCColXGs+ji/txNMEXn2FXdowLzlo7QKqzAWHdAbwtltSO5qpSp3OUiEOGUUi3hbyw3iQRE8nFJaikJ89Wdox6vpPtIsc3QRjexMnv",
+   "8aOicQ5gIbFCarFUgSgzh40LpuZ0jjK1u48/YT+C0h1dAQ8CIEgZjHZT+5/7cCRGmJlo+XCp7S41MSQ2ZNRSJh2texRYtvAXBAZfR8A8twl316P"
+};
+
+#define ARR_LENGTH(a) ((int)(sizeof((a))/sizeof((a)[0])))
+
+static int test_mp_prime_miller_rabin(void)
+{
+   mp_int a, b, c;
+   bool result;
+   int i;
+   DOR(mp_init_multi(&a, &b, &c, NULL));
+
+   /* SPSP to base 2 */
+   mp_set(&b, 2u);
+   for (i = 0; i < ARR_LENGTH(SPSP_2); i++) {
+      result = false;
+      mp_set_u32(&a, SPSP_2[i]);
+      DO(mp_prime_miller_rabin(&a, &b, &result));
+      EXPECT(result == true);
+   }
+
+   /* Some larger primes to check for false negatives */
+   for (i = 0; i < 10; i++) {
+      result = false;
+      DO(mp_read_radix(&a, medium_primes[i], 64));
+      DO(mp_prime_miller_rabin(&a, &b, &result));
+      EXPECT(result == true);
+   }
+   /* Some semi-primes */
+   for (i = 0; i < 5; i += 2) {
+      result = false;
+      DO(mp_read_radix(&a, medium_primes[i], 64));
+      DO(mp_read_radix(&c, medium_primes[i+1], 64));
+      DO(mp_mul(&a, &c, &a));
+      DO(mp_prime_miller_rabin(&a, &b, &result));
+      EXPECT(result == false);
+   }
+
+   /* SPSP to base 3 */
+   mp_set(&b, 3u);
+   for (i = 0; i < ARR_LENGTH(SPSP_3); i++) {
+      result = false;
+      mp_set_u32(&a, SPSP_3[i]);
+      DO(mp_prime_miller_rabin(&a, &b, &result));
+      EXPECT(result == true);
+   }
+
+   mp_clear_multi(&a, &b, &c, NULL);
+   return EXIT_SUCCESS;
+LBL_ERR:
+   mp_clear_multi(&a, &b, &c, NULL);
+   return EXIT_FAILURE;
+}
+
+
+static int test_mp_prime_extra_strong_lucas(void)
+{
+   mp_int a, b;
+   bool result;
+   int i;
+
+   DOR(mp_init_multi(&a, &b, NULL));
+
+   /* Check Extra Strong pseudoprimes */
+   for (i = 0; i < ARR_LENGTH(ESLPSP); i++) {
+      result = false;
+      mp_set_u32(&a, ESLPSP[i]);
+      DO(mp_prime_extra_strong_lucas(&a, &result));
+      EXPECT(result == true);
+   }
+
+   /* Check Almost Extra Strong pseudoprimes (not in ESLPSP) */
+   for (i = 0; i < ARR_LENGTH(AESLPSP); i++) {
+      result = false;
+      mp_set_u32(&a, AESLPSP[i]);
+      DO(mp_prime_extra_strong_lucas(&a, &result));
+      EXPECT(result == false);
+   }
+
+   /* Some larger primes to check for false negatives */
+   for (i = 0; i < 10; i++) {
+      result = false;
+      DO(mp_read_radix(&a, medium_primes[i], 64));
+      DO(mp_prime_extra_strong_lucas(&a, &result));
+      EXPECT(result == true);
+   }
+
+   /* Some semi-primes */
+   for (i = 0; i < 5; i++) {
+      result = false;
+      DO(mp_read_radix(&a, medium_primes[i], 64));
+      DO(mp_read_radix(&a, medium_primes[i+1], 64));
+      DO(mp_mul(&a, &b, &a));
+      DO(mp_prime_extra_strong_lucas(&a, &result));
+      EXPECT(result == false);
+   }
+
+   mp_clear_multi(&a, &b, NULL);
+   return EXIT_SUCCESS;
+LBL_ERR:
+   mp_clear_multi(&a, &b, NULL);
+   return EXIT_FAILURE;
+}
+
 static int test_mp_prime_is_prime(void)
 {
    int ix;
@@ -893,7 +1052,7 @@ static int test_mp_prime_is_prime(void)
    DO(mp_read_radix(&a,
                     "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF",
                     16));
-   DO(mp_prime_strong_lucas_selfridge(&a, &cnt));
+   DO(mp_prime_extra_strong_lucas(&a, &cnt));
    /* large problem */
    EXPECT(cnt);
    if ((e != MP_OKAY) || !cnt) {
@@ -1358,7 +1517,7 @@ static int test_mp_log_n(void)
    mp_int a;
    mp_digit d;
    int base, lb, size;
-   const int max_base = MP_MIN(INT_MAX, MP_DIGIT_MAX);
+   const mp_digit max_base = MP_MIN(INT_MAX, MP_DIGIT_MAX);
 
    DOR(mp_init(&a));
 
@@ -2236,6 +2395,8 @@ static int unit_tests(int argc, char **argv)
       T1(mp_montgomery_reduce, MP_MONTGOMERY_REDUCE),
       T1(mp_root_n, MP_ROOT_N),
       T1(mp_or, MP_OR),
+      T1(mp_prime_extra_strong_lucas, MP_PRIME_EXTRA_STRONG_LUCAS),
+      T1(mp_prime_miller_rabin, MP_PRIME_MILLER_RABIN),
       T1(mp_prime_is_prime, MP_PRIME_IS_PRIME),
       T1(mp_prime_next_prime, MP_PRIME_NEXT_PRIME),
       T1(mp_prime_rand, MP_PRIME_RAND),

doc/bn.tex

@@ -2014,15 +2014,6 @@ \subsection{Example}
 
 \chapter{Prime Numbers}
 
-\section{Fermat Test}
-\index{mp\_prime\_fermat}
-\begin{alltt}
-mp_err mp_prime_fermat (const mp_int *a, const mp_int *b, int *result)
-\end{alltt}
-Performs a Fermat primality test to the base $b$.  That is it computes $b^a \mbox{ mod }a$ and
-tests whether the value is equal to $b$ or not.  If the values are equal then $a$ is probably prime
-and $result$ is set to one. Otherwise $result$ is set to zero.
-
 \section{Miller--Rabin Test}
 \index{mp\_prime\_miller\_rabin}
 \begin{alltt}
@@ -2032,9 +2023,6 @@ \section{Miller--Rabin Test}
 test and is very hard to fool (besides with Carmichael numbers).  If $a$ passes the test (therefore
 is probably prime) $result$ is set to one. Otherwise $result$ is set to zero.
 
-Note that it is suggested that you use the Miller--Rabin test instead of the Fermat test since all
-of the failures of Miller--Rabin are a subset of the failures of the Fermat test.
-
 \subsection{Required Number of Tests}
 Generally to ensure a number is very likely to be prime you have to perform the Miller--Rabin with
 at least a half--dozen or so unique bases.  However, it has been proven that the probability of
@@ -2229,12 +2217,12 @@ \subsection{Required Number of Tests}
 
 See also table C.1 in FIPS 186-4.
 
-\section{Strong Lucas--Selfridge Test}
-\index{mp\_prime\_strong\_lucas\_selfridge}
+\section{Extra Strong Lucas Test}
+\index{mp\_prime\_extra\_strong\_lucas}
 \begin{alltt}
-mp_err mp_prime_strong_lucas_selfridge(const mp_int *a, bool *result)
+mp_err mp_prime_extra_strong_lucas(const mp_int *a, bool *result)
 \end{alltt}
-Performs a strong Lucas--Selfridge test. The strong Lucas--Selfridge test together with the
+Performs a extra strong Lucas test. The extra strong Lucas test together with the
 Rabin--Miller test with bases $2$ and $3$ resemble the BPSW test. The single internal use is a
 compile--time option in \texttt{mp\_prime\_is\_prime} and can be excluded from the Libtommath build
 if not needed.
@@ -2246,8 +2234,7 @@ \section{Frobenius (Underwood)	Test}
 \end{alltt}
 Performs the variant of the Frobenius test as described by Paul Underwood. It can be included at
 build--time if the preprocessor macro \texttt{LTM\_USE\_FROBENIUS\_TEST} is defined and will be
-used
-instead of the Lucas--Selfridge test.
+used instead of the extra strong Lucas test.
 
 It returns \texttt{MP\_ITER} if the number of iterations is exhausted, assumes a composite as the
 input and sets \texttt{result} accordingly. This will reduce the set of available pseudoprimes by a

libtommath_VS2008.vcproj

@@ -609,7 +609,7 @@
 			>
 		</File>
 		<File
-			RelativePath="mp_prime_fermat.c"
+			RelativePath="mp_prime_extra_strong_lucas.c"
 			>
 		</File>
 		<File

makefile

@@ -35,7 +35,7 @@ mp_get_mag_u64.o mp_get_mag_ul.o mp_grow.o mp_hash.o mp_init.o mp_init_copy.o mp
 mp_init_l.o mp_init_multi.o mp_init_set.o mp_init_size.o mp_init_u32.o mp_init_u64.o mp_init_ul.o \
 mp_invmod.o mp_is_square.o mp_kronecker.o mp_lcm.o mp_log_n.o mp_lshd.o mp_mod.o mp_mod_2d.o \
 mp_montgomery_calc_normalization.o mp_montgomery_reduce.o mp_montgomery_setup.o mp_mul.o mp_mul_2.o \
-mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_fermat.o \
+mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_extra_strong_lucas.o \
 mp_prime_frobenius_underwood.o mp_prime_is_prime.o mp_prime_miller_rabin.o mp_prime_next_prime.o \
 mp_prime_rabin_miller_trials.o mp_prime_rand.o mp_prime_strong_lucas_selfridge.o mp_radix_size.o \
 mp_radix_size_overestimate.o mp_rand.o mp_rand_source.o mp_read_radix.o mp_reduce.o mp_reduce_2k.o \

makefile.mingw

@@ -37,7 +37,7 @@ mp_get_mag_u64.o mp_get_mag_ul.o mp_grow.o mp_hash.o mp_init.o mp_init_copy.o mp
 mp_init_l.o mp_init_multi.o mp_init_set.o mp_init_size.o mp_init_u32.o mp_init_u64.o mp_init_ul.o \
 mp_invmod.o mp_is_square.o mp_kronecker.o mp_lcm.o mp_log_n.o mp_lshd.o mp_mod.o mp_mod_2d.o \
 mp_montgomery_calc_normalization.o mp_montgomery_reduce.o mp_montgomery_setup.o mp_mul.o mp_mul_2.o \
-mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_fermat.o \
+mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_extra_strong_lucas.o \
 mp_prime_frobenius_underwood.o mp_prime_is_prime.o mp_prime_miller_rabin.o mp_prime_next_prime.o \
 mp_prime_rabin_miller_trials.o mp_prime_rand.o mp_prime_strong_lucas_selfridge.o mp_radix_size.o \
 mp_radix_size_overestimate.o mp_rand.o mp_rand_source.o mp_read_radix.o mp_reduce.o mp_reduce_2k.o \

makefile.msvc

@@ -33,7 +33,7 @@ mp_get_mag_u64.obj mp_get_mag_ul.obj mp_grow.obj mp_hash.obj mp_init.obj mp_init
 mp_init_l.obj mp_init_multi.obj mp_init_set.obj mp_init_size.obj mp_init_u32.obj mp_init_u64.obj mp_init_ul.obj \
 mp_invmod.obj mp_is_square.obj mp_kronecker.obj mp_lcm.obj mp_log_n.obj mp_lshd.obj mp_mod.obj mp_mod_2d.obj \
 mp_montgomery_calc_normalization.obj mp_montgomery_reduce.obj mp_montgomery_setup.obj mp_mul.obj mp_mul_2.obj \
-mp_mul_2d.obj mp_mul_d.obj mp_mulmod.obj mp_neg.obj mp_or.obj mp_pack.obj mp_pack_count.obj mp_prime_fermat.obj \
+mp_mul_2d.obj mp_mul_d.obj mp_mulmod.obj mp_neg.obj mp_or.obj mp_pack.obj mp_pack_count.obj mp_prime_extra_strong_lucas.obj \
 mp_prime_frobenius_underwood.obj mp_prime_is_prime.obj mp_prime_miller_rabin.obj mp_prime_next_prime.obj \
 mp_prime_rabin_miller_trials.obj mp_prime_rand.obj mp_prime_strong_lucas_selfridge.obj mp_radix_size.obj \
 mp_radix_size_overestimate.obj mp_rand.obj mp_rand_source.obj mp_read_radix.obj mp_reduce.obj mp_reduce_2k.obj \

makefile.shared

@@ -32,7 +32,7 @@ mp_get_mag_u64.o mp_get_mag_ul.o mp_grow.o mp_hash.o mp_init.o mp_init_copy.o mp
 mp_init_l.o mp_init_multi.o mp_init_set.o mp_init_size.o mp_init_u32.o mp_init_u64.o mp_init_ul.o \
 mp_invmod.o mp_is_square.o mp_kronecker.o mp_lcm.o mp_log_n.o mp_lshd.o mp_mod.o mp_mod_2d.o \
 mp_montgomery_calc_normalization.o mp_montgomery_reduce.o mp_montgomery_setup.o mp_mul.o mp_mul_2.o \
-mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_fermat.o \
+mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_extra_strong_lucas.o \
 mp_prime_frobenius_underwood.o mp_prime_is_prime.o mp_prime_miller_rabin.o mp_prime_next_prime.o \
 mp_prime_rabin_miller_trials.o mp_prime_rand.o mp_prime_strong_lucas_selfridge.o mp_radix_size.o \
 mp_radix_size_overestimate.o mp_rand.o mp_rand_source.o mp_read_radix.o mp_reduce.o mp_reduce_2k.o \

makefile.unix

@@ -38,7 +38,7 @@ mp_get_mag_u64.o mp_get_mag_ul.o mp_grow.o mp_hash.o mp_init.o mp_init_copy.o mp
 mp_init_l.o mp_init_multi.o mp_init_set.o mp_init_size.o mp_init_u32.o mp_init_u64.o mp_init_ul.o \
 mp_invmod.o mp_is_square.o mp_kronecker.o mp_lcm.o mp_log_n.o mp_lshd.o mp_mod.o mp_mod_2d.o \
 mp_montgomery_calc_normalization.o mp_montgomery_reduce.o mp_montgomery_setup.o mp_mul.o mp_mul_2.o \
-mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_fermat.o \
+mp_mul_2d.o mp_mul_d.o mp_mulmod.o mp_neg.o mp_or.o mp_pack.o mp_pack_count.o mp_prime_extra_strong_lucas.o \
 mp_prime_frobenius_underwood.o mp_prime_is_prime.o mp_prime_miller_rabin.o mp_prime_next_prime.o \
 mp_prime_rabin_miller_trials.o mp_prime_rand.o mp_prime_strong_lucas_selfridge.o mp_radix_size.o \
 mp_radix_size_overestimate.o mp_rand.o mp_rand_source.o mp_read_radix.o mp_reduce.o mp_reduce_2k.o \