crypton-1.0.1: Cryptography Primitives sink
LicenseBSD-style
MaintainerVincent Hanquez <vincent@snarc.org>
Stabilityexperimental
PortabilityGood
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.Number.ModArithmetic

Description

 
Synopsis

Exponentiation

expSafe Source #

Arguments

:: Integer

base

-> Integer

exponent

-> Integer

modulo

-> Integer

result

Compute the modular exponentiation of base^exponent using algorithms design to avoid side channels and timing measurement

Modulo need to be odd otherwise the normal fast modular exponentiation is used.

When used with integer-simple, this function is not different from expFast, and thus provide the same unstudied and dubious timing and side channels claims.

Before GHC 8.4.2, powModSecInteger is missing from integer-gmp, so expSafe has the same security as expFast.

expFast Source #

Arguments

:: Integer

base

-> Integer

exponent

-> Integer

modulo

-> Integer

result

Compute the modular exponentiation of base^exponent using the fastest algorithm without any consideration for hiding parameters.

Use this function when all the parameters are public, otherwise expSafe should be preferred.

Inverse computing

inverse :: Integer -> Integer -> Maybe Integer Source #

inverse computes the modular inverse as in g^(-1) mod m.

inverseCoprimes :: Integer -> Integer -> Integer Source #

Compute the modular inverse of two coprime numbers. This is equivalent to inverse except that the result is known to exists.

If the numbers are not defined as coprime, this function will raise a CoprimesAssertionError.

inverseFermat :: Integer -> Integer -> Integer Source #

Modular inverse using Fermat's little theorem. This works only when the modulus is prime but avoids side channels like in expSafe.

Squares

jacobi :: Integer -> Integer -> Maybe Integer Source #

Computes the Jacobi symbol (a/n). 0 ≤ a < n; n ≥ 3 and odd.

The Legendre and Jacobi symbols are indistinguishable exactly when the lower argument is an odd prime, in which case they have the same value.

See algorithm 2.149 in "Handbook of Applied Cryptography" by Alfred J. Menezes et al.

squareRoot :: Integer -> Integer -> Maybe Integer Source #

Modular square root of g modulo a prime p.

If the modulus is found not to be prime, the function will raise a ModulusAssertionError.

This implementation is variable time and should be used with public parameters only.