{-# LANGUAGE ConstraintKinds #-}
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-# LANGUAGE InstanceSigs #-}
{-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE PolyKinds #-}
{-# LANGUAGE RebindableSyntax #-}
{-# LANGUAGE RoleAnnotations #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TypeApplications #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE UndecidableInstances #-}
module Crypto.Lol.Types.FiniteField
( GF
, PrimeField, GFCtx
, size, trace, toList, fromList
, IrreduciblePoly(..), X(..), (^^)
, TensorCoeffs(..)
) where
import Crypto.Lol.CRTrans
import Crypto.Lol.Factored
import Crypto.Lol.Prelude
import Crypto.Lol.Reflects
import Crypto.Lol.Types.Unsafe.ZqBasic hiding (ZqB, unZqB)
import Algebra.Additive as Additive (C)
import Algebra.Field as Field (C)
import Algebra.Module as Module (C)
import Algebra.Ring as Ring (C)
import Algebra.ZeroTestable as ZeroTestable (C)
import MathObj.Polynomial
import Math.NumberTheory.Primes (factorise, unPrime)
import Control.Applicative hiding ((*>))
import Control.DeepSeq
import Control.Monad
import Control.Monad.Random (liftRand, runRand)
import qualified Data.Vector as V
import System.Random
newtype GF fp d = GF (Polynomial fp)
deriving (Eq, Show, Additive.C, ZeroTestable.C, NFData)
type role GF representational representational
type PrimeField fp = (Enumerable fp, Field fp, Eq fp, ZeroTestable fp,
Prime (CharOf fp), IrreduciblePoly fp)
type GFCtx fp d = (PrimeField fp, Reflects d Int)
instance (GFCtx fp d) => Enumerable (GF fp d) where
values = GF . fromCoeffs <$>
replicateM (value @d) values
instance (Random fp, Reflects d Int) => Random (GF fp d) where
random = let d = value @d
in runRand $ GF . fromCoeffs <$> replicateM d (liftRand random)
{-# INLINABLE random #-}
randomR _ = error "randomR non-sensical for GF"
instance (GFCtx fp d) => Ring.C (GF fp d) where
one = GF one
(*) = let poly = proxy irreduciblePoly (Proxy :: Proxy d)
in \(GF f) (GF g) -> GF $ (f*g) `mod` poly
fromInteger = GF . fromInteger
instance (GFCtx fp d) => Field.C (GF fp d) where
recip = let g = proxy irreduciblePoly (Proxy :: Proxy d)
in \(GF f) -> let (_,(a,_)) = extendedGCD f g
in GF a
instance (GFCtx fp d, NFData fp) => CRTrans Maybe (GF fp d) where
crtInfo :: forall (m :: k) . (Reflects m Int) => TaggedT m Maybe (CRTInfo (GF fp d))
{-# INLINABLE crtInfo #-}
crtInfo = tagT $ (,) <$> omegaPow <*> scalarInv
where
omegaPow :: Maybe (Int -> GF fp d)
omegaPow =
let size' = proxy size (Proxy :: Proxy (GF fp d))
mval = value @m
(q,r) = (size'-1) `quotRem` mval
gen = head $ filter isPrimitive values
omega = gen^q
omegaPows = force $ V.iterateN mval (*omega) one
in if r == 0
then Just $ (omegaPows V.!) . (`mod` mval)
else Nothing
scalarInv :: Maybe (GF fp d)
scalarInv = Just $ recip $ fromIntegral $ valueHat (value @m :: Int)
newtype TensorCoeffs a = Coeffs {unCoeffs :: [a]} deriving (Additive.C)
instance (Additive fp, Ring (GF fp d), Reflects d Int)
=> Module.C (GF fp d) (TensorCoeffs fp) where
r *> (Coeffs fps) =
let dval = value @d
n = length fps
in if n `mod` dval /= 0 then
error $ "FiniteField: d (= " ++ show dval ++
") does not divide n (= " ++ show n ++ ")"
else Coeffs $ concat (toList . (r *) . fromList <$> chunksOf dval fps)
chunksOf :: Int -> [a] -> [[a]]
chunksOf _ [] = []
chunksOf n xs
| n > 0 = let (h,t) = splitAt n xs in h : chunksOf n t
| otherwise = error "chunksOf: non-positive n"
toList :: forall fp d . (Reflects d Int, Additive fp) => GF fp d -> [fp]
toList = let dval = value @d
in \(GF p) -> let l = coeffs p
in l ++ replicate (dval - length l) zero
fromList :: forall fp d . (Reflects d Int) => [fp] -> GF fp d
fromList = let dval = value @d
in \cs -> if length cs <= dval then GF $ fromCoeffs cs
else error $ "FiniteField.fromList: length " ++
show (length cs) ++ " > degree " ++ show dval
sizePP :: forall fp d . (GFCtx fp d) => Tagged (GF fp d) PP
sizePP = tag (valuePrime @(CharOf fp), value @d)
size :: (GFCtx fp d) => Tagged (GF fp d) Int
size = uncurry (^) <$> sizePP
isPrimitive :: forall fp d . (GFCtx fp d) => GF fp d -> Bool
isPrimitive = let q = proxy size (Proxy :: Proxy (GF fp d))
ps = map (fromIntegral . unPrime . fst) $ factorise @Integer $
fromIntegral $ q-1
exps = map ((q-1) `div`) ps
in \g -> not (isZero g) && all (\e -> g^e /= 1) exps
dotp :: (Ring a) => [a] -> [a] -> a
dotp a b = sum $ zipWith (*) a b
trace :: forall fp d . (GFCtx fp d) => GF fp d -> fp
{-# SPECIALIZE trace :: (Prime p, Reflects d Int, Reflects p Int64, IrreduciblePoly (ZqBasic p Int64)) => GF (ZqBasic p Int64) d -> ZqBasic p Int64 #-}
trace = let ts = proxy powTraces (Proxy::Proxy (GF fp d))
in \(GF f) -> dotp ts (coeffs f)
powTraces :: forall fp d . (GFCtx fp d) => Tagged (GF fp d) [fp]
powTraces =
tag $ map trace' $ take (value @d) $ iterate (* GF (X ^^ 1)) (one :: GF fp d)
trace' :: (GFCtx fp d) => GF fp d -> fp
trace' e = let (p,d) = witness sizePP e
(GF t) = sum $ take d $ iterate (^p) e
in head $ coeffs t
class Field fp => IrreduciblePoly fp where
irreduciblePoly :: (Reflects d Int) => Tagged d (Polynomial fp)
data X = X
(^^) :: Ring a => X -> Int -> Polynomial a
X ^^ i | i >= 0 = fromCoeffs $ replicate i 0 ++ [1]
_ ^^ _ = error "FiniteField.(^^) only defined for non-negative exponents."