/*
 *   Test program to find discrete logarithms using Pollard's rho method.
 *   Suitable primes are generated by "genprime" program
 *
 *   See "Monte Carlo Methods for Index Computation"
 *   by J.M. Pollard in Math. Comp. Vol. 32 1978 pp 918-924
 */

#include <stdio.h>
#include <stdlib.h>
#include "miracl.h"

#define NPRIMES 10
#define PROOT 2

static big p,p1,order,lim1,lim2;
static BOOL flag=FALSE;

void iterate(big x,big q,big r,big a,big b)
{ /* apply Pollards random mapping */
    if (mr_compare(x,lim1)<0)
    {
        mad(x,q,q,p,p,x);
        incr(a,1,a);
        if (mr_compare(a,order)==0) zero(a);
        return;
    }
    if (mr_compare(x,lim2)<0)
    {
        mad(x,x,x,p,p,x);
        premult(a,2,a);
        if (mr_compare(a,order)>=0) subtract(a,order,a);
        premult(b,2,b);
        if (mr_compare(b,order)>=0) subtract(b,order,b);
        return;
    }
    mad(x,r,r,p,p,x);
    incr(b,1,b);
    if (mr_compare(b,order)==0) zero(b);
}

long rho(big q,big r,big m,big n)
{ /* find q^m = r^n */
    long iter,rr,i;
    big ax,bx,ay,by,x,y;
    ax=mirvar(0);
    bx=mirvar(0);
    ay=mirvar(0);
    by=mirvar(0);
    x=mirvar(1);
    y=mirvar(1);
    iter=0L;
    rr=1L;
    do
    { /* Brent's Cycle finder */
        copy(y,x);
        copy(ay,ax);
        copy(by,bx);
        rr*=2;
        for (i=1;i<=rr;i++)
        {
            iter++;
            iterate(y,q,r,ay,by);
            if (mr_compare(x,y)==0) break;
        }
    } while (mr_compare(x,y)!=0);

    subtract(ax,ay,m);
    if (size(m)<0) add(m,order,m);
    subtract(by,bx,n);
    if (size(n)<0) add(n,order,n);
    mirkill(y);
    mirkill(x);
    mirkill(by);
    mirkill(ay);
    mirkill(bx);
    mirkill(ax);
    return iter;
}

int main()
{
    int i,id,np;
    long iter;
    big pp[NPRIMES],rem[NPRIMES];
    big m,n,Q,R,q,w,x;
    FILE *fp;
    big_chinese bc;
    miracl *mip=mirsys(50,0);
    for (i=0;i<NPRIMES;i++) 
    {
        pp[i]=mirvar(0);
        rem[i]=mirvar(0);
    }
    q=mirvar(0);
    Q=mirvar(0);
    R=mirvar(0);
    w=mirvar(0);
    m=mirvar(0);
    n=mirvar(0);
    x=mirvar(0);
    p=mirvar(0);
    p1=mirvar(1);
    order=mirvar(0);
    lim1=mirvar(0);
    lim2=mirvar(0);
    if ((fp=fopen("prime.dat","rt"))==NULL)
    {
        printf("Unable to find prime.dat\n");
        return 0;
    }
    fscanf(fp,"%d\n",&np);
    for (i=0;i<np;i++) cinnum(pp[i],fp);
    fclose(fp);
    for (i=0;i<np;i++) multiply(p1,pp[i],p1);
    incr(p1,1,p);
    if (!isprime(p))
    {
        printf("Huh - modulus is not prime!");
        return 0;
    }
    subdiv(p,3,lim1);
    premult(lim1,2,lim2);
    printf("solve discrete logarithm problem - using Pollard rho method\n");
    printf("finds x in y=%d^x mod p, given y, for fixed p\n",PROOT);
    printf("p=");
    cotnum(p,stdout);
    printf("given factorisation of p-1 = \n2");
    for (i=1;i<np;i++) 
    {
        cotstr(pp[i],mip->IOBUFF);
        printf("*%s",mip->IOBUFF);
    }
    printf("\n\nEnter y= ");
    cinnum(q,stdin);
    crt_init(&bc,np,pp);
    for (i=0;i<np;i++)
    { /* accumulate solutions for each pp */
        copy(p1,w);
        divide(w,pp[i],w);
        powmod(q,w,p,Q);
        powltr(PROOT,w,p,R);
        copy(pp[i],order);
        iter=rho(Q,R,m,n);
        xgcd(m,order,w,w,w);
        mad(w,n,n,order,order,rem[i]);
        printf("%ld iterations needed\n",iter);
    }
    crt(&bc,rem,x);   /* apply Chinese remainder thereom */
    printf("Discrete log of y= ");
    cotnum(x,stdout);
    powltr(PROOT,x,p,w);
    printf("check = ");
    cotnum(w,stdout);
    crt_end(&bc);
    return 0;
}