machine-prime 1.5.7

ne plus ultra primality testing for machine-sized integers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250

use crate::wide::{to_mont_128,mont_prod_128,mont_sqr_128, nqr_128, mont_sub_128};
/*
  Sergei Khashin's Frobenius primality test, described in Evaluation of the Effectiveness of the Frobenius Primality Test
  
  let c be the minimum integer in the sequence [n-1,2,3,4,5,..] such that Jacobi(c,n)=-1 e.g c is a nonquadratic residue of n
  
  then n is prime iff 
   
   Case c == n-1
       (2 + sqrt(-1))^n mod n = 2 + -sqrt(-1)
   Case c == 2
       (2 + sqrt(2))^n mod n= 2 + -sqrt(2)
   Case c > 2
      (1 + sqrt(c))^n = 1-sqrt(c)
  
  This is a bit slower than the BPSW but is potentially much stronger if not foolproof
  
  Khashin notes that a Frobenius pseudoprime with parameters (a,b,c) is also a fermat pseudoprime to a^2-b^2*c
  
  Therefore a Frobenius pseudoprime to each case must also be a fermat pseudoprime to a witness 
  
   Case c == n-1
     2^2-1*-1 = 5
   case c == 2 
     2^2-1*2 = 2
   Case c > 2
     1+-1c  = n-c+1
 
Note the converse is not true. The QFT is far stronger than the fermat test, this implementation has no known counterexamples. Khashin evaluated it up to 2^64. And I ran it against the 59043 pseudoprimes to the first 15 primes that are under 2^128

Currently is_prime_wc_128 employs a base-2 strong pseudoprime, prior to the QFT. This is for 2 reasons

  1. It eliminates most composites and approximately 70% of the remaining integers will be evaluated more quickly in the first 2 cases
  2. Base-2 strong fermat is particularly fast to evaluate, and the QFT is particularly slow so adding it on top reduces the
     probability of error, which is the purpose of this option.
  

  Unfortunately using witness of 2 is not particularly strong, it only substantially benefits the first and third case.
  
  Good candidates for a different strong fermat witness are 72,15,37,60,9375
*/

// In: X < N
// Out: X+X mod N
const fn double(x: u128, n: u128) -> u128{
   let sum = x.wrapping_shl(1);
   if sum >= n || sum < x{
     return sum.wrapping_sub(n)
   }
  sum
}

// In: X,Y < N
// Out: X+Y mod N
const fn mont_add(x: u128, y: u128, n: u128) -> u128{
   let sum = x.wrapping_add(y);
   if sum >= n || sum < x{
     return sum.wrapping_sub(n)
   }
  sum
}

// 2*x*y
const fn sqr_coef(x: u128, y: u128, inv: u128, n: u128) -> u128{
   double(mont_prod_128(x,y,inv,n),n)
}

// x,y * a,b
const fn prod_coef(x: u128, y: u128, a: u128, b: u128, inv: u128, n: u128) -> u128{
   mont_add(mont_prod_128(x,b,inv,n),mont_prod_128(y,a,inv,n),n)
}

// Gaussian Integer arithmetic case a+bi where i = sqrt(-1)

// x^2 - y^2
const fn gaussian_sqr_real(x: u128, y: u128, inv: u128, n: u128) -> u128{
   mont_sub_128(mont_sqr_128(x,inv,n),mont_sqr_128(y,inv,n),n)
}

const fn gaussian_prod_real(x: u128, y: u128, a: u128, b: u128,inv: u128, n: u128) -> u128{
   mont_sub_128(mont_prod_128(x,a,inv,n),mont_prod_128(y,b,inv,n),n)
}


const fn gaussian_sqr(x: (u128,u128), inv: u128, n: u128) -> (u128,u128){
    (gaussian_sqr_real(x.0,x.1,inv,n),sqr_coef(x.0,x.1,inv,n))   
}

const fn gaussian_prod(x: (u128,u128), a:(u128,u128),inv: u128, n: u128) -> (u128,u128){
   (gaussian_prod_real(x.0,x.1,a.0,a.1,inv,n),prod_coef(x.0,x.1,a.0,a.1,inv,n))
}

const fn gaussian_pow(mut base: (u128,u128),mut one: (u128,u128),mut pow: u128, inv: u128, n: u128) -> (u128,u128){
   while pow > 1 {
     if pow&1 == 0{
     base = gaussian_sqr(base,inv,n);
     pow>>=1;
   }
    else{
      one = gaussian_prod(one,base,inv,n);
      base = gaussian_sqr(base,inv,n);
      pow>>=1;
    }
  }
  gaussian_prod(one,base,inv,n)
}

// Quadratic integer a+bi where i = sqrt(2)

// x^2 + 2y^2
const fn two_sqr_real(x: u128, y: u128, inv: u128, n: u128) -> u128{
   mont_add(mont_sqr_128(x,inv,n),double(mont_sqr_128(y,inv,n),n),n)
}

const fn two_prod_real(x: u128, y: u128, a: u128, b: u128,inv: u128, n: u128) -> u128{
      mont_add(mont_prod_128(x,a,inv,n),double(mont_prod_128(y,b,inv,n),n),n)
}

const fn two_sqr(x: (u128,u128), inv: u128, n: u128) -> (u128,u128){
    (two_sqr_real(x.0,x.1,inv,n),sqr_coef(x.0,x.1,inv,n))
}

const fn two_prod(x: (u128,u128), a: (u128,u128), inv: u128, n: u128) -> (u128,u128){
   (two_prod_real(x.0,x.1,a.0,a.1,inv,n),prod_coef(x.0,x.1,a.0,a.1,inv,n))
}

const fn two_pow(mut base: (u128,u128),mut one: (u128,u128),mut pow: u128, inv: u128, n: u128) -> (u128,u128){
   while pow > 1 {
     if pow&1 == 0{
     base = two_sqr(base,inv,n);
     pow>>=1;
   }
    else{
      one = two_prod(one,base,inv,n);
      base = two_sqr(base,inv,n);
      pow>>=1;
    }
  }
  two_prod(one,base,inv,n)
}



// x^2 + cy^2
const fn general_sqr_real(x: u128, y: u128, c: u128,inv: u128, n: u128) -> u128{
   mont_add(mont_sqr_128(x,inv,n),mont_prod_128( mont_sqr_128(y,inv,n),c,inv,n),n)
}


const fn general_prod_real(x: u128, y: u128, a: u128, b: u128,c: u128,inv: u128, n: u128) -> u128{
      mont_add(mont_prod_128(x,a,inv,n),mont_prod_128(mont_prod_128(y,b,inv,n),c,inv,n),n)
}

const fn general_sqr(x: (u128,u128),c: u128, inv: u128, n: u128) -> (u128,u128){
   (general_sqr_real(x.0,x.1,c,inv,n),sqr_coef(x.0,x.1,inv,n))
}

const fn general_prod(x: (u128,u128),a: (u128,u128), c: u128, inv: u128, n: u128) -> (u128,u128){
   (general_prod_real(x.0,x.1,a.0,a.1,c,inv,n),prod_coef(x.0,x.1,a.0,a.1,inv,n))
}

const fn general_pow(mut base: (u128,u128),mut one: (u128,u128),c: u128, mut pow: u128, inv: u128, n: u128) -> (u128,u128){
   while pow > 1 {
     if pow&1 == 0{
     base = general_sqr(base,c,inv,n);
     pow>>=1;
   }
    else{
      one = general_prod(one,base,c,inv,n);
      base = general_sqr(base,c,inv,n);
      pow>>=1;
    }
  }
  general_prod(one,base,c,inv,n)
}

// Assuming the GRH we expect to find a nonquadratic residue under 15743 (Ankeny's theorem)
// In: n \in 2Z+1 & n < 2^128
// Out: The minimum element x in the sequence [-1,2,3,4,5,6,...,n] where Jacobi(x,n) =-1
const fn frobenius_idx(n: u128) -> i32{
   // case n = 3 mod 4, half of all odd inputs (n is always odd)
   if n&3 == 3{
      return -1;
   }
   // n = 5 mod 8 
   if n&7 == 5{
      return 2;
   }
   
   if n%12 == 5 || n%12 == 7{
      return 3;
   }
   
   if n%5 == 2 || n%5 == 3{
      return 5;
   }
   
   let mut idx = 7;
   // The Frobenius index is always prime if it is greater than -1   
   while !nqr_128(idx,n){
     idx+=2;
   }
   idx as i32
}

// 1,2,-1, N^-1 will have already been computed for the strong fermat test
pub const fn qft(n: u128, one: u128,two: u128, oneinv: u128,inv: u128) -> bool{
   let idx = frobenius_idx(n);
   let mul_ident = (one,0); 
   // The majority of primes (70%) fall under the first and second cases
   // look at the residue classes in frobenius_idx to see why
   // base-2 strong pseudoprimes seem to map to the first 2 case only 50% of the time
   match idx{
     -1 => {
       // Faster Gaussian case
       
       // initialise starting values
       // 2+1*sqrt(-1)
       let base = (two,one);
       
       let residue = gaussian_pow(base,mul_ident,n,inv,n);
       // Compare to conjugate 2 -1*sqrt(2)
       if residue.0==two && residue.1==oneinv{
          return true;
       }
       false
       }
     2 => {
     // 2+1sqrt(2)
     let base = (two,one);
     let residue = two_pow(base, mul_ident,n,inv,n);
     // Compare to conjugate 2 -1*sqrt(2)
      if residue.0==two && residue.1==oneinv{
          return true;
       }
       false
     }
     _=> {
     
       let base = (one,one);
       let c = to_mont_128(idx as u128,n);
       let residue = general_pow(base,mul_ident, c,n,inv,n);
       // 1 - 1*sqrt(c)
        if residue.0==one && residue.1==oneinv{
          return true;
       }
      false
     }
   }
}