## Joel Brigida
### Lecture 3 for Assignment 1
### Sept 1, 2023

Important Concepts:

- What happens when a 64-bit number is stored into a 32-bit word/variable?
- The UPPER 32-bits are lost. The lower 32-bits are retained.

Example pseudo-code:

```python
0b1100  # MSB = 1, LSB = 0

0b1100 & 0b11 = 0b00            # result is the LSB 2 bits of the 4 bit variable
0b1100 >> 2 & 0b11 = 0b11       # save upper 2 bits of the 4 bit variable into a separate variable

# 0b00 -> "Lower Half"
# 0b11 -> "Upper Half"

0b11001100 >> 4 = 0b1100

0b10101111 -> 0b1010 0b1111     # Need to split an 8 bit number to a 4-bit upper half & 4-bit lower half
                al     ah

0b1010 || 0b1111 => 0b10101111  # Concatenation

```

# 1: Compute Residue Without Using '%' operator:

## $$ a \bmod p_{1} $$

In [1]:
a = 2^30 - 18                   # Number to be reduced
p1 = 2^17 - 1                   # Modulus 1 Mersenne Prime

# 2^30 - 18 = 31 bits
# 2^17 - 1 = 17 bits

ah = a >> 17                    # resulting operation is 13 bits
al = p1 & a                     # need upper p1 as a mask: p1 = 0x1ffff (17 1's)

print(hex(2^17 - 1))
print(hex(2^30 - 1), '\n')

print('a = 2^30 - 18 = ', hex(a))
print('p1 = 2^17 - 1 = ', hex(p1), '\n')

print('ah: (high 13 bits) ', hex(ah))
print('al: (lower 17 bits) ', hex(al), '\n')

# print(f'hex(ah + al) = {hex(ah + al)}')

r = ah + al                     # Add the lower and upper bits together
print(f'r = ah + al = {r.nbits()} bits = {hex(r)}')
print(f'r > p1 ? {r > p1}\n')

# Still at 18 bits, need to get to 17 bits ... what can I remove?

r -= p1                         # subtract the 17 bit modulus from r
print(f'r -= p1 = {hex(r)}')
print(f'r > p1 ? {r > p1}\n')

print(f'Residue of a % p1 = {hex(r)}')
print(f'Answer matches correct result ? {hex(r) == hex(a % p1)}')

0x1ffff
0x3fffffff 

a = 2^30 - 18 =  0x3fffffee
p1 = 2^17 - 1 =  0x1ffff 

ah: (high 13 bits)  0x1fff
al: (lower 17 bits)  0x1ffee 

r = ah + al = 18 bits = 0x21fed
r > p1 ? True

r -= p1 = 0x1fee
r > p1 ? False

Residue of a % p1 = 0x1fee
Answer matches correct result ? True


## $$ a \bmod p_{2} $$

In [2]:
a2 = 2^30 - 18                  # Number to be reduced
p2 = 2^26 - 5                   # Modulus 2 Pseudo-Mersenne Prime

print(f'a2 = {hex(a2)}')
print(f'p2 = {hex(p2)}\n')

print(f'a2 = {bin(a2)}')
print(f'p2 = {bin(p2)}\n')

# 2^30 = 30 bits
# 2^26 = 26 bits

ah2 = a2 >> 26                  # High Bits: Result is 4 bits 0xF
print(f'ah2 = {hex(ah2)}')

al2 = a2 & (p2 + 4)             # Low bits: Lowest 26 bits of dividend: p2 + 4 = 26 1's
print(f'al2 = {hex(al2)}')

r2 = (ah2 * 5) + al2            # multiply by 5 because of the -5 in: p2 = 2^26 - 5
print(f'r2 = {hex(r2)} (before while loop)\n')

while(r2 > p2):
    r2 = r2 - p2

print(f'r2: Residue of {hex(a)} % {hex(p2)} = {hex(r2)}\n')
print(f'a2 % p2: Residue of {hex(a)} % {hex(p2)} = {hex(a2 % p2)}\n')
print(f'Answer matches correct result ? {hex(r2) == hex(a2 % p2)}\n')

print('----------------------------------------------\n')
a2 = 2^30 - 18                  # Number to be reduced
p2 = 2^26 - 5                   # Modulus 2 Pseudo-Mersenne Prime

r2 = ((a2 >> 26) * 5) + (a2 & (p2 + 4))
print(f'Single Line Solution, r2 before while loop: {hex(r2)}\n')

while(r2 > p2):
    r2 -= p2

print(hex(r2))

a2 = 0x3fffffee
p2 = 0x3fffffb

a2 = 0b111111111111111111111111101110
p2 = 0b11111111111111111111111011

ah2 = 0xf
al2 = 0x3ffffee
r2 = 0x4000039 (before while loop)

r2: Residue of 0x3fffffee % 0x3fffffb = 0x3e

a2 % p2: Residue of 0x3fffffee % 0x3fffffb = 0x3e

Answer matches correct result ? True

----------------------------------------------

Single Line Solution, r2 before while loop: 0x4000039

0x3e


## $$ a \bmod b $$

In [3]:
a = 2^30 - 18           # Number to be reduced
b = 2^16                # A power of 2

print(f'2^16     = {bin(2^16)}')
print(f'2^16 - 1  = {bin(2^16 - 1)}\n')

c = a & (2^16 - 1)      # Mask 'a' == (a % 2^16)

print(f'Residue of a % b = {hex(c)}\n')
print(f'Answer matches correct result ? {hex(c) == hex(a % b)}')

2^16     = 0b10000000000000000
2^16 - 1  = 0b1111111111111111

Residue of a % b = 0xffee

Answer matches correct result ? True


## Part 1 Answer Key (For Reference):

In [4]:
a = (2^30 - 18)
p1 = (2^17 - 1)
p2 = (2^26 - 5)
b = 2^16

print(f'1a) residue of a % p1 = (2^30 - 18) % (2^17 - 1) = {a % p1}   = {hex(a % p1)}')
print(f'1b) residue of a % p2 = (2^30 - 18) % (2^26 - 5) = {a % p2}     = {hex(a % p2)}')
print(f'1c) residue of a % b  = (2^30 - 18) % (2^16)     = {a % b}  = {hex(a % b)}')

1a) residue of a % p1 = (2^30 - 18) % (2^17 - 1) = 8174   = 0x1fee
1b) residue of a % p2 = (2^30 - 18) % (2^26 - 5) = 62     = 0x3e
1c) residue of a % b  = (2^30 - 18) % (2^16)     = 65518  = 0xffee


# 2: FLT - Fermats Little Theorem

- If we have a modulus $p$ and a number to reduce $a$.
- We want to find the multiplicative inverse in a finite field (field defined by a prime).
- Show that $ a^{p-2} \equiv a^{-1} \text{mod } p $ is true.

## $$ a^{p-2} \equiv a^{-1} \text{mod } p $$

In [5]:
a = 32; p = 17; n = -1

print(f'{a}^{p - 2} = {a}^(-1) mod {p} = {pow(a, n, p)}\n')
print(f'{a}^{p - 2} = {hex(a^(p-2))} = {a}^(-1) mod {p} = {hex(a^(p-2))} % {p} = {a^(p-2) % p}\n')
print(f'Inverse Mod({a}, {p}) = {inverse_mod(a, p)}\n')
print(f'{a} % {p} = {a % p}\n\n\n')

# FLT = a^(p-2) % p === a^(-1) % p
a = 51                  # modulus
p1 = 2^17 - 1           # Number to be reduced

print(hex(a^(p1-2) % p1), '\n')
print(hex(a^(-1) % p1), '\n')

print(a^(p1-2) % p1 == (a^(-1) % p1), '\n') 

# need n - 1 multiplications for a^n
# a^4 = a * a * a * a (4 multiplications)
# a^5 = a * a * a * a * a (5 multiplications)
a = 51
r = a

for i in range(p1 - 3):
    r = (r * a) % p1

print(hex(r), '\n')
print(f'Total Iterations: {p1 - 3}\n\n\n')

a = 51
p = 0x0001FFFF

print(f'Inverse Mod(a, p) = {hex(inverse_mod(a, p))}\n')

print(f'a^(p-1) mod p = 1: {a^(p-1) % p}\n')

print(f'a^(p-2) mod p = {hex(a^(p - 2) % p)} = {a^(p - 2) % p}\n')

print(f'pow(a, p-2, p) = {hex(pow(a, (p - 2), p))} = {a^(p-2) % p}\n')

print(f'a^(p-2) % p = {hex(a^(p-2) % p)} = {a^(p-2) % p}')

32^15 = 32^(-1) mod 17 = 8

32^15 = 0x8000000000000000000 = 32^(-1) mod 17 = 0x8000000000000000000 % 17 = 8

Inverse Mod(32, 17) = 8

32 % 17 = 15



0x1f5f5 

0x1f5f5 

True 

0x1f5f5 

Total Iterations: 131068



Inverse Mod(a, p) = 0x1f5f5

a^(p-1) mod p = 1: 1

a^(p-2) mod p = 0x1f5f5 = 128501

pow(a, p-2, p) = 0x1f5f5 = 128501

a^(p-2) % p = 0x1f5f5 = 128501


## Inversion using `inverse_mod()` function: 
### FLT method only works with prime modulus. 
### $$ x^{-1} = x^{p-2} \bmod p $$
### Example: $$ 17^{-1} = 17^{19-2} \bmod 19 = 9 $$

In [13]:
c = inverse_mod(17, 19)
print(f'17^(17) % 19 = {c}\n')

17^(17) % 19 = 9



## EEA: Extended Euclidean Algorithm

- Slightly Faster than FLT: does not need to perform exponentiation with each loop iteration.
- See P.57 of Lec2-FF.pdf for C pseudocode.

In [6]:
def EEA(b, p1, count):
    # p1 = 0x0001FFFF
    a = p1
    # b = 51                                  # modulus
    u = 1
    v = 0
    d = a
    v1 = 0
    v3 = b

    while(v3 != 0):
        q = d // v3;                        # integer division
        t3 = d % v3;
        t1 = u - (q * v1);
        
        if(t1 < 0):
            print(f'While: t1 = {hex(t1)} = {t1}\n')
            t1 = t1 + p1
        
        u = v1
        d = v3
        v1 = t1
        v3 = t3
        count += 1


    v = (d - (a * u)) / b;                  # can be negative

    if(v < 0):                              # if negative: Add the modulus
        v = v + a

    print(f'v = {hex(v)}')
    return count

b = 51                                      # modulus
p1 = 0x0001FFFF

counter = EEA(b, p1, 0)

print(f'Iterations: {counter}')

While: t1 = -0x33 = -51

v = 0x1f5f5
Iterations: 2


### Implementing $ \bmod $ operator without using $ \bmod $ function:
### $$ a \, \bmod \, b = a - \left( \biggl\lfloor \frac{a}{b} \biggr\rfloor \cdot b \right) $$

- Load and read 1st & 2nd operands.
- Shift right to the nearest multiple of 2 of the 2nd operator

In [7]:
# implementing a % b = r without using % operator

def modFunc(a, b):
    result = a - (a // b * b)   ## Modulo w/o using % operator (but uses integer division !!)
    # need a bitshifting method to accomodate the same result faster every time.
    print(f'Calculated result: {a} % {b} = {result}')
    print(f'Check w/ % operator: {a % b}\n')

modFunc(-7, 12) # not a prime modulus means not a Finite Field!! Notice how the math doesn't work
modFunc(7, 12)
modFunc(35, 12)

modFunc(-12, 17)
modFunc(12, 17)
modFunc((5 * 6), 17)
modFunc(24, 17)


Calculated result: -7 % 12 = 5
Check w/ % operator: 5

Calculated result: 7 % 12 = 7
Check w/ % operator: 7

Calculated result: 35 % 12 = 11
Check w/ % operator: 11

Calculated result: -12 % 17 = 5
Check w/ % operator: 5

Calculated result: 12 % 17 = 12
Check w/ % operator: 12

Calculated result: 30 % 17 = 13
Check w/ % operator: 13

Calculated result: 24 % 17 = 7
Check w/ % operator: 7



### Bitshifting Method For Pseudo-Marsenne Primes:

#### Pseudo-Mersenne Primes have the form: $$ 2^{n} - m \, | \, n, m \in \N $$
#### $$ $$

In [8]:
# This function is easily reproducible for C language
def PseudoMars(div, n, m):
    div1 = div
    mod1 = 2^n - m                      # 2^26 - 5 is the modulus in our case
    print(f'div1 = {hex(div1)}\nmod1 = {hex(mod1)} = 2^{n} - {m}\n')

    res = ((div1 >> n) * m) + (div1 & (mod1 + (m - 1)))
    print(f'res before while loop: {hex(res)}\n')

    while(res > mod1):
        res -= mod1

    print(f'res after while loop: {hex(div1 % mod1)}')
    print(f'{hex(div1)} % {hex(mod1)} = {hex(res)} = {hex(div1 % mod1)}')
    return


i = 26; j = 5
dividend = 2^30 - 18                    # Pseudo Marsenne Prime to be reduced
# modulus = 2^i - j                     # 2^26 - 5 is the modulus

PseudoMars(dividend, i, j)

div1 = 0x3fffffee
mod1 = 0x3fffffb = 2^26 - 5

res before while loop: 0x4000039

res after while loop: 0x3e
0x3fffffee % 0x3fffffb = 0x3e = 0x3e
