In [2]:
def center(x,q):
    if q % 1 == 0:
        qhalf = Integer((q-1)/2)
        
        return ((x + qhalf) % q) - qhalf;
    else:
        return 0;

In [3]:
def find_n_cyclotomic_trinomial(lbits,hbits):
    set = [];
    for i in range(1,hbits+1):
        for j in range(0,hbits+1):
            n = 2^i*3^j;
            
            if n > 2^hbits or n < 2^lbits:
                continue;
            else:
                set.append(n);
    
    set.sort();
            
    return set;

In [4]:
def find_ntt_prime_cyclotomic(n,b,lbits,hbits):
    
    fac = factor(n);
    
    if len(fac) > 2 or len(fac) == 0:
        #print("does not support cyclotomic trinomial");
        return 0;

    if len(fac) == 1:
        if fac[0][0] != 2:
            #print("does not support cyclotomic trinomial");
            return 0;
            
    if len(fac) == 2:
        if fac[0][0] != 2 or fac[1][0] != 3:
            #print("does not support cyclotomic trinomial");
            return 0;
        
    if ((n % b) != 0) or (n/2 < b):
        #print("please select adequete b");
        return 0;
    
    w_order = 3*n/b;
    
    qs =[];

    k = 1;

    while True:
        q = w_order*k+1;

        k += 1;

        if q < 2^lbits:
            continue;
            
        if q > 2^hbits:
            break;

        if q in Primes():
            qs.append(q);

    return qs;

In [5]:
def find_generator(q):

    Zq = IntegerModRing(q);

    gs = range(1,q);

    for x in list(factor(q-1)):
        p = x[0];

        t = [];

        for g in gs:
            if Zq(g)^((q-1)/p) != 1:
                t.append(Zq(g));

        gs = t;

    return gs;

In [6]:
def find_w_order_cyclotomic_trinomial(n,b):

    return 3*n/b;

In [7]:
def find_w_cyclotomic_trinomial(n,q,b):

    w_order = find_w_order_cyclotomic_trinomial(n,b);
    
    k = Integer((q-1)/w_order);
    
    ws = [g^k for g in find_generator(q)];
    
    return sorted(list(set(ws)));

In [20]:
def gen_zetas(n,q,b):
    
    Zq = IntegerModRing(q);
    
    fac = factor(n/b);
    
    if len(fac) == 2:
        Radix2 = fac[0][1];
        Radix3 = fac[1][1];
    
    if len(fac) == 1:
        if fac[0][0] == 2:
            Radix2 = fac[0][1];
            Radix3 = 0;

        if fac[0][0] == 3:
            Radix2 = 0;
            Radix3 = fac[0][1];

    level = Radix2+Radix3;

    tree = zero_matrix(ZZ,level+1,n/b);
    tree[0,0] = find_w_order_cyclotomic_trinomial(n,b);
    zetas = [];
                
    #Radix-2 NTT with Cyclotomic Polynomial
    tree[1,0] = tree[0,0] / 6;
    tree[1,1] = 5*tree[0,0] / 6;

    x = Integer(Zq(w)^(tree[1,0]) * 2^16);
    x = center(x, q);
    zetas.append(x);
    
    #Radix-3 NTT
    for l in range(1,Radix3+1):
        for i in range(2*3^(l-1)):
            tree[l+1,3*i  ] = tree[l  ,  i] / 3;
            tree[l+1,3*i+1] = tree[l  ,  i] / 3 + tree[0,0]/3;
            tree[l+1,3*i+2] = tree[l  ,  i] / 3 + 2*tree[0,0]/3;
            
            x = center(Zq(w)^(tree[l+1,3*i]) * 2^16, q);
            zetas.append(x);
            x = center(Zq(w)^(tree[l+1,3*i]*2) * 2^16, q);
            zetas.append(x);

    #Radix-2 NTT
    for l in range(Radix3+1,level):
        for i in range(2*3^(Radix3)*2^(l-(Radix3+1))):
            tree[l+1,2*i  ] = tree[l  ,  i] / 2;
            tree[l+1,2*i+1] = tree[l  ,  i] / 2 + tree[0,0]/2;
            
            x = center(Zq(w)^(tree[l+1,2*i]) * 2^16, q);
            zetas.append(x);
            
    return zetas;    

In [21]:
def print_zetas(zetas):
    
    l = len(zetas)
    str1 = "const int16_t zetas[%d] = {" % l
    print(str1)
    for i in range(ceil(l/8)-1):
        str = "\t";
        for j in range(7):
            str += "%5d, " %zetas[8*i+j];
        str += "%5d," %zetas[8*i+7];
        print(str);

    str = "\t";
    for j in range((l%8-1)%8):
        str += "%5d, " %zetas[8*ceil(l/8)-8+j];
    str += "%5d" %zetas[l-1];  
    print(str);    
    print("};");

In [22]:
def print_params(n,q,d,w):
    
    zetas = gen_zetas(n,q,b);
    print_zetas(zetas);

    Zq = IntegerModRing(q);

    print("====ntt====");
    print("w %d" %center(Integer(Zq(w)^(find_w_order_cyclotomic_trinomial(n,b)/3)*2^16),q));

    print("====invntt====");
    print("w %d" %center(Integer(Zq(w)^(find_w_order_cyclotomic_trinomial(n,b)/3)*2^16),q));
    z = Zq(w)^(find_w_order_cyclotomic_trinomial(n,b)/6);
    print("(z - z^5)^-1 %d" %center(Integer(Zq(2^16) * Zq(z - z^5)^-1),q))
    print("2^-1 %d" %center(Integer(Zq(2^-1 *2^16)),q))
    
    
    fac = factor(n/b);
    
    if len(fac) == 2:
        Radix2 = fac[0][1];
        Radix3 = fac[1][1];
    
    if len(fac) == 1:
        if fac[0][0] == 2:
            Radix2 = fac[0][1];
            Radix3 = 0;

        if fac[0][0] == 3:
            Radix2 = 0;
            Radix3 = fac[0][1];
    
    print("====ntt====");
    print("w %d" %center(Integer(Zq(w)^(find_w_order_cyclotomic_trinomial(n,b)/3)*2^16),q));

    print("====invntt====");
    print("w %d" %center(Integer(Zq(w)^(find_w_order_cyclotomic_trinomial(n,b)/3)*2^16),q));
    z = Zq(w)^(find_w_order_cyclotomic_trinomial(n,b)/6);
    print("(z - z^5)^-1 %d" %center(Integer(Zq(2^16) * Zq(z - z^5)^-1),q))
    
    fac = factor(n/b);
    
    if len(fac) == 2:
        Radix2 = fac[0][1];
        Radix3 = fac[1][1];
    
    if len(fac) == 1:
        if fac[0][0] == 2:
            Radix2 = fac[0][1];
            Radix3 = 0;

        if fac[0][0] == 3:
            Radix2 = 0;
            Radix3 = fac[0][1];

    print("level1 %d" %center(Integer(Zq(2^31*2^(-Radix2+1)*3^(-Radix3))),q))
    print("level2 %d" %center(Integer(Zq(2^32*2^(-Radix2+1)*3^(-Radix3))),q))
    print("====reduce.h====");    
    print("QINV : %d" %(q^-1 % 2^16))



In [23]:
n_set = find_n_cyclotomic_trinomial(9,11);
b_set = [1,2,3,4,6];

In [24]:
for n in n_set:
    print("n : ", n);
    for b in b_set:
        qs = find_ntt_prime_cyclotomic(n,b,11,15);
        if qs != 0:
            print("b : ", b, ", qs : ", qs);
    print("");

n :  512
b :  1 , qs :  [7681, 10753, 12289, 15361, 18433, 23041, 26113, 32257]
b :  2 , qs :  [7681, 10753, 12289, 14593, 15361, 18433, 22273, 23041, 26113, 26881, 31489, 32257]
b :  4 , qs :  [2689, 3457, 4993, 6529, 7297, 7681, 9601, 10369, 10753, 12289, 13441, 14593, 15361, 18049, 18433, 20353, 21121, 22273, 23041, 26113, 26497, 26881, 29569, 31489, 31873, 32257]

n :  576
b :  1 , qs :  [3457, 8641, 10369, 12097, 19009]
b :  2 , qs :  [2593, 3457, 8641, 10369, 12097, 16417, 19009, 21601, 25057, 28513, 30241]
b :  3 , qs :  [3457, 6337, 7489, 8641, 10369, 12097, 13249, 14401, 18433, 19009, 20161, 21313, 23041, 26497, 27073, 30529, 32257]
b :  4 , qs :  [2161, 2593, 3457, 3889, 6481, 8209, 8641, 10369, 12097, 15121, 16417, 17713, 19009, 19441, 21169, 21601, 23761, 25057, 28081, 28513, 30241, 32401]
b :  6 , qs :  [2593, 3169, 3457, 6337, 7489, 8353, 8641, 8929, 10369, 10657, 12097, 13249, 13537, 14401, 16417, 16993, 17569, 18433, 19009, 20161, 21313, 21601, 23041, 24481, 25057, 2563

In [40]:
n = 576
q = 3457
b = 4
w = 81

In [41]:
find_w_order_cyclotomic_trinomial(n,b)

432

In [42]:
n = 768
q = 3457
b = 4
w = 22

In [43]:
n = 864
q = 3457
b = 3
w = 9

In [44]:
n = 1152
q = 3457
b = 4
w = 9

In [45]:
print_params(n,q,b,w)

const int16_t zetas[287] = {
	-1033,  2192,   708,   460,  1265,  2990,   727,   556,
	 1307,  2684,  3296,  1200,  1845,   570,  1529,  1135,
	 2901,  1120,   298,  2635,  1901,  3364,  1463,   532,
	 3080,  2548,    58,  3065,  3007,  1722,  1236,  2971,
	 2966,  1888,  2379,    36,  1289,  2014,  1628,  1664,
	 2732,  2505,    99,  2437,   353,  2858,  1119,   592,
	  839,  1622,   652,  1244,  2674,  2372,  2731,   566,
	 3173,  2088,  2165,   268,  3066,   781,  3285,    96,
	 2285,   211,   737,   473,  3012,  3223,   264,  1921,
	 1467,  2781,  1915,  3287,   635,  2752,  2125,  2799,
	  831,  1745,  1311,  1488,  2576,  1087,  2142,  1245,
	 3382,   791,  3451,  2582,  2760,  3387,  2295,   287,
	 2690,  2512,  1598,  2575,  1261,   206,   654,  2036,
	 3376,   716,  2206,   838,  2157,  1035,  3353,   966,
	 2899,  3396,  1753,   404,  2558,   862,  1864,  1997,
	 3420,  1266,   965,  1873,  2053,  3192,  2515,   905,
	 1195,  2838,   787,   118,   576,   286,  1982,  3263,
	 