File Coverage

primality.c

Criterion	Covered	Total	%
statement	600	680	88.2
branch	680	1022	66.5
condition			n/a
subroutine			n/a
pod			n/a
total	1280	1702	75.2

line	stmt	bran	code
1			#include
2			#include
3			#include
4			#include
5
6			#include "ptypes.h"
7			#define FUNC_is_strong_pseudoprime 1
8			#include "primality.h"
9			#include "mulmod.h"
10			#define FUNC_gcd_ui 1
11			#define FUNC_is_perfect_square
12			#include "util.h"
13			#include "montmath.h" /* Fast Montgomery math */
14
15			/* Primality related functions */
16
17			/******************************************************************************/
18
19
20	13344		static int jacobi_iu(IV in, UV m) {
21	13344		int j = 1;
22	13344		UV n = (in < 0) ? -in : in;
23
24	13344	50	if (m <= 0 \|\| (m%2) == 0) return 0;
		50
25	13344	100	if (in < 0 && (m%4) == 3) j = -j;
		100
26	44472	100	while (n != 0) {
27	57740	100	while ((n % 2) == 0) {
28	26612		n >>= 1;
29	26612	100	if ( (m % 8) == 3 \|\| (m % 8) == 5 ) j = -j;
		100
30			}
31	31128		{ UV t = n; n = m; m = t; }
32	31128	100	if ( (n % 4) == 3 && (m % 4) == 3 ) j = -j;
		100
33	31128		n = n % m;
34			}
35	13344	100	return (m == 1) ? j : 0;
36			}
37
38	5894		static UV select_extra_strong_parameters(UV n, UV increment) {
39			int j;
40	5894		UV D, P = 3;
41			while (1) {
42	13060		D = P*P - 4;
43	13060		j = jacobi_iu(D, n);
44	13060	50	if (j == 0) return 0;
45	13060	100	if (j == -1) break;
46	7166	100	if (P == (3+20*increment) && is_perfect_square(n)) return 0;
		50
47	7166		P += increment;
48	7166	50	if (P > 65535)
49	0		croak("lucas_extrastrong_params: P exceeded 65535");
50	7166		}
51	5894	50	if (P >= n) P %= n; /* Never happens with increment < 4 */
52	5894		return P;
53			}
54
55			/* Fermat pseudoprime */
56	86		int is_pseudoprime(UV const n, UV a)
57			{
58	86	50	if (n < 4) return (n == 2 \|\| n == 3);
		0
		0
59	86	100	if (!(n&1) && !(a&1)) return 0;
		50
60	86	50	if (a < 2) croak("Base %"UVuf" is invalid", a);
61	86	50	if (a >= n) {
62	0		a %= n;
63	0	0	if (a <= 1) return (a == 1);
64	0	0	if (a == n-1) return !(a & 1);
65			}
66
67			#if USE_MONTMATH
68	86	100	if (n & 1) { /* The Montgomery code only works for odd n */
69	84		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
70	84	100	const uint64_t monta = (a == 2) ? mont_get2(n) : mont_geta(a, n);
71	84		return mont_powmod(monta, n-1, n) == mont1;
72			}
73			#endif
74	2		return powmod(a, n-1, n) == 1; /* a^(n-1) = 1 mod n */
75			}
76
77			/* Euler (aka Euler-Jacobi) pseudoprime: a^((n-1)/2) = (a\|n) mod n */
78	109		int is_euler_pseudoprime(UV const n, UV a)
79			{
80	109	50	if (n < 5) return (n == 2 \|\| n == 3);
		0
		0
81	109	50	if (!(n&1)) return 0;
82	109	50	if (a < 2) croak("Base %"UVuf" is invalid", a);
83	109	100	if (a > 2) {
84	73	100	if (a >= n) {
85	1		a %= n;
86	1	50	if (a <= 1) return (a == 1);
87	1	50	if (a == n-1) return !(a & 1);
88			}
89	72	50	if ((n % a) == 0) return 0;
90			}
91			{
92			#if USE_MONTMATH
93	108		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
94	108		const uint64_t monta = mont_geta(a, n);
95	108		UV ap = mont_powmod(monta, (n-1)>>1, n);
96	108	100	if (ap != mont1 && ap != n-mont1) return 0;
		50
97	108	100	if (a == 2) {
98	36		uint32_t nmod8 = n & 0x7;
99	36	100	return (nmod8 == 1 \|\| nmod8 == 7) ? (ap == mont1) : (ap == n-mont1);
		100
100			} else {
101	72	100	return (kronecker_uu(a,n) >= 0) ? (ap == mont1) : (ap == n-mont1);
102			}
103			#else
104			UV ap = powmod(a, (n-1)>>1, n);
105			if (ap != 1 && ap != n-1) return 0;
106			if (a == 2) {
107			uint32_t nmod8 = n & 0x7;
108			return (nmod8 == 1 \|\| nmod8 == 7) ? (ap == 1) : (ap == n-1);
109			} else {
110			return (kronecker_uu(a,n) >= 0) ? (ap == 1) : (ap == n-1);
111			}
112			#endif
113			}
114			}
115
116			/* Colin Plumb's extended Euler Criterion test.
117			* A tiny bit (~1 percent) faster than base 2 Fermat or M-R.
118			* More stringent than base 2 Fermat, but a subset of base 2 M-R.
119			*/
120	1195		int is_euler_plumb_pseudoprime(UV const n)
121			{
122			UV ap;
123	1195		uint32_t nmod8 = n & 0x7;
124	1195	50	if (n < 5) return (n == 2 \|\| n == 3);
		0
		0
125	1195	50	if (!(n&1)) return 0;
126			#if USE_MONTMATH
127			{
128	1195		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
129	1195		const uint64_t mont2 = mont_get2(n);
130	1195	100	ap = mont_powmod(mont2, (n-1) >> (1 + (nmod8 == 1)), n);
131	1195	100	if (ap == mont1) return (nmod8 == 1 \|\| nmod8 == 7);
		100
		50
132	770	100	if (ap == n-mont1) return (nmod8 == 1 \|\| nmod8 == 3 \|\| nmod8 == 5);
		100
		100
		50
133			}
134			#else
135			ap = powmod(2, (n-1) >> (1 + (nmod8 == 1)), n);
136			if (ap == 1) return (nmod8 == 1 \|\| nmod8 == 7);
137			if (ap == n-1) return (nmod8 == 1 \|\| nmod8 == 3 \|\| nmod8 == 5);
138			#endif
139	9		return 0;
140			}
141
142			/* Miller-Rabin probabilistic primality test
143			* Returns 1 if probably prime relative to the bases, 0 if composite.
144			* Bases must be between 2 and n-2
145			*/
146	105429		int miller_rabin(UV const n, const UV *bases, int nbases)
147			{
148			#if USE_MONTMATH
149	105429	50	MPUassert(n > 3, "MR called with n <= 3");
150	105429	100	if ((n & 1) == 0) return 0;
151			{
152	105428		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
153	105428		uint64_t a, ma, md, u = n-1;
154	105428		int i, j, t = 0;
155
156	314478	100	while (!(u&1)) { t++; u >>= 1; }
157	151985	100	for (j = 0; j < nbases; j++) {
158	109293		a = bases[j];
159	109293	100	if (a < 2) croak("Base %"UVuf" is invalid", (UV)a);
160	109291	100	if (a >= n) {
161	5425		a %= n;
162	5425	100	if (a == 0 \|\| (a == n-1 && a&1)) return 0;
		100
		50
163			}
164	109285		ma = mont_geta(a,n);
165	109285	100	if (a == 1 \|\| a == n-1 \|\| !ma) continue;
		100
		50
166	109264		md = mont_powmod(ma, u, n);
167	109264	100	if (md != mont1 && md != n-mont1) {
		100
168	155261	100	for (i=1; i
169	92635	50	md = mont_sqrmod(md, n);
170	92635	100	if (md == mont1) return 0;
171	92533	100	if (md == n-mont1) break;
172			}
173	76494	100	if (i == t)
174	62626		return 0;
175			}
176			}
177			}
178			#else
179			UV d = n-1;
180			int b, r, s = 0;
181
182			MPUassert(n > 3, "MR called with n <= 3");
183			if ((n & 1) == 0) return 0;
184
185			while (!(d&1)) { s++; d >>= 1; }
186			for (b = 0; b < nbases; b++) {
187			UV x, a = bases[b];
188			if (a < 2) croak("Base %"UVuf" is invalid", a);
189			if (a >= n) {
190			a %= n;
191			if (a == 0 \|\| (a == n-1 && a&1)) return 0;
192			}
193			if (a == 1 \|\| a == n-1) continue;
194			/* n is a strong pseudoprime to base a if either:
195			* a^d = 1 mod n
196			* a^(d2^r) = -1 mod n for some r: 0 <= r <= s-1
197			*/
198			x = powmod(a, d, n);
199			if ( (x == 1) \|\| (x == n-1) ) continue;
200			for (r = 1; r < s; r++) { /* r=0 was just done, test r = 1 to s-1 */
201			x = sqrmod(x, n);
202			if ( x == n-1 ) break;
203			if ( x == 1 ) return 0;
204			}
205			if (r >= s) return 0;
206			}
207			#endif
208	42692		return 1;
209			}
210
211	8265		int BPSW(UV const n)
212			{
213	8265	50	if (n < 7) return (n == 2 \|\| n == 3 \|\| n == 5);
		0
		0
		0
214	8265	50	if ((n % 2) == 0 \|\| n == UV_MAX) return 0;
		50
215
216			#if !USE_MONTMATH
217			return is_strong_pseudoprime(n, 2)
218			&& is_almost_extra_strong_lucas_pseudoprime(n,1);
219			#else
220			{
221	8265		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
222	8265		const uint64_t mont2 = mont_get2(n);
223	8265		uint64_t md, u = n-1;
224	8265		int i, t = 0;
225			UV P, V, d, s;
226
227			/* M-R with base 2 */
228	24920	100	while (!(u&1)) { t++; u >>= 1; }
229	8265		md = mont_powmod(mont2, u, n);
230	8265	100	if (md != mont1 && md != n-mont1) {
		100
231	10023	100	for (i=1; i
232	6446	100	md = mont_sqrmod(md, n);
233	6446	50	if (md == mont1) return 0;
234	6446	100	if (md == n-mont1) break;
235			}
236	5449	100	if (i == t)
237	3577		return 0;
238			}
239			/* AES Lucas test */
240	4688		P = select_extra_strong_parameters(n, 1);
241	4688	50	if (P == 0) return 0;
242
243	4688		d = n+1;
244	4688		s = 0;
245	14256	100	while ( (d & 1) == 0 ) { s++; d >>= 1; }
246
247			{
248	4688		const uint64_t montP = mont_geta(P, n);
249			UV W, b;
250	4688	100	W = submod( mont_mulmod( montP, montP, n), mont2, n);
251	4688		V = montP;
252	225314	100	{ UV v = d; b = 1; while (v >>= 1) b++; }
253	225314	100	while (b-- > 1) {
254	220626	100	UV T = submod( mont_mulmod(V, W, n), montP, n);
255	220626	100	if ( (d >> (b-1)) & UVCONST(1) ) {
256	117730		V = T;
257	117730	100	W = submod( mont_mulmod(W, W, n), mont2, n);
258			} else {
259	102896		W = T;
260	102896	100	V = submod( mont_mulmod(V, V, n), mont2, n);
261			}
262			}
263			}
264
265	4688	100	if (V == mont2 \|\| V == (n-mont2))
		100
266	2613		return 1;
267	4595	100	while (s-- > 1) {
268	4530	100	if (V == 0)
269	2010		return 1;
270	2520	100	V = submod( mont_mulmod(V, V, n), mont2, n);
271	2520	50	if (V == mont2)
272	0		return 0;
273			}
274			}
275	65		return 0;
276			#endif
277			}
278
279			/* Alternate modular lucas sequence code.
280			* A bit slower than the normal one, but works with even valued n. */
281	1		static void alt_lucas_seq(UV* Uret, UV* Vret, UV* Qkret, UV n, UV Pmod, UV Qmod, UV k)
282			{
283			UV Uh, Vl, Vh, Ql, Qh;
284			int j, s, m;
285
286	1		Uh = 1; Vl = 2; Vh = Pmod; Ql = 1; Qh = 1;
287	1		s = 0; m = 0;
288	1	50	{ UV v = k; while (!(v & 1)) { v >>= 1; s++; } }
289	24	100	{ UV v = k; while (v >>= 1) m++; }
290
291	1	50	if (Pmod == 1 && Qmod == (n-1)) {
		50
292	1		int Sl = Ql, Sh = Qh;
293	24	100	for (j = m; j > s; j--) {
294	23		Sl *= Sh;
295	23	100	Ql = (Sl==1) ? 1 : n-1;
296	23	100	if ( (k >> j) & UVCONST(1) ) {
297	8		Sh = -Sl;
298	8		Uh = mulmod(Uh, Vh, n);
299	8		Vl = submod(mulmod(Vh, Vl, n), Ql, n);
300	8	100	Vh = submod(sqrmod(Vh, n), (Sh==1) ? 2 : n-2, n);
301			} else {
302	15		Sh = Sl;
303	15		Uh = submod(mulmod(Uh, Vl, n), Ql, n);
304	15		Vh = submod(mulmod(Vh, Vl, n), Ql, n);
305	15	100	Vl = submod(sqrmod(Vl, n), (Sl==1) ? 2 : n-2, n);
306			}
307			}
308	1		Sl *= Sh;
309	1	50	Ql = (Sl==1) ? 1 : n-1;
310	1		Uh = submod(mulmod(Uh, Vl, n), Ql, n);
311	1		Vl = submod(mulmod(Vh, Vl, n), Ql, n);
312	1	50	for (j = 0; j < s; j++) {
313	0		Uh = mulmod(Uh, Vl, n);
314	0	0	Vl = submod(sqrmod(Vl, n), (j>0) ? 2 : n-2, n);
315			}
316	1		*Uret = Uh;
317	1		*Vret = Vl;
318	1	50	*Qkret = (s>0)?1:n-1;
319	1		return;
320			}
321
322	0	0	for (j = m; j > s; j--) {
323	0		Ql = mulmod(Ql, Qh, n);
324	0	0	if ( (k >> j) & UVCONST(1) ) {
325	0		Qh = mulmod(Ql, Qmod, n);
326	0		Uh = mulmod(Uh, Vh, n);
327	0		Vl = submod(mulmod(Vh, Vl, n), mulmod(Pmod, Ql, n), n);
328	0		Vh = submod(sqrmod(Vh, n), mulmod(2, Qh, n), n);
329			} else {
330	0		Qh = Ql;
331	0		Uh = submod(mulmod(Uh, Vl, n), Ql, n);
332	0		Vh = submod(mulmod(Vh, Vl, n), mulmod(Pmod, Ql, n), n);
333	0		Vl = submod(sqrmod(Vl, n), mulmod(2, Ql, n), n);
334			}
335			}
336	0		Ql = mulmod(Ql, Qh, n);
337	0		Qh = mulmod(Ql, Qmod, n);
338	0		Uh = submod(mulmod(Uh, Vl, n), Ql, n);
339	0		Vl = submod(mulmod(Vh, Vl, n), mulmod(Pmod, Ql, n), n);
340	0		Ql = mulmod(Ql, Qh, n);
341	0	0	for (j = 0; j < s; j++) {
342	0		Uh = mulmod(Uh, Vl, n);
343	0		Vl = submod(sqrmod(Vl, n), mulmod(2, Ql, n), n);
344	0		Ql = sqrmod(Ql, n);
345			}
346	0		*Uret = Uh;
347	0		*Vret = Vl;
348	0		*Qkret = Ql;
349			}
350
351			/* Generic Lucas sequence for any appropriate P and Q */
352	26319		void lucas_seq(UV* Uret, UV* Vret, UV* Qkret, UV n, IV P, IV Q, UV k)
353			{
354			UV U, V, b, Dmod, Qmod, Pmod, Qk;
355
356	26319	50	MPUassert(n > 1, "lucas_sequence: modulus n must be > 1");
357	26319	100	if (k == 0) {
358	25		*Uret = 0;
359	25		*Vret = 2;
360	25		*Qkret = Q;
361	25		return;
362			}
363
364	26294	100	Qmod = (Q < 0) ? (UV) (Q + (IV)(((-Q/n)+1)*n)) : (UV)Q % n;
365	26294	50	Pmod = (P < 0) ? (UV) (P + (IV)(((-P/n)+1)*n)) : (UV)P % n;
366	26294		Dmod = submod( mulmod(Pmod, Pmod, n), mulmod(4, Qmod, n), n);
367	26294	100	if (Dmod == 0) {
368	13		b = Pmod >> 1;
369	13		*Uret = mulmod(k, powmod(b, k-1, n), n);
370	13		*Vret = mulmod(2, powmod(b, k, n), n);
371	13		*Qkret = powmod(Qmod, k, n);
372	13		return;
373			}
374	26281	100	if ((n % 2) == 0) {
375	1		alt_lucas_seq(Uret, Vret, Qkret, n, Pmod, Qmod, k);
376	1		return;
377			}
378	26280		U = 1;
379	26280		V = Pmod;
380	26280		Qk = Qmod;
381	391336	100	{ UV v = k; b = 0; while (v >>= 1) b++; }
382
383	26280	100	if (Q == 1) {
384	186	100	while (b--) {
385	133		U = mulmod(U, V, n);
386	133		V = mulsubmod(V, V, 2, n);
387	133	100	if ( (k >> b) & UVCONST(1) ) {
388	51		UV t2 = mulmod(U, Dmod, n);
389	51		U = muladdmod(U, Pmod, V, n);
390	51	100	if (U & 1) { U = (n>>1) + (U>>1) + 1; } else { U >>= 1; }
391	51		V = muladdmod(V, Pmod, t2, n);
392	51	100	if (V & 1) { V = (n>>1) + (V>>1) + 1; } else { V >>= 1; }
393			}
394			}
395	52171	100	} else if (P == 1 && Q == -1) {
		100
396			/* This is about 30% faster than the generic code below. Since 50% of
397			* Lucas and strong Lucas tests come here, I think it's worth doing. */
398	25944		int sign = Q;
399	389691	100	while (b--) {
400	363747		U = mulmod(U, V, n);
401	363747	100	if (sign == 1) V = mulsubmod(V, V, 2, n);
402	193981		else V = muladdmod(V, V, 2, n);
403	363747		sign = 1; /* Qk = Qk /
404	363747	100	if ( (k >> b) & UVCONST(1) ) {
405	168054		UV t2 = mulmod(U, Dmod, n);
406	168054		U = addmod(U, V, n);
407	168054	100	if (U & 1) { U = (n>>1) + (U>>1) + 1; } else { U >>= 1; }
408	168054		V = addmod(V, t2, n);
409	168054	100	if (V & 1) { V = (n>>1) + (V>>1) + 1; } else { V >>= 1; }
410	168054		sign = -1; /* Qk = Q /
411			}
412			}
413	25944	100	if (sign == 1) Qk = 1;
414			} else {
415	1459	100	while (b--) {
416	1176		U = mulmod(U, V, n);
417	1176		V = mulsubmod(V, V, addmod(Qk,Qk,n), n);
418	1176		Qk = sqrmod(Qk, n);
419	1176	100	if ( (k >> b) & UVCONST(1) ) {
420	536		UV t2 = mulmod(U, Dmod, n);
421	536		U = muladdmod(U, Pmod, V, n);
422	536	100	if (U & 1) { U = (n>>1) + (U>>1) + 1; } else { U >>= 1; }
423	536		V = muladdmod(V, Pmod, t2, n);
424	536	100	if (V & 1) { V = (n>>1) + (V>>1) + 1; } else { V >>= 1; }
425	536		Qk = mulmod(Qk, Qmod, n);
426			}
427			}
428			}
429	26280		*Uret = U;
430	26280		*Vret = V;
431	26280		*Qkret = Qk;
432			}
433
434			#define OVERHALF(v) ( (UV)((v>=0)?v:-v) > (UVCONST(1) << (BITS_PER_WORD/2-1)) )
435	199		int lucasu(IV* U, IV P, IV Q, UV k)
436			{
437			IV Uh, Vl, Vh, Ql, Qh;
438			int j, s, n;
439
440	199	50	if (U == 0) return 0;
441	199	100	if (k == 0) { *U = 0; return 1; }
442
443	185		Uh = 1; Vl = 2; Vh = P; Ql = 1; Qh = 1;
444	185		s = 0; n = 0;
445	332	100	{ UV v = k; while (!(v & 1)) { v >>= 1; s++; } }
446	588	100	{ UV v = k; while (v >>= 1) n++; }
447
448	441	100	for (j = n; j > s; j--) {
449	256	50	if (OVERHALF(Uh) \|\| OVERHALF(Vh) \|\| OVERHALF(Vl) \|\| OVERHALF(Ql) \|\| OVERHALF(Qh)) return 0;
		50
		50
		50
		50
450	256		Ql *= Qh;
451	256	100	if ( (k >> j) & UVCONST(1) ) {
452	175		Qh = Ql * Q;
453	175		Uh = Uh * Vh;
454	175		Vl = Vh * Vl - P * Ql;
455	175		Vh = Vh * Vh - 2 * Qh;
456			} else {
457	81		Qh = Ql;
458	81		Uh = Uh * Vl - Ql;
459	81		Vh = Vh * Vl - P * Ql;
460	81		Vl = Vl * Vl - 2 * Ql;
461			}
462			}
463	185	50	if (OVERHALF(Ql) \|\| OVERHALF(Qh)) return 0;
		50
464	185		Ql = Ql * Qh;
465	185		Qh = Ql * Q;
466	185	50	if (OVERHALF(Uh) \|\| OVERHALF(Vh) \|\| OVERHALF(Vl) \|\| OVERHALF(Ql) \|\| OVERHALF(Qh)) return 0;
		50
		50
		50
		50
467	185		Uh = Uh * Vl - Ql;
468	185		Vl = Vh * Vl - P * Ql;
469	185		Ql = Ql * Qh;
470	332	100	for (j = 0; j < s; j++) {
471	147	50	if (OVERHALF(Uh) \|\| OVERHALF(Vl) \|\| OVERHALF(Ql)) return 0;
		50
		50
472	147		Uh *= Vl;
473	147		Vl = Vl * Vl - 2 * Ql;
474	147		Ql *= Ql;
475			}
476	185		*U = Uh;
477	185		return 1;
478			}
479	152		int lucasv(IV* V, IV P, IV Q, UV k)
480			{
481			IV Vl, Vh, Ql, Qh;
482			int j, s, n;
483
484	152	50	if (V == 0) return 0;
485	152	100	if (k == 0) { *V = 2; return 1; }
486
487	141		Vl = 2; Vh = P; Ql = 1; Qh = 1;
488	141		s = 0; n = 0;
489	251	100	{ UV v = k; while (!(v & 1)) { v >>= 1; s++; } }
490	445	100	{ UV v = k; while (v >>= 1) n++; }
491
492	335	100	for (j = n; j > s; j--) {
493	194	50	if (OVERHALF(Vh) \|\| OVERHALF(Vl) \|\| OVERHALF(Ql) \|\| OVERHALF(Qh)) return 0;
		50
		50
		50
494	194		Ql *= Qh;
495	194	100	if ( (k >> j) & UVCONST(1) ) {
496	130		Qh = Ql * Q;
497	130		Vl = Vh * Vl - P * Ql;
498	130		Vh = Vh * Vh - 2 * Qh;
499			} else {
500	64		Qh = Ql;
501	64		Vh = Vh * Vl - P * Ql;
502	64		Vl = Vl * Vl - 2 * Ql;
503			}
504			}
505	141	50	if (OVERHALF(Ql) \|\| OVERHALF(Qh)) return 0;
		50
506	141		Ql = Ql * Qh;
507	141		Qh = Ql * Q;
508	141	50	if (OVERHALF(Vh) \|\| OVERHALF(Vl) \|\| OVERHALF(Ql) \|\| OVERHALF(Qh)) return 0;
		50
		50
		50
509	141		Vl = Vh * Vl - P * Ql;
510	141		Ql = Ql * Qh;
511	251	100	for (j = 0; j < s; j++) {
512	110	50	if (OVERHALF(Vl) \|\| OVERHALF(Ql)) return 0;
		50
513	110		Vl = Vl * Vl - 2 * Ql;
514	110		Ql *= Ql;
515			}
516	141		*V = Vl;
517	141		return 1;
518			}
519
520			/* Lucas tests:
521			* 0: Standard
522			* 1: Strong
523			* 2: Stronger (Strong + page 1401 extra tests)
524			* 3: Extra Strong (Mo/Jones/Grantham)
525			*
526			* None of them have any false positives for the BPSW test. Also see the
527			* "almost extra strong" test.
528			*/
529	71		int is_lucas_pseudoprime(UV n, int strength)
530			{
531			IV P, Q, D;
532			UV U, V, Qk, d, s;
533
534	71	100	if (n < 5) return (n == 2 \|\| n == 3);
		50
		0
535	70	100	if ((n % 2) == 0 \|\| n == UV_MAX) return 0;
		50
536
537	65	100	if (strength < 3) {
538	43		UV Du = 5;
539	43		IV sign = 1;
540			int j;
541			while (1) {
542	108		D = Du * sign;
543	108		j = jacobi_iu(D, n);
544	108	100	if (j != 1 && Du != n) break;
		100
545	65	50	if (Du == 21 && is_perfect_square(n)) return 0;
		0
546	65		Du += 2;
547	65		sign = -sign;
548	65		}
549	43	100	if (j != -1) return 0;
550	42		P = 1;
551	42		Q = (1 - D) / 4;
552	42	50	if (strength == 2 && Q == -1) P=Q=D=5; /* Method A* */
		0
553			/* Check gcd(n,2QD). gcd(n,2D) already done. */
554	42	100	Qk = (Q >= 0) ? Q % n : n-(((UV)(-Q)) % n);
555	42	50	if (gcd_ui(Qk,n) != 1) return 0;
556			} else {
557	22		P = select_extra_strong_parameters(n, 1);
558	22	50	if (P == 0) return 0;
559	22		Q = 1;
560	22		D = P*P - 4;
561			}
562	64	50	MPUassert( D == (PP - 4Q) , "is_lucas_pseudoprime: incorrect DPQ");
563
564			#if 0 /* Condition 2, V_n+1 = 2Q mod n */
565			{ UV us, vs, qs; lucas_seq(&us, &vs, &qs, n, P, Q, n+1); return (vs == addmod(Q,Q,n)); }
566			#endif
567			#if 0 /* Condition 3, n is a epsp(Q) */
568			return is_euler_pseudoprime(n,Qk);
569			#endif
570
571	64		d = n+1;
572	64		s = 0;
573	64	100	if (strength > 0)
574	142	100	while ( (d & 1) == 0 ) { s++; d >>= 1; }
575
576			#if USE_MONTMATH
577			{
578	64		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
579	64		const uint64_t mont2 = mont_get2(n);
580	64		const uint64_t montP = (P == 1) ? mont1
581	86	100	: (P >= 0) ? mont_geta(P, n)
582	22	50	: n - mont_geta(-P, n);
583	64		const uint64_t montQ = (Q == 1) ? mont1
584	106	100	: (Q >= 0) ? mont_geta(Q, n)
585	42	100	: n - mont_geta(-Q, n);
586	106		const uint64_t montD = (D >= 0) ? mont_geta(D, n)
587	64	100	: n - mont_geta(-D, n);
588			UV b;
589	999	100	{ UV v = d; b = 0; while (v >>= 1) b++; }
590
591			/* U, V, Qk, and mont* are in Montgomery space */
592	64		U = mont1;
593	64		V = montP;
594
595	102	100	if (Q == 1 \|\| Q == -1) { /* Faster code for \|Q\|=1, also opt for P=1 */
		100
596	38		int sign = Q;
597	610	100	while (b--) {
598	572	50	U = mont_mulmod(U, V, n);
599	572	100	if (sign == 1) V = submod( mont_sqrmod(V,n), mont2, n);
		50
600	101	50	else V = addmod( mont_sqrmod(V,n), mont2, n);
601	572		sign = 1;
602	572	100	if ( (d >> b) & UVCONST(1) ) {
603	238	50	UV t2 = mont_mulmod(U, montD, n);
604	238	100	if (P == 1) {
605	92		U = addmod(U, V, n);
606	92		V = addmod(V, t2, n);
607			} else {
608	146	50	U = addmod( mont_mulmod(U, montP, n), V, n);
609	146	50	V = addmod( mont_mulmod(V, montP, n), t2, n);
610			}
611	238	100	if (U & 1) { U = (n>>1) + (U>>1) + 1; } else { U >>= 1; }
612	238	100	if (V & 1) { V = (n>>1) + (V>>1) + 1; } else { V >>= 1; }
613	238		sign = Q;
614			}
615			}
616	38	100	Qk = (sign == 1) ? mont1 : n-mont1;
617			} else {
618	26		Qk = montQ;
619	389	100	while (b--) {
620	363	50	U = mont_mulmod(U, V, n);
621	363	50	V = submod( mont_sqrmod(V,n), addmod(Qk,Qk,n), n);
622	363	50	Qk = mont_sqrmod(Qk,n);
623	363	100	if ( (d >> b) & UVCONST(1) ) {
624	186	50	UV t2 = mont_mulmod(U, montD, n);
625	186	50	U = addmod( mont_mulmod(U, montP, n), V, n);
626	186	100	if (U & 1) { U = (n>>1) + (U>>1) + 1; } else { U >>= 1; }
627	186	50	V = addmod( mont_mulmod(V, montP, n), t2, n);
628	186	100	if (V & 1) { V = (n>>1) + (V>>1) + 1; } else { V >>= 1; }
629	186	50	Qk = mont_mulmod(Qk, montQ, n);
630			}
631			}
632			}
633
634	64	100	if (strength == 0) {
635	20	50	if (U == 0)
636	20		return 1;
637	44	100	} else if (strength == 1) {
638	22	100	if (U == 0)
639	8		return 1;
640	39	100	while (s--) {
641	36	100	if (V == 0)
642	11		return 1;
643	25	100	if (s) {
644	22	50	V = submod( mont_sqrmod(V,n), addmod(Qk,Qk,n), n);
645	22	50	Qk = mont_sqrmod(Qk,n);
646			}
647			}
648	22	50	} else if (strength == 2) {
649	0		UV Ql = 0, Qj = 0;
650	0		int qjacobi, is_slpsp = 0;
651	0	0	if (U == 0)
652	0		is_slpsp = 1;
653	0	0	while (s--) {
654	0	0	if (V == 0)
655	0		is_slpsp = 1;
656	0		Ql = Qk;
657	0	0	V = submod( mont_sqrmod(V,n), addmod(Qk,Qk,n), n);
658	0	0	Qk = mont_sqrmod(Qk,n);
659			}
660	0	0	if (!is_slpsp) return 0; /* slpsp */
661	0	0	if (V != addmod(montQ,montQ,n)) return 0; /* V_{n+1} != 2Q mod n */
662	0		qjacobi = jacobi_iu(Q,n);
663	0	0	Qj = (qjacobi == 0) ? 0 : (qjacobi == 1) ? montQ : n-montQ;
		0
664	0	0	if (Ql != Qj) return 0; /* n is epsp base Q */
665	0		return 1;
666			} else {
667	22	100	if ( U == 0 && (V == mont2 \|\| V == (n-mont2)) )
		100
		50
668	14		return 1;
669	8		s--;
670	20	50	while (s--) {
671	20	100	if (V == 0)
672	8		return 1;
673	12	50	if (s)
674	12	50	V = submod( mont_sqrmod(V,n), mont2, n);
675			}
676			}
677	3		return 0;
678			}
679			#else
680			lucas_seq(&U, &V, &Qk, n, P, Q, d);
681
682			if (strength == 0) {
683			if (U == 0)
684			return 1;
685			} else if (strength == 1) {
686			if (U == 0)
687			return 1;
688			/* Now check to see if V_{d2^r} == 0 for any 0 <= r < s /
689			while (s--) {
690			if (V == 0)
691			return 1;
692			if (s) {
693			V = mulsubmod(V, V, addmod(Qk,Qk,n), n);
694			Qk = sqrmod(Qk, n);
695			}
696			}
697			} else if (strength == 2) {
698			UV Ql = 0, Qj = 0;
699			UV Qu = (Q >= 0) ? Q % n : n-(((UV)(-Q)) % n);
700			int qjacobi, is_slpsp = 0;
701			if (U == 0)
702			is_slpsp = 1;
703			while (s--) {
704			if (V == 0)
705			is_slpsp = 1;
706			Ql = Qk;
707			V = mulsubmod(V, V, addmod(Qk,Qk,n), n);
708			Qk = sqrmod(Qk, n);
709			}
710			if (!is_slpsp) return 0; /* slpsp */
711			if (V != addmod(Qu,Qu,n)) return 0; /* V_{n+1} != 2Q mod n */
712			qjacobi = jacobi_iu(Q,n);
713			Qj = (qjacobi == 0) ? 0 : (qjacobi == 1) ? Qu : n-Qu;
714			if (Ql != Qj) return 0; /* n is epsp base Q */
715			return 1;
716			} else {
717			if ( U == 0 && (V == 2 \|\| V == (n-2)) )
718			return 1;
719			/* Now check to see if V_{d2^r} == 0 for any 0 <= r < s-1 /
720			s--;
721			while (s--) {
722			if (V == 0)
723			return 1;
724			if (s)
725			V = mulsubmod(V, V, 2, n);
726			}
727			}
728			return 0;
729			#endif
730			}
731
732			/* A generalization of Pari's shortcut to the extra-strong Lucas test.
733			*
734			* This only calculates and tests V, which means less work, but it does result
735			* in a few more pseudoprimes than the full extra-strong test.
736			*
737			* I've added a gcd check at the top, which needs to be done and also results
738			* in fewer pseudoprimes. Pari always does trial division to 100 first so
739			* is unlikely to come up there.
740			*
741			* increment: 1 for Baillie OEIS, 2 for Pari.
742			*
743			* With increment = 1, these results will be a subset of the extra-strong
744			* Lucas pseudoprimes. With increment = 2, we produce Pari's results.
745			*/
746	1184		int is_almost_extra_strong_lucas_pseudoprime(UV n, UV increment)
747			{
748			UV P, V, W, d, s, b;
749
750	1184	50	if (n < 13) return (n == 2 \|\| n == 3 \|\| n == 5 \|\| n == 7 \|\| n == 11);
		0
		0
		0
		0
		0
751	1184	50	if ((n % 2) == 0 \|\| n == UV_MAX) return 0;
		50
752	1184	50	if (increment < 1 \|\| increment > 256)
		50
753	0		croak("Invalid lucas parameter increment: %"UVuf"\n", increment);
754
755			/* Ensure small primes work with large increments. */
756	1184	50	if ( (increment >= 16 && n <= 331) \|\| (increment > 148 && n <= 631) )
		0
		50
		0
757	0		return !!is_prob_prime(n);
758
759	1184		P = select_extra_strong_parameters(n, increment);
760	1184	50	if (P == 0) return 0;
761
762	1184		d = n+1;
763	1184		s = 0;
764	3535	100	while ( (d & 1) == 0 ) { s++; d >>= 1; }
765	19410	100	{ UV v = d; b = 0; while (v >>= 1) b++; }
766
767			#if USE_MONTMATH
768			{
769	1184		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
770	1184		const uint64_t mont2 = mont_get2(n);
771	1184		const uint64_t montP = mont_geta(P, n);
772	1184	50	W = submod( mont_mulmod( montP, montP, n), mont2, n);
773	1184		V = montP;
774	19410	100	while (b--) {
775	18226	50	UV T = submod( mont_mulmod(V, W, n), montP, n);
776	18226	100	if ( (d >> b) & UVCONST(1) ) {
777	9373		V = T;
778	9373	50	W = submod( mont_mulmod(W, W, n), mont2, n);
779			} else {
780	8853		W = T;
781	8853	50	V = submod( mont_mulmod(V, V, n), mont2, n);
782			}
783			}
784
785	1184	100	if (V == mont2 \|\| V == (n-mont2))
		100
786	684		return 1;
787	500		s--;
788	1077	50	while (s--) {
789	1077	100	if (V == 0)
790	500		return 1;
791	577	50	if (s)
792	577	50	V = submod( mont_mulmod(V, V, n), mont2, n);
793			}
794	0		return 0;
795			}
796			#else
797			W = mulsubmod(P, P, 2, n);
798			V = P;
799			while (b--) {
800			UV T = mulsubmod(V, W, P, n);
801			if ( (d >> b) & UVCONST(1) ) {
802			V = T;
803			W = mulsubmod(W, W, 2, n);
804			} else {
805			W = T;
806			V = mulsubmod(V, V, 2, n);
807			}
808			}
809			if (V == 2 \|\| V == (n-2))
810			return 1;
811			while (s-- > 1) {
812			if (V == 0)
813			return 1;
814			V = mulsubmod(V, V, 2, n);
815			if (V == 2)
816			return 0;
817			}
818			return 0;
819			#endif
820			}
821
822
823			typedef struct {
824			unsigned short div;
825			unsigned short period;
826			unsigned short offset;
827			} _perrin;
828			#define NPERRINDIV 19
829			/* 1112 mask bytes */
830			static const uint32_t _perrinmask[] = {22,523,514,65890,8519810,130,4259842,0,526338,2147483904U,1644233728,1,8194,1073774592,1024,134221824,128,512,181250,2048,0,1,134217736,1049600,524545,2147500288U,0,524290,536870912,32768,33554432,2048,0,2,2,256,65536,64,536875010,32768,256,64,0,32,1073741824,0,1048576,1048832,371200000,0,0,536887552,32,2147487744U,2097152,32768,1024,0,1024,536870912,128,512,0,0,512,0,2147483650U,45312,128,0,8388640,0,8388608,8388608,0,2048,4096,92800000,262144,0,65536,4,0,4,4,4194304,8388608,1075838976,536870956,0,134217728,8192,0,8192,8192,0,2,0,268435458,134223392,1073741824,268435968,2097152,67108864,0,8192,1073741840,0,0,128,0,0,512,1450000,8,131136,536870928,0,4,2097152,4096,64,0,32768,0,0,131072,371200000,2048,33570816,4096,32,1024,536870912,1048576,16384,0,8388608,0,0,0,2,512,0,128,0,134217728,2,32,0,0,0,0,8192,0,1073742080,536870912,0,4096,16777216,526336,32,0,65536,33554448,708,67108864,2048,0,0,536870912,0,536870912,33554432,33554432,2147483648U,512,64,0,1074003968,512,0,524288,0,0,0,67108864,524288,1048576,0,131076,0,33554432,131072,0,2,8390656,16384,16777216,134217744,0,131104,0,2,32768,0,0,0,1450000,32768,0,0,0,0,0,16,0,1024,16400,1048576,32,1024,0,260,536870912,269484032,0,16384,0,524290,0,0,512,65536,0,0,0,134217732,0,67108880,536887296,0,0,32,0,65568,0,524288,2147483648U,0,4096,4096,134217984,268500992,0,33554432,131072,0,0,0,16777216,0,0,0,0,0,524288,0,0,67108864,0,0,2,0,2,32,1024,0};
831			static _perrin _perrindata[NPERRINDIV] = {
832			{2, 7, 0},
833			{3, 13, 1},
834			{4, 14, 2},
835			{5, 24, 3},
836			{7, 48, 4},
837			{9, 39, 6},
838			{11, 120, 8},
839			{13, 183, 12},
840			{17, 288, 18},
841			{19, 180, 27},
842			{23, 22, 33},
843			{25, 120, 34},
844			{29, 871, 38},
845			{31, 993, 66},
846			{37, 1368, 98},
847			{41, 1723, 141},
848			{43, 231, 195},
849			{47, 2257, 203},
850			{223, 111, 274}
851			};
852
853			/* Calculate signature using the doubling rule from Adams and Shanks 1982 */
854	20		static void calc_perrin_sig(UV* S, UV n) {
855			#if USE_MONTMATH
856	20		uint64_t npi = 0, mont1;
857			int i;
858			#endif
859			UV T[6], T01, T34, T45;
860			int b;
861
862			/* Signature for n = 1 */
863	20		S[0] = 1; S[1] = n-1; S[2] = 3; S[3] = 3; S[4] = 0; S[5] = 2;
864	20	50	if (n <= 1) return;
865
866			#if USE_MONTMATH
867	20	100	if ( (n&1) ) {
868	18		npi = mont_inverse(n);
869	18		mont1 = mont_get1(n);
870	18		S[0] = mont1; S[1] = n-mont1; S[5] = addmod(mont1,mont1,n);
871	18		S[2] = addmod(S[5],mont1,n); S[3] = S[2];
872			}
873			#endif
874
875			/* Bits in n */
876	625	100	{ UV v = n; b = 1; while (v >>= 1) b++; }
877
878	625	100	while (b-- > 1) {
879			/* Double */
880			#if USE_MONTMATH
881	605	100	if (n&1) {
882	558	50	T[0] = submod(submod(mont_sqrmod(S[0],n), S[5],n), S[5],n);
883	558	50	T[1] = submod(submod(mont_sqrmod(S[1],n), S[4],n), S[4],n);
884	558	50	T[2] = submod(submod(mont_sqrmod(S[2],n), S[3],n), S[3],n);
885	558	50	T[3] = submod(submod(mont_sqrmod(S[3],n), S[2],n), S[2],n);
886	558	50	T[4] = submod(submod(mont_sqrmod(S[4],n), S[1],n), S[1],n);
887	558	50	T[5] = submod(submod(mont_sqrmod(S[5],n), S[0],n), S[0],n);
888			} else
889			#endif
890			{
891	47		T[0] = submod(submod(sqrmod(S[0],n), S[5],n), S[5],n);
892	47		T[1] = submod(submod(sqrmod(S[1],n), S[4],n), S[4],n);
893	47		T[2] = submod(submod(sqrmod(S[2],n), S[3],n), S[3],n);
894	47		T[3] = submod(submod(sqrmod(S[3],n), S[2],n), S[2],n);
895	47		T[4] = submod(submod(sqrmod(S[4],n), S[1],n), S[1],n);
896	47		T[5] = submod(submod(sqrmod(S[5],n), S[0],n), S[0],n);
897			}
898			/* Move to S, filling in */
899	605		T01 = submod(T[2], T[1], n);
900	605		T34 = submod(T[5], T[4], n);
901	605		T45 = addmod(T34, T[3], n);
902	605	100	if ( (n >> (b-1)) & 1U ) {
903	281		S[0] = T[0]; S[1] = T01; S[2] = T[1];
904	281		S[3] = T[4]; S[4] = T45; S[5] = T[5];
905			} else {
906	324		S[0] = T01; S[1] = T[1]; S[2] = addmod(T01,T[0],n);
907	324		S[3] = T34; S[4] = T[4]; S[5] = T45;
908			}
909			}
910			#if USE_MONTMATH
911	20	100	if (n&1) { /* Recover result from Montgomery form */
912	128	100	for (i = 0; i < 6; i++)
913	108	50	S[i] = mont_recover(S[i],n);
914			}
915			#endif
916			}
917
918	20		int is_perrin_pseudoprime(UV n, int restricted)
919			{
920			int jacobi, i;
921			UV S[6];
922
923	20	50	if (n < 3) return (n >= 2);
924	20	100	if (!(n&1) && restricted > 2) return 0; /* Odds only for restrict > 2 */
		50
925
926			/* Hard code the initial tests. 60% of composites caught by 4 tests. */
927			{
928	20		uint32_t n32 = n % 10920;
929	20	100	if (!(n32&1) && !(( 22 >> (n32% 7)) & 1)) return 0;
		50
930	20	50	if (!(n32%3) && !(( 523 >> (n32%13)) & 1)) return 0;
		0
931	20	100	if (!(n32%5) && !((65890 >> (n32%24)) & 1)) return 0;
		50
932	20	50	if (!(n32%4) && !(( 514 >> (n32%14)) & 1)) return 0;
		0
933			}
934	320	100	for (i = 4; i < NPERRINDIV; i++) {
935	300	100	if ((n % _perrindata[i].div) == 0) {
936	12		const uint32_t *mask = _perrinmask + _perrindata[i].offset;
937	12		unsigned short mod = n % _perrindata[i].period;
938	12	50	if (!((mask[mod/32] >> (mod%32)) & 1))
939	0		return 0;
940			}
941			}
942			/* Depending on which filters are used, 10-20% of composites are left. */
943
944	20		calc_perrin_sig(S, n);
945
946	20	50	if (S[4] != 0) return 0; /* P(n) = 0 mod n */
947	20	100	if (restricted == 0) return 1;
948
949	5	100	if (S[1] != n-1) return 0; /* P(-n) = -1 mod n */
950	4	100	if (restricted == 1) return 1;
951
952			/* Full restricted test looks for an acceptable signature.
953			*
954			* restrict = 2 is Adams/Shanks without quadratic form test
955			*
956			* restrict = 3 is Arno or Grantham: No qform, also reject mults of 2 and 23
957			*
958			* See:
959			* Adams/Shanks 1982 pages 257-261
960			* Arno 1991 pages 371-372
961			* Grantham 2000 pages 5-6
962			*/
963
964	3		jacobi = kronecker_su(-23,n);
965
966	3	100	if (jacobi == -1) { /* Q-type */
967
968	1		UV B = S[2], B2 = sqrmod(B,n);
969	1		UV A = submod(addmod(1,mulmod(B,3,n),n),B2,n);
970	1		UV C = submod(mulmod(B2,3,n),2,n);
971	1	50	if (S[0] == A && S[2] == B && S[3] == B && S[5] == C &&
		50
		50
		50
		0
972	0	0	B != 3 && submod(mulmod(B2,B,n),B,n) == 1) {
973	0	0	MPUverbose(2, "%"UVuf" Q-Type %"UVuf" -1 %"UVuf" %"UVuf" 0 %"UVuf"\n", n, A, B, B, C);
974	1		return 1;
975			}
976
977			} else { /* S-Type or I-Type */
978
979	2	50	if (jacobi == 0 && n != 23 && restricted > 2) {
		50
		100
980	1	50	MPUverbose(2, "%"UVuf" Jacobi %d\n",n,jacobi);
981	1		return 0; /* Adams/Shanks allows (-23\|n) = 0 for S-Type */
982			}
983
984	1	50	if (S[0] == 1 && S[2] == 3 && S[3] == 3 && S[5] == 2) {
		50
		50
		50
985	1	50	MPUverbose(2, "%"UVuf" S-Type 1 -1 3 3 0 2\n",n);
986	1		return 1;
987	0	0	} else if (S[0] == 0 && S[5] == n-1 && S[2] != S[3] &&
		0
988	0	0	addmod(S[2],S[3],n) == n-3 && sqrmod(submod(S[2],S[3],n),n) == n-(23%n)) {
989	0	0	MPUverbose(2, "%"UVuf" I-Type 0 -1 %"UVuf" %"UVuf" 0 -1\n",n, S[2], S[3]);
990	0		return 1;
991			}
992
993			}
994	1	50	MPUverbose(2, "%"UVuf" ? %2d ? %"UVuf" -1 %"UVuf" %"UVuf" 0 %"UVuf"\n", n, jacobi, S[0],S[2],S[3],S[5]);
995	20		return 0;
996			}
997
998	28		int is_frobenius_pseudoprime(UV n, IV P, IV Q)
999			{
1000			UV U, V, Qk, Vcomp;
1001	28		int k = 0;
1002			IV D;
1003			UV Du, Pu, Qu;
1004
1005	28	50	if (n < 7) return (n == 2 \|\| n == 3 \|\| n == 5);
		0
		0
		0
1006	28	50	if ((n % 2) == 0 \|\| n == UV_MAX) return 0;
		50
1007
1008	28	50	if (P == 0 && Q == 0) {
		0
1009	0		P = -1; Q = 2;
1010	0	0	if (n == 7) P = 1; /* So we don't test kronecker(-7,7) */
1011			do {
1012	0		P += 2;
1013	0	0	if (P == 3) P = 5; /* P=3,Q=2 -> D=9-8=1 => k=1, so skip */
1014	0		D = PP-4Q;
1015	0		Du = D >= 0 ? D : -D;
1016	0		k = kronecker_su(D, n);
1017	0	0	if (P == 10001 && is_perfect_square(n)) return 0;
		0
1018	0	0	} while (k == 1);
1019	0	0	if (k == 0) return 0;
1020			/* D=P^2-8 will not be a perfect square */
1021	0	0	MPUverbose(1, "%"UVuf" Frobenius (%"IVdf",%"IVdf") : x^2 - %"IVdf"x + %"IVdf"\n", n, P, Q, P, Q);
1022	0		Vcomp = 4;
1023			} else {
1024	28		D = PP-4Q;
1025	28		Du = D >= 0 ? D : -D;
1026	28	100	if (D != 5 && is_perfect_square(Du))
		50
1027	0		croak("Frobenius invalid P,Q: (%"IVdf",%"IVdf")", P, Q);
1028			}
1029	28		Pu = (P >= 0 ? P : -P) % n;
1030	28		Qu = (Q >= 0 ? Q : -Q) % n;
1031
1032	28		Qk = gcd_ui(n, PuQuDu);
1033	28	50	if (Qk != 1) {
1034	0	0	if (Qk == n) return !!is_prob_prime(n);
1035	0		return 0;
1036			}
1037	28	50	if (k == 0) {
1038	28		k = kronecker_su(D, n);
1039	28	50	if (k == 0) return 0;
1040	28	100	if (k == 1) {
1041	24		Vcomp = 2;
1042			} else {
1043	4		Qu = addmod(Qu,Qu,n);
1044	4	50	Vcomp = (Q >= 0) ? Qu : n-Qu;
1045			}
1046			}
1047
1048	28		lucas_seq(&U, &V, &Qk, n, P, Q, n-k);
1049			/* MPUverbose(1, "%"UVuf" Frobenius U = %"UVuf" V = %"UVuf"\n", n, U, V); */
1050	28	50	if (U == 0 && V == Vcomp) return 1;
		50
1051	28		return 0;
1052			}
1053
1054			/*
1055			* Khashin, July 2018, https://arxiv.org/pdf/1807.07249.pdf
1056			* "Evaluation of the Effectiveness of the Frobenius Primality Test"
1057			*
1058			* See also the earlier https://arxiv.org/abs/1307.7920
1059			* "Counterexamples for Frobenius primality test"
1060			*
1061			* 1. select c as first in [-1,2,3,4,5,6,...] where (c\|n)=-1
1062			* 2. Check this holds:
1063			* (2+sqrt(c)^n = 2-sqrt(c) mod n for c = -1,2
1064			* (1+sqrt(c)^n = 1-sqrt(c) mod n for c = 3,4,5,6,...
1065			*
1066			* The paper claims there are no 64-bit counterexamples.
1067			*/
1068	102		int is_frobenius_khashin_pseudoprime(UV n)
1069			{
1070	102		int k = 2;
1071	102		UV ea, ra, rb, a, b, d = n-1, c = 1;
1072
1073	102	50	if (n < 7) return (n == 2 \|\| n == 3 \|\| n == 5);
		0
		0
		0
1074	102	50	if ((n % 2) == 0 \|\| n == UV_MAX) return 0;
		50
1075	102	50	if (is_perfect_square(n)) return 0;
1076
1077	102	100	if (n % 4 == 3) c = d;
1078	53	100	else if (n % 8 == 5) c = 2;
1079			else
1080			do { /* c = first odd prime where (c\|n)=-1 */
1081	48		c += 2;
1082	48	100	if (c==9 \|\| (c>=15 && (!(c%3) \|\| !(c%5) \|\| !(c%7) \|\| !(c%11) \|\| !(c%13))))
		50
		0
		0
		0
		0
		0
1083	1		continue;
1084	47		k = kronecker_uu(c, n);
1085	48	100	} while (k == 1);
1086	102	100	if (k == 0 \|\| (k == 2 && n % 3 == 0)) return 0;
		100
		100
1087
1088			#if USE_MONTMATH
1089			{
1090	63		const uint64_t npi = mont_inverse(n);
1091	63		const uint64_t mont1 = mont_get1(n);
1092	63		const uint64_t montc = mont_geta(c, n);
1093	63	100	ra = a = ea = (k == 2) ? mont_get2(n) : mont1;
1094	63		rb = b = mont1;
1095	1985	100	while (d) {
1096	1922	100	if (d & 1) {
1097	921		UV ta=ra, tb=rb;
1098	921	50	ra = addmod( mont_mulmod(ta,a,n), mont_mulmod(mont_mulmod(tb,b,n),montc,n), n );
		0
		50
		50
1099	921	50	rb = addmod( mont_mulmod(tb,a,n), mont_mulmod(ta,b,n), n);
		50
1100			}
1101	1922		d >>= 1;
1102	1922	100	if (d) {
1103	1859	50	UV t = mont_mulmod(mont_mulmod(b,b,n),montc,n);
		0
		50
1104	1859	50	b = mont_mulmod(b,a,n);
1105	1859		b = addmod(b,b,n);
1106	1859	50	a = addmod(mont_mulmod(a,a,n),t,n);
1107			}
1108			}
1109	63	100	return (ra == ea && rb == n-mont1);
		50
1110			}
1111			#else
1112			ra = a = ea = (k == 2) ? 2 : 1;
1113			rb = b = 1;
1114			while (d) {
1115			if (d & 1) {
1116			/* This is faster than the 3-mulmod 5-addmod version */
1117			UV ta=ra, tb=rb;
1118			ra = addmod( mulmod(ta,a,n), mulmod(mulmod(tb,b,n),c,n), n );
1119			rb = addmod( mulmod(tb,a,n), mulmod(ta,b,n), n);
1120			}
1121			d >>= 1;
1122			if (d) {
1123			UV t = mulmod(sqrmod(b,n),c,n);
1124			b = mulmod(b,a,n);
1125			b = addmod(b,b,n);
1126			a = addmod(sqrmod(a,n),t,n);
1127			}
1128			}
1129			return (ra == ea && rb == n-1);
1130			#endif
1131			}
1132
1133			/*
1134			* The Frobenius-Underwood test has no known counterexamples below 2^50, but
1135			* has not been extensively tested above that. This is the Minimal Lambda+2
1136			* test from section 9 of "Quadratic Composite Tests" by Paul Underwood.
1137			*
1138			* It is generally slower than the AES Lucas test, but for large values is
1139			* competitive with the BPSW test. Since our BPSW is known to have no
1140			* counterexamples under 2^64, while the results of this test are unknown,
1141			* it is mainly useful for numbers larger than 2^64 as an additional
1142			* non-correlated test.
1143			*/
1144	102		int is_frobenius_underwood_pseudoprime(UV n)
1145			{
1146			int j, bit;
1147			UV x, result, a, b, np1, len, t1;
1148			IV t;
1149
1150	102	50	if (n < 7) return (n == 2 \|\| n == 3 \|\| n == 5);
		0
		0
		0
1151	102	50	if ((n % 2) == 0 \|\| n == UV_MAX) return 0;
		50
1152
1153	200	50	for (x = 0; x < 1000000; x++) {
1154	200	100	if (x==2 \|\| x==4 \|\| x==7 \|\| x==8 \|\| x==10 \|\| x==14 \|\| x==16 \|\| x==18)
		100
		100
		100
		50
		50
		50
		50
1155	24		continue;
1156	176		t = (IV)(x*x) - 4;
1157	176		j = jacobi_iu(t, n);
1158	176	100	if (j == -1) break;
1159	90	100	if (j == 0 \|\| (x == 20 && is_perfect_square(n)))
		50
		0
1160	16		return 0;
1161			}
1162	86	50	if (x >= 1000000) croak("FU test failure, unable to find suitable a");
1163	86		t1 = gcd_ui(n, (x+4)(2x+5));
1164	86	100	if (t1 != 1 && t1 != n)
		50
1165	18		return 0;
1166	68		np1 = n+1;
1167	2072	100	{ UV v = np1; len = 1; while (v >>= 1) len++; }
1168
1169			#if USE_MONTMATH
1170			{
1171	68		const uint64_t npi = mont_inverse(n), mont1 = mont_get1(n);
1172	68		const uint64_t mont2 = mont_get2(n);
1173	68		const uint64_t mont5 = mont_geta(5, n);
1174
1175	68		x = mont_geta(x, n);
1176	68		a = mont1;
1177	68		b = mont2;
1178
1179	68	100	if (x == 0) {
1180	37		result = mont5;
1181	1134	100	for (bit = len-2; bit >= 0; bit--) {
1182	1097		t1 = addmod(b, b, n);
1183	1097	50	b = mont_mulmod(submod(b, a, n), addmod(b, a, n), n);
1184	1097	50	a = mont_mulmod(a, t1, n);
1185	1097	100	if ( (np1 >> bit) & UVCONST(1) ) {
1186	507		t1 = b;
1187	507		b = submod( addmod(b, b, n), a, n);
1188	507		a = addmod( addmod(a, a, n), t1, n);
1189			}
1190			}
1191			} else {
1192	31		UV multiplier = addmod(x, mont2, n);
1193	31		result = addmod( addmod(x, x, n), mont5, n);
1194	938	100	for (bit = len-2; bit >= 0; bit--) {
1195	907	50	t1 = addmod( mont_mulmod(a, x, n), addmod(b, b, n), n);
1196	907	50	b = mont_mulmod(submod(b, a, n), addmod(b, a, n), n);
1197	907	50	a = mont_mulmod(a, t1, n);
1198	907	100	if ( (np1 >> bit) & UVCONST(1) ) {
1199	419		t1 = b;
1200	419		b = submod( addmod(b, b, n), a, n);
1201	419	50	a = addmod( mont_mulmod(a, multiplier, n), t1, n);
1202			}
1203			}
1204			}
1205	68	100	return (a == 0 && b == result);
		50
1206			}
1207			#else
1208			a = 1;
1209			b = 2;
1210
1211			if (x == 0) {
1212			result = 5;
1213			for (bit = len-2; bit >= 0; bit--) {
1214			t1 = addmod(b, b, n);
1215			b = mulmod( submod(b, a, n), addmod(b, a, n), n);
1216			a = mulmod(a, t1, n);
1217			if ( (np1 >> bit) & UVCONST(1) ) {
1218			t1 = b;
1219			b = submod( addmod(b, b, n), a, n);
1220			a = addmod( addmod(a, a, n), t1, n);
1221			}
1222			}
1223			} else {
1224			UV multiplier = addmod(x, 2, n);
1225			result = addmod( addmod(x, x, n), 5, n);
1226			for (bit = len-2; bit >= 0; bit--) {
1227			t1 = addmod( mulmod(a, x, n), addmod(b, b, n), n);
1228			b = mulmod(submod(b, a, n), addmod(b, a, n), n);
1229			a = mulmod(a, t1, n);
1230			if ( (np1 >> bit) & UVCONST(1) ) {
1231			t1 = b;
1232			b = submod( addmod(b, b, n), a, n);
1233			a = addmod( mulmod(a, multiplier, n), t1, n);
1234			}
1235			}
1236			}
1237
1238			MPUverbose(2, "%"UVuf" is %s with x = %"UVuf"\n", n, (a == 0 && b == result) ? "probably prime" : "composite", x);
1239			if (a == 0 && b == result)
1240			return 1;
1241			return 0;
1242			#endif
1243			}
1244
1245			/* We have a native-UV Lucas-Lehmer test with simple pretest. If 2^p-1 is
1246			* prime but larger than a UV, we'll have to bail, and they'll run the nice
1247			* GMP version. However, they're just asking if this is a Mersenne prime, and
1248			* there are millions of CPU years that have gone into enumerating them, so
1249			* instead we'll use a table. */
1250			#define NUM_KNOWN_MERSENNE_PRIMES 50
1251			static const uint32_t _mersenne_primes[NUM_KNOWN_MERSENNE_PRIMES] = {2,3,5,7,13,17,19,31,61,89,107,127,521,607,1279,2203,2281,3217,4253,4423,9689,9941,11213,19937,21701,23209,44497,86243,110503,132049,216091,756839,859433,1257787,1398269,2976221,3021377,6972593,13466917,20996011,24036583,25964951,30402457,32582657,37156667,42643801,43112609,57885161,74207281,77232917};
1252			#define LAST_CHECKED_MERSENNE 45313991
1253	2282		int is_mersenne_prime(UV p)
1254			{
1255			int i;
1256	115668	100	for (i = 0; i < NUM_KNOWN_MERSENNE_PRIMES; i++)
1257	113403	100	if (p == _mersenne_primes[i])
1258	17		return 1;
1259	2265	50	return (p < LAST_CHECKED_MERSENNE) ? 0 : -1;
1260			}
1261	0		int lucas_lehmer(UV p)
1262			{
1263			UV k, V, mp;
1264
1265	0	0	if (p == 2) return 1;
1266	0	0	if (!is_prob_prime(p)) return 0;
1267	0	0	if (p > BITS_PER_WORD) croak("lucas_lehmer with p > BITS_PER_WORD");
1268	0		V = 4;
1269	0		mp = UV_MAX >> (BITS_PER_WORD - p);
1270	0	0	for (k = 3; k <= p; k++) {
1271	0		V = mulsubmod(V, V, 2, mp);
1272			}
1273	0		return (V == 0);
1274			}
1275
1276			/******************************************************************************/
1277
1278			/* Hashing similar to Forišek and Jančina 2015, trial with 2/3/5/7/11. */
1279			static const uint16_t mr_bases_hash32[256] = {
1280			446,1150,304,24041,1595,15524,1743,6698,1724,2427,1088,7349,504,995,6399,2013,598,3314,3367,1930,3006,1845,2079,1843,694,2502,6957,1053,585,626,789,2115,1109,1105,3702,783,1324,2239,1553,5609,515,548,1371,2637,8606,532,3556,831,587,862,1355,501,6358,317,2585,12311,6181,145,3839,2976,2674,8124,2147,19598,8051,1178,3159,6184,9867,1954,7857,602,5023,5113,3152,4583,2361,101,464,1860,1862,5185,1368,15885,368,1068,307,12626,18646,26337,569,1690,551,1782,226,3235,1158,24247,8361,1719,56,14647,1687,1920,8109,6090,1725,1248,536,2869,1047,2512,13510,1026,250,1867,3694,2379,5175,2235,5885,5107,1079,290,2121,20729,1329,2168,34,15326,3226,2989,2313,710,4333,7861,166,11650,10876,777,30291,746,1278,6347,7751,179,2351,16695,1615,3575,5772,11790,5203,591,1354,12303,3827,702,7,5607,4246,440,566,1997,7315,1241,1193,2324,1530,1423,1664,16705,2012,6305,2410,39,1361,6440,1507,3065,1807,5486,19498,8599,9338,1522,238,1226,8103,15634,3559,3288,2898,21063,287,1011,4457,563,7654,5738,1621,3907,117,442,1124,12921,16838,164,41,313,1692,1574,1091,2804,1160,1263,4611,8508,3790,20765,3894,1304,1344,7628,10955,1045,7760,973,103,1621,10479,4064,5553,272,2213,1989,2074,2137,5201,1391,924,227,911,22969,3802,212,1391,1213,7517,4931,7789,3303,10669,137,4129,2734
1281			};
1282
1283	77962		int MR32(uint32_t n) {
1284	77962		uint32_t x = n;
1285
1286	77962	100	if (x < 13) return (x == 2 \|\| x == 3 \|\| x == 5 \|\| x == 7 \|\| x == 11);
		50
		50
		50
		100
		50
1287	77958	50	if (!(x&1) \|\| !(x%3) \|\| !(x%5) \|\| !(x%7) \|\| !(x%11) ) return 0;
		50
		50
		100
		100
1288
1289	77802		x = (((x >> 16) ^ x) * 0x45d9f3b) & 0xFFFFFFFFUL;
1290	77802		x = ((x >> 16) ^ x) & 255;
1291	77802		return is_strong_pseudoprime(n, mr_bases_hash32[x]);
1292			}
1293
1294			/******************************************************************************/
1295
1296	240205		int is_prob_prime(UV n)
1297			{
1298	240205	100	if (n < 11) {
1299	6363	50	if (n == 2 \|\| n == 3 \|\| n == 5 \|\| n == 7) return 2;
		100
		100
		100
1300	201		else return 0;
1301			}
1302
1303			#if BITS_PER_WORD == 64
1304	233842	100	if (n > UVCONST(4294967295)) { /* input is >= 2^32, UV is 64-bit*/
1305	3524	100	if (!(n%2) \|\| !(n%3) \|\| !(n%5) \|\| !(n%7)) return 0;
		100
		100
		100
1306	1914	100	if (!(n%11) \|\| !(n%13) \|\| !(n%17) \|\| !(n%19) \|\|
		100
		100
		100
		100
1307	1447	100	!(n%23) \|\| !(n%29) \|\| !(n%31) \|\| !(n%37) \|\|
		100
		100
		100
1308	1914	100	!(n%41) \|\| !(n%43) \|\| !(n%47) \|\| !(n%53)) return 0;
		100
		100
1309	1240	100	if (!(n%59) \|\| !(n%61) \|\| !(n%67) \|\| !(n%71)) return 0;
		100
		100
		100
1310	1175	100	if (!(n%73) \|\| !(n%79) \|\| !(n%83) \|\| !(n%89)) return 0;
		100
		100
		100
1311			/* AESLSP test costs about 1.5 Selfridges, vs. ~2.2 for strong Lucas.
1312			* This makes the full BPSW test cost about 2.5x M-R tests for a prime. */
1313	1130		return 2*BPSW(n);
1314			} else {
1315			#else
1316			{
1317			#endif
1318	230318		uint32_t x = n;
1319	230318	100	if (!(x%2) \|\| !(x%3) \|\| !(x%5) \|\| !(x%7)) return 0;
		100
		100
		100
1320	122980	100	if (x < 121) /* 1111 / return 2;
1321	120095	100	if (!(x%11) \|\| !(x%13) \|\| !(x%17) \|\| !(x%19) \|\|
		100
		100
		100
		100
1322	90726	100	!(x%23) \|\| !(x%29) \|\| !(x%31) \|\| !(x%37) \|\|
		100
		100
		100
1323	120095	100	!(x%41) \|\| !(x%43) \|\| !(x%47) \|\| !(x%53)) return 0;
		100
		100
1324	76279	100	if (x < 3481) /* 5959 / return 2;
1325			/* Trial division crossover point depends on platform */
1326			if (!USE_MONTMATH && n < 200000) {
1327			uint32_t f = 59;
1328			uint32_t limit = isqrt(n);
1329			while (f <= limit) {
1330			{ if ((x%f) == 0) return 0; } f += 2;
1331			{ if ((x%f) == 0) return 0; } f += 6;
1332			{ if ((x%f) == 0) return 0; } f += 4;
1333			{ if ((x%f) == 0) return 0; } f += 2;
1334			{ if ((x%f) == 0) return 0; } f += 4;
1335			{ if ((x%f) == 0) return 0; } f += 2;
1336			{ if ((x%f) == 0) return 0; } f += 4;
1337			{ if ((x%f) == 0) return 0; } f += 6;
1338			}
1339			return 2;
1340			}
1341	62580		return 2*MR32(x);
1342			}
1343			}