for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2016 Spomky-Labs
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Util;
class BigInteger
{
const MONTGOMERY = 0;
const BARRETT = 1;
const POWEROF2 = 2;
const CLASSIC = 3;
const NONE = 4;
/**#@+
* Array constants
* Rather than create a thousands and thousands of new BigInteger objects in repeated function calls to add() and
* multiply() or whatever, we'll just work directly on arrays, taking them in as parameters and returning them.
/**
* $result[self::VALUE] contains the value.
const VALUE = 0;
* $result[self::SIGN] contains the sign.
const SIGN = 1;
/**#@-*/
* Cache constants.
* $cache[self::VARIABLE] tells us whether or not the cached data is still valid.
const VARIABLE = 0;
* $cache[self::DATA] contains the cached data.
const DATA = 1;
* Mode constants.
* To use the pure-PHP implementation.
const MODE_INTERNAL = 1;
* To use the BCMath library.
* (if enabled; otherwise, the internal implementation will be used)
const MODE_BCMATH = 2;
* To use the GMP library.
* (if present; otherwise, either the BCMath or the internal implementation will be used)
const MODE_GMP = 3;
* Karatsuba Cutoff.
* At what point do we switch between Karatsuba multiplication and schoolbook long multiplication?
const KARATSUBA_CUTOFF = 25;
* Static properties used by the pure-PHP implementation.
* @see __construct()
protected static $base;
protected static $baseFull;
protected static $maxDigit;
protected static $msb;
* $max10 in greatest $max10Len satisfying
* $max10 = 10**$max10Len <= 2**$base.
protected static $max10;
* $max10Len in greatest $max10Len satisfying
protected static $max10Len;
protected static $maxDigit2;
* Holds the BigInteger's value.
* @var array
private $value;
* Holds the BigInteger's magnitude.
* @var bool
private $is_negative = false;
* Precision.
private $precision = -1;
* Precision Bitmask.
private $bitmask = false;
* Mode independent value used for serialization.
* If the bcmath or gmp extensions are installed $this->value will be a non-serializable resource, hence the need for
* a variable that'll be serializable regardless of whether or not extensions are being used. Unlike $this->value,
* however, $this->hex is only calculated when $this->__sleep() is called.
* @var string
private $hex;
* Converts base-2, base-10, base-16, and binary strings (base-256) to BigIntegers.
* If the second parameter - $base - is negative, then it will be assumed that the number's are encoded using
* two's compliment. The sole exception to this is -10, which is treated the same as 10 is.
* Here's an example:
* <code>
* <?php
* $a = new \Jose\Util\in base-16
* echo $a->toString(); // outputs 50
* ?>
* </code>
* @param $x base-10 number or base-$base number if $base set.
* @param int $base
* @return \Jose\Util\BigInteger
public function __construct($x = 0, $base = 10)
if (!defined('MATH_BIGINTEGER_MODE')) {
switch (true) {
case extension_loaded('gmp'):
define('MATH_BIGINTEGER_MODE', self::MODE_GMP);
break;
case extension_loaded('bcmath'):
define('MATH_BIGINTEGER_MODE', self::MODE_BCMATH);
default:
define('MATH_BIGINTEGER_MODE', self::MODE_INTERNAL);
}
if (extension_loaded('openssl') && !defined('MATH_BIGINTEGER_OPENSSL_DISABLE') && !defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
define('MATH_BIGINTEGER_OPENSSL_ENABLED', true);
if (!defined('PHP_INT_SIZE')) {
define('PHP_INT_SIZE', 4);
if (empty(self::$base) && MATH_BIGINTEGER_MODE == self::MODE_INTERNAL) {
switch (PHP_INT_SIZE) {
case 8: // use 64-bit integers if int size is 8 bytes
self::$base = 31;
self::$baseFull = 0x80000000;
self::$maxDigit = 0x7FFFFFFF;
self::$msb = 0x40000000;
self::$max10 = 1000000000;
self::$max10Len = 9;
self::$maxDigit2 = pow(2, 62);
//case 4: // use 64-bit floats if int size is 4 bytes
self::$base = 26;
self::$baseFull = 0x4000000;
self::$maxDigit = 0x3FFFFFF;
self::$msb = 0x2000000;
self::$max10 = 10000000;
self::$max10Len = 7;
self::$maxDigit2 = pow(2, 52); // pow() prevents truncation
switch (MATH_BIGINTEGER_MODE) {
case self::MODE_GMP:
case is_resource($x) && get_resource_type($x) == 'GMP integer':
// PHP 5.6 switched GMP from using resources to objects
case $x instanceof \GMP:
$this->value = $x;
return;
$this->value = gmp_init(0);
case self::MODE_BCMATH:
$this->value = '0';
$this->value = [];
// '0' counts as empty() but when the base is 256 '0' is equal to ord('0') or 48
// '0' is the only value like this per http://php.net/empty
if (empty($x) && (abs($base) != 256 || $x !== '0')) {
switch ($base) {
case -256:
if (ord($x[0]) & 0x80) {
$x = ~$x;
$this->is_negative = true;
case 256:
$sign = $this->is_negative ? '-' : '';
$this->value = gmp_init($sign.'0x'.bin2hex($x));
// round $len to the nearest 4 (thanks, DavidMJ!)
$len = (strlen($x) + 3) & 0xFFFFFFFC;
$x = str_pad($x, $len, chr(0), STR_PAD_LEFT);
for ($i = 0; $i < $len; $i += 4) {
$this->value = bcmul($this->value, '4294967296', 0); // 4294967296 == 2**32
$this->value = bcadd($this->value, 0x1000000 * ord($x[$i]) + ((ord($x[$i + 1]) << 16) | (ord($x[$i + 2]) << 8) | ord($x[$i + 3])), 0);
if ($this->is_negative) {
$this->value = '-'.$this->value;
// converts a base-2**8 (big endian / msb) number to base-2**26 (little endian / lsb)
while (strlen($x)) {
$this->value[] = $this->_bytes2int($this->_base256_rshift($x, self::$base));
if (MATH_BIGINTEGER_MODE != self::MODE_INTERNAL) {
$this->is_negative = false;
$temp = $this->add(new static('-1'));
$this->value = $temp->value;
case 16:
case -16:
if ($base > 0 && $x[0] == '-') {
$x = substr($x, 1);
$x = preg_replace('#^(?:0x)?([A-Fa-f0-9]*).*#', '$1', $x);
$is_negative = false;
if ($base < 0 && hexdec($x[0]) >= 8) {
$this->is_negative = $is_negative = true;
$x = bin2hex(~hex2bin($x));
$temp = $this->is_negative ? '-0x'.$x : '0x'.$x;
$this->value = gmp_init($temp);
$x = (strlen($x) & 1) ? '0'.$x : $x;
$temp = new static(hex2bin($x), 256);
$this->value = $this->is_negative ? '-'.$temp->value : $temp->value;
if ($is_negative) {
case 10:
case -10:
// (?<!^)(?:-).*: find any -'s that aren't at the beginning and then any characters that follow that
// (?<=^|-)0*: find any 0's that are preceded by the start of the string or by a - (ie. octals)
// [^-0-9].*: find any non-numeric characters and then any characters that follow that
$x = preg_replace('#(?<!^)(?:-).*|(?<=^|-)0*|[^-0-9].*#', '', $x);
$this->value = gmp_init($x);
// explicitly casting $x to a string is necessary, here, since doing $x[0] on -1 yields different
// results then doing it on '-1' does (modInverse does $x[0])
$this->value = $x === '-' ? '0' : (string) $x;
$temp = new static();
$multiplier = new static();
$multiplier->value = [self::$max10];
if ($x[0] == '-') {
$x = str_pad($x, strlen($x) + ((self::$max10Len - 1) * strlen($x)) % self::$max10Len, 0, STR_PAD_LEFT);
$temp = $temp->multiply($multiplier);
$temp = $temp->add(new static($this->_int2bytes(substr($x, 0, self::$max10Len)), 256));
$x = substr($x, self::$max10Len);
case 2: // base-2 support originally implemented by Lluis Pamies - thanks!
case -2:
$x = preg_replace('#^([01]*).*#', '$1', $x);
$x = str_pad($x, strlen($x) + (3 * strlen($x)) % 4, 0, STR_PAD_LEFT);
$str = '0x';
$part = substr($x, 0, 4);
$str .= dechex(bindec($part));
$x = substr($x, 4);
$str = '-'.$str;
$temp = new static($str, 8 * $base); // ie. either -16 or +16
$this->is_negative = $temp->is_negative;
// base not supported, so we'll let $this == 0
* Converts a BigInteger to a byte string (eg. base-256).
* Negative numbers are saved as positive numbers, unless $twos_compliment is set to true, at which point, they're
* saved as two's compliment.
* $a = new \Jose\Util\ger('65');
* echo $a->toBytes(); // outputs chr(65)
* @param bool $twos_compliment
* @return string
* @internal Converts a base-2**26 number to base-2**8
public function toBytes($twos_compliment = false)
if ($twos_compliment) {
$comparison = $this->compare(new static());
if ($comparison == 0) {
return $this->precision > 0 ? str_repeat(chr(0), ($this->precision + 1) >> 3) : '';
$temp = $comparison < 0 ? $this->add(new static(1)) : $this;
$bytes = $temp->toBytes();
if (empty($bytes)) { // eg. if the number we're trying to convert is -1
$bytes = chr(0);
if (ord($bytes[0]) & 0x80) {
$bytes = chr(0).$bytes;
return $comparison < 0 ? ~$bytes : $bytes;
if (gmp_cmp($this->value, gmp_init(0)) == 0) {
$temp = gmp_strval(gmp_abs($this->value), 16);
$temp = (strlen($temp) & 1) ? '0'.$temp : $temp;
$temp = hex2bin($temp);
return $this->precision > 0 ?
substr(str_pad($temp, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) :
ltrim($temp, chr(0));
if ($this->value === '0') {
$value = '';
$current = $this->value;
if ($current[0] == '-') {
$current = substr($current, 1);
while (bccomp($current, '0', 0) > 0) {
$temp = bcmod($current, '16777216');
$value = chr($temp >> 16).chr($temp >> 8).chr($temp).$value;
$current = bcdiv($current, '16777216', 0);
substr(str_pad($value, $this->precision >> 3, chr(0), STR_PAD_LEFT), -($this->precision >> 3)) :
ltrim($value, chr(0));
if (!count($this->value)) {
$result = self::_int2bytes($this->value[count($this->value) - 1]);
for ($i = count($this->value) - 2; $i >= 0; --$i) {
self::_base256_lshift($result, self::$base);
$result = $result | str_pad(self::_int2bytes($this->value[$i]), strlen($result), chr(0), STR_PAD_LEFT);
str_pad(substr($result, -(($this->precision + 7) >> 3)), ($this->precision + 7) >> 3, chr(0), STR_PAD_LEFT) :
$result;
* Converts a BigInteger to a hex string (eg. base-16)).
* echo $a->toHex(); // outputs '41'
public function toHex($twos_compliment = false)
return bin2hex($this->toBytes($twos_compliment));
* Converts a BigInteger to a bit string (eg. base-2).
* echo $a->toBits(); // outputs '1000001'
* @internal Converts a base-2**26 number to base-2**2
public function toBits($twos_compliment = false)
$hex = $this->toHex($twos_compliment);
$bits = '';
for ($i = strlen($hex) - 8, $start = strlen($hex) & 7; $i >= $start; $i -= 8) {
$bits = str_pad(decbin(hexdec(substr($hex, $i, 8))), 32, '0', STR_PAD_LEFT).$bits;
if ($start) { // hexdec('') == 0
$bits = str_pad(decbin(hexdec(substr($hex, 0, $start))), 8, '0', STR_PAD_LEFT).$bits;
$result = $this->precision > 0 ? substr($bits, -$this->precision) : ltrim($bits, '0');
if ($twos_compliment && $this->compare(new static()) > 0 && $this->precision <= 0) {
return '0'.$result;
return $result;
* Converts a BigInteger to a base-10 number.
* $a = new \Jose\Util\ger('50');
* @internal Converts a base-2**26 number to base-10**7 (which is pretty much base-10)
public function toString()
return gmp_strval($this->value);
return '0';
return ltrim($this->value, '0');
$temp = clone $this;
$temp->is_negative = false;
$divisor = new static();
$divisor->value = [self::$max10];
$result = '';
while (count($temp->value)) {
list($temp, $mod) = $temp->divide($divisor);
$result = str_pad(isset($mod->value[0]) ? $mod->value[0] : '', self::$max10Len, '0', STR_PAD_LEFT).$result;
$result = ltrim($result, '0');
if (empty($result)) {
$result = '0';
$result = '-'.$result;
* __toString() magic method.
* Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call
* toString().
* @internal Implemented per a suggestion by Techie-Michael - thanks!
public function __toString()
return $this->toString();
* __sleep() magic method.
* Will be called, automatically, when serialize() is called on a BigInteger object.
public function __sleep()
$this->hex = $this->toHex(true);
$vars = ['hex'];
if ($this->precision > 0) {
$vars[] = 'precision';
return $vars;
* __wakeup() magic method.
* Will be called, automatically, when unserialize() is called on a BigInteger object.
private function __wakeup()
$temp = new static($this->hex, -16);
// recalculate $this->bitmask
$this->setPrecision($this->precision);
* __debugInfo() magic method.
* Will be called, automatically, when print_r() or var_dump() are called
public function __debugInfo()
$opts = [];
$engine = 'gmp';
$engine = 'bcmath';
case self::MODE_INTERNAL:
$engine = 'internal';
$opts[] = PHP_INT_SIZE == 8 ? '64-bit' : '32-bit';
if (MATH_BIGINTEGER_MODE != self::MODE_GMP && defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
$opts[] = 'OpenSSL';
if (!empty($opts)) {
$engine .= ' ('.implode($opts, ', ').')';
return [
'value' => '0x'.$this->toHex(true),
'engine' => $engine,
];
* Adds two BigIntegers.
* $a = new \Jose\Util\ger('10');
* $b = new \Jose\Util\ger('20');
* $c = $a->add($b);
* echo $c->toString(); // outputs 30
* @param \Jose\Util\Integer $y
* @internal Performs base-2**52 addition
public function add(BigInteger $y)
$temp->value = gmp_add($this->value, $y->value);
return $this->_normalize($temp);
$temp->value = bcadd($this->value, $y->value, 0);
$temp = self::_add($this->value, $this->is_negative, $y->value, $y->is_negative);
$result = new static();
$result->value = $temp[self::VALUE];
$result->is_negative = $temp[self::SIGN];
return $this->_normalize($result);
* Performs addition.
* @param array $x_value
* @param bool $x_negative
* @param array $y_value
* @param bool $y_negative
* @return array
private static function _add($x_value, $x_negative, $y_value, $y_negative)
$x_size = count($x_value);
$y_size = count($y_value);
if ($x_size == 0) {
self::VALUE => $y_value,
self::SIGN => $y_negative,
} elseif ($y_size == 0) {
self::VALUE => $x_value,
self::SIGN => $x_negative,
// subtract, if appropriate
if ($x_negative != $y_negative) {
if ($x_value == $y_value) {
self::VALUE => [],
self::SIGN => false,
$temp = self::_subtract($x_value, false, $y_value, false);
$temp[self::SIGN] = self::_compare($x_value, false, $y_value, false) > 0 ?
$x_negative : $y_negative;
return $temp;
if ($x_size < $y_size) {
$size = $x_size;
$value = $y_value;
} else {
$size = $y_size;
$value = $x_value;
$value[count($value)] = 0; // just in case the carry adds an extra digit
$carry = 0;
for ($i = 0, $j = 1; $j < $size; $i += 2, $j += 2) {
$sum = $x_value[$j] * self::$baseFull + $x_value[$i] + $y_value[$j] * self::$baseFull + $y_value[$i] + $carry;
$carry = $sum >= self::$maxDigit2; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1
$sum = $carry ? $sum - self::$maxDigit2 : $sum;
$temp = self::$base === 26 ? intval($sum / 0x4000000) : ($sum >> 31);
$value[$i] = (int) ($sum - self::$baseFull * $temp); // eg. a faster alternative to fmod($sum, 0x4000000)
$value[$j] = $temp;
if ($j == $size) { // ie. if $y_size is odd
$sum = $x_value[$i] + $y_value[$i] + $carry;
$carry = $sum >= self::$baseFull;
$value[$i] = $carry ? $sum - self::$baseFull : $sum;
++$i; // ie. let $i = $j since we've just done $value[$i]
if ($carry) {
for (; $value[$i] == self::$maxDigit; ++$i) {
$value[$i] = 0;
++$value[$i];
self::VALUE => self::_trim($value),
* Subtracts two BigIntegers.
* $c = $a->subtract($b);
* echo $c->toString(); // outputs -10
* @internal Performs base-2**52 subtraction
public function subtract(BigInteger $y)
$temp->value = gmp_sub($this->value, $y->value);
$temp->value = bcsub($this->value, $y->value, 0);
$temp = self::_subtract($this->value, $this->is_negative, $y->value, $y->is_negative);
* Performs subtraction.
private static function _subtract($x_value, $x_negative, $y_value, $y_negative)
self::SIGN => !$y_negative,
// add, if appropriate (ie. -$x - +$y or +$x - -$y)
$temp = self::_add($x_value, false, $y_value, false);
$temp[self::SIGN] = $x_negative;
$diff = self::_compare($x_value, $x_negative, $y_value, $y_negative);
if (!$diff) {
// switch $x and $y around, if appropriate.
if ((!$x_negative && $diff < 0) || ($x_negative && $diff > 0)) {
$temp = $x_value;
$x_value = $y_value;
$y_value = $temp;
$x_negative = !$x_negative;
// at this point, $x_value should be at least as big as - if not bigger than - $y_value
for ($i = 0, $j = 1; $j < $y_size; $i += 2, $j += 2) {
$sum = $x_value[$j] * self::$baseFull + $x_value[$i] - $y_value[$j] * self::$baseFull - $y_value[$i] - $carry;
$carry = $sum < 0; // eg. floor($sum / 2**52); only possible values (in any base) are 0 and 1
$sum = $carry ? $sum + self::$maxDigit2 : $sum;
$x_value[$i] = (int) ($sum - self::$baseFull * $temp);
$x_value[$j] = $temp;
if ($j == $y_size) { // ie. if $y_size is odd
$sum = $x_value[$i] - $y_value[$i] - $carry;
$carry = $sum < 0;
$x_value[$i] = $carry ? $sum + self::$baseFull : $sum;
++$i;
for (; !$x_value[$i]; ++$i) {
$x_value[$i] = self::$maxDigit;
--$x_value[$i];
self::VALUE => self::_trim($x_value),
* Multiplies two BigIntegers.
* $c = $a->multiply($b);
* echo $c->toString(); // outputs 200
* @param \Jose\Util\Integer $x
public function multiply(BigInteger $x)
$temp->value = gmp_mul($this->value, $x->value);
$temp->value = bcmul($this->value, $x->value, 0);
$temp = self::_multiply($this->value, $this->is_negative, $x->value, $x->is_negative);
$product = new static();
$product->value = $temp[self::VALUE];
$product->is_negative = $temp[self::SIGN];
return $this->_normalize($product);
* Performs multiplication.
private static function _multiply($x_value, $x_negative, $y_value, $y_negative)
//if ( $x_value == $y_value ) {
// return array(
// self::VALUE => $this->_square($x_value),
// self::SIGN => $x_sign != $y_value
// );
//}
$x_length = count($x_value);
$y_length = count($y_value);
if (!$x_length || !$y_length) { // a 0 is being multiplied
self::VALUE => min($x_length, $y_length) < 2 * self::KARATSUBA_CUTOFF ?
self::_trim(self::_regularMultiply($x_value, $y_value)) :
self::_trim(self::_karatsuba($x_value, $y_value)),
self::SIGN => $x_negative != $y_negative,
* Performs long multiplication on two BigIntegers.
* Modeled after 'multiply' in MutableBigInteger.java.
private static function _regularMultiply($x_value, $y_value)
return [];
if ($x_length < $y_length) {
$product_value = self::_array_repeat(0, $x_length + $y_length);
// the following for loop could be removed if the for loop following it
// (the one with nested for loops) initially set $i to 0, but
// doing so would also make the result in one set of unnecessary adds,
// since on the outermost loops first pass, $product->value[$k] is going
// to always be 0
for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0
$temp = $x_value[$j] * $y_value[0] + $carry; // $product_value[$k] == 0
$carry = self::$base === 26 ? intval($temp / 0x4000000) : ($temp >> 31);
$product_value[$j] = (int) ($temp - self::$baseFull * $carry);
$product_value[$j] = $carry;
// the above for loop is what the previous comment was talking about. the
// following for loop is the "one with nested for loops"
for ($i = 1; $i < $y_length; ++$i) {
for ($j = 0, $k = $i; $j < $x_length; ++$j, ++$k) {
$temp = $product_value[$k] + $x_value[$j] * $y_value[$i] + $carry;
$product_value[$k] = (int) ($temp - self::$baseFull * $carry);
$product_value[$k] = $carry;
return $product_value;
* Performs Karatsuba multiplication on two BigIntegers.
* See {@link http://en.wikipedia.org/wiki/Karatsuba_algorithm Karatsuba algorithm} and
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=120 MPM 5.2.3}.
private static function _karatsuba($x_value, $y_value)
$m = min(count($x_value) >> 1, count($y_value) >> 1);
if ($m < self::KARATSUBA_CUTOFF) {
return self::_regularMultiply($x_value, $y_value);
$x1 = array_slice($x_value, $m);
$x0 = array_slice($x_value, 0, $m);
$y1 = array_slice($y_value, $m);
$y0 = array_slice($y_value, 0, $m);
$z2 = self::_karatsuba($x1, $y1);
$z0 = self::_karatsuba($x0, $y0);
$z1 = self::_add($x1, false, $x0, false);
$temp = self::_add($y1, false, $y0, false);
$z1 = self::_karatsuba($z1[self::VALUE], $temp[self::VALUE]);
$temp = self::_add($z2, false, $z0, false);
$z1 = self::_subtract($z1, false, $temp[self::VALUE], false);
$z2 = array_merge(array_fill(0, 2 * $m, 0), $z2);
$z1[self::VALUE] = array_merge(array_fill(0, $m, 0), $z1[self::VALUE]);
$xy = self::_add($z2, false, $z1[self::VALUE], $z1[self::SIGN]);
$xy = self::_add($xy[self::VALUE], $xy[self::SIGN], $z0, false);
return $xy[self::VALUE];
* Performs squaring.
* @param array $x
private static function _square($x = false)
return count($x) < 2 * self::KARATSUBA_CUTOFF ?
self::_trim(self::_baseSquare($x)) :
self::_trim(self::_karatsubaSquare($x));
* Performs traditional squaring on two BigIntegers.
* Squaring can be done faster than multiplying a number by itself can be. See
* {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=7 HAC 14.2.4} /
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=141 MPM 5.3} for more information.
* @param array $value
private static function _baseSquare($value)
if (empty($value)) {
$square_value = self::_array_repeat(0, 2 * count($value));
for ($i = 0, $max_index = count($value) - 1; $i <= $max_index; ++$i) {
$i2 = $i << 1;
$temp = $square_value[$i2] + $value[$i] * $value[$i];
$square_value[$i2] = (int) ($temp - self::$baseFull * $carry);
// note how we start from $i+1 instead of 0 as we do in multiplication.
for ($j = $i + 1, $k = $i2 + 1; $j <= $max_index; ++$j, ++$k) {
$temp = $square_value[$k] + 2 * $value[$j] * $value[$i] + $carry;
$square_value[$k] = (int) ($temp - self::$baseFull * $carry);
// the following line can yield values larger 2**15. at this point, PHP should switch
// over to floats.
$square_value[$i + $max_index + 1] = $carry;
return $square_value;
* Performs Karatsuba "squaring" on two BigIntegers.
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=151 MPM 5.3.4}.
private static function _karatsubaSquare($value)
$m = count($value) >> 1;
return self::_baseSquare($value);
$x1 = array_slice($value, $m);
$x0 = array_slice($value, 0, $m);
$z2 = self::_karatsubaSquare($x1);
$z0 = self::_karatsubaSquare($x0);
$z1 = self::_karatsubaSquare($z1[self::VALUE]);
$xx = self::_add($z2, false, $z1[self::VALUE], $z1[self::SIGN]);
$xx = self::_add($xx[self::VALUE], $xx[self::SIGN], $z0, false);
return $xx[self::VALUE];
* Divides two BigIntegers.
* Returns an array whose first element contains the quotient and whose second element contains the
* "common residue". If the remainder would be positive, the "common residue" and the remainder are the
* same. If the remainder would be negative, the "common residue" is equal to the sum of the remainder
* and the divisor (basically, the "common residue" is the first positive modulo).
* list($quotient, $remainder) = $a->divide($b);
* echo $quotient->toString(); // outputs 0
* echo "\r\n";
* echo $remainder->toString(); // outputs 10
* @internal This function is based off of {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=9 HAC 14.20}.
public function divide(BigInteger $y)
$quotient = new static();
$remainder = new static();
list($quotient->value, $remainder->value) = gmp_div_qr($this->value, $y->value);
if (gmp_sign($remainder->value) < 0) {
$remainder->value = gmp_add($remainder->value, gmp_abs($y->value));
return [$this->_normalize($quotient), $this->_normalize($remainder)];
$quotient->value = bcdiv($this->value, $y->value, 0);
$remainder->value = bcmod($this->value, $y->value);
if ($remainder->value[0] == '-') {
$remainder->value = bcadd($remainder->value, $y->value[0] == '-' ? substr($y->value, 1) : $y->value, 0);
if (count($y->value) == 1) {
list($q, $r) = $this->_divide_digit($this->value, $y->value[0]);
$quotient->value = $q;
$remainder->value = [$r];
$quotient->is_negative = $this->is_negative != $y->is_negative;
static $zero;
if (!isset($zero)) {
$zero = new static();
$x = clone $this;
$y = clone $y;
$x_sign = $x->is_negative;
$y_sign = $y->is_negative;
$x->is_negative = $y->is_negative = false;
$diff = $x->compare($y);
$temp->value = [1];
$temp->is_negative = $x_sign != $y_sign;
return [$this->_normalize($temp), $this->_normalize(new static())];
if ($diff < 0) {
// if $x is negative, "add" $y.
if ($x_sign) {
$x = $y->subtract($x);
return [$this->_normalize(new static()), $this->_normalize($x)];
// normalize $x and $y as described in HAC 14.23 / 14.24
$msb = $y->value[count($y->value) - 1];
for ($shift = 0; !($msb & self::$msb); ++$shift) {
$msb <<= 1;
$x->_lshift($shift);
$y->_lshift($shift);
$y_value = &$y->value;
$x_max = count($x->value) - 1;
$y_max = count($y->value) - 1;
$quotient_value = &$quotient->value;
$quotient_value = $this->_array_repeat(0, $x_max - $y_max + 1);
static $temp, $lhs, $rhs;
if (!isset($temp)) {
$lhs = new static();
$rhs = new static();
$temp_value = &$temp->value;
$rhs_value = &$rhs->value;
// $temp = $y << ($x_max - $y_max-1) in base 2**26
$temp_value = array_merge($this->_array_repeat(0, $x_max - $y_max), $y_value);
while ($x->compare($temp) >= 0) {
// calculate the "common residue"
++$quotient_value[$x_max - $y_max];
$x = $x->subtract($temp);
for ($i = $x_max; $i >= $y_max + 1; --$i) {
$x_value = &$x->value;
$x_window = [
isset($x_value[$i]) ? $x_value[$i] : 0,
isset($x_value[$i - 1]) ? $x_value[$i - 1] : 0,
isset($x_value[$i - 2]) ? $x_value[$i - 2] : 0,
$y_window = [
$y_value[$y_max],
($y_max > 0) ? $y_value[$y_max - 1] : 0,
$q_index = $i - $y_max - 1;
if ($x_window[0] == $y_window[0]) {
$quotient_value[$q_index] = self::$maxDigit;
$quotient_value[$q_index] = $this->_safe_divide(
$x_window[0] * self::$baseFull + $x_window[1],
$y_window[0]
);
$temp_value = [$y_window[1], $y_window[0]];
$lhs->value = [$quotient_value[$q_index]];
$lhs = $lhs->multiply($temp);
$rhs_value = [$x_window[2], $x_window[1], $x_window[0]];
while ($lhs->compare($rhs) > 0) {
--$quotient_value[$q_index];
$adjust = $this->_array_repeat(0, $q_index);
$temp_value = [$quotient_value[$q_index]];
$temp = $temp->multiply($y);
$temp_value = array_merge($adjust, $temp_value);
if ($x->compare($zero) < 0) {
$temp_value = array_merge($adjust, $y_value);
$x = $x->add($temp);
$x_max = count($x_value) - 1;
// unnormalize the remainder
$x->_rshift($shift);
$quotient->is_negative = $x_sign != $y_sign;
// calculate the "common residue", if appropriate
$y->_rshift($shift);
return [$this->_normalize($quotient), $this->_normalize($x)];
* Divides a BigInteger by a regular integer.
* abc / x = a00 / x + b0 / x + c / x
* @param array $dividend
* @param array $divisor
private static function _divide_digit($dividend, $divisor)
$result = [];
for ($i = count($dividend) - 1; $i >= 0; --$i) {
$temp = self::$baseFull * $carry + $dividend[$i];
$result[$i] = self::_safe_divide($temp, $divisor);
$carry = (int) ($temp - $divisor * $result[$i]);
return [$result, $carry];
* Performs modular exponentiation.
* $c = new \Jose\Util\ger('30');
* $c = $a->modPow($b, $c);
* echo $c->toString(); // outputs 10
* @param \Jose\Util\Integer $e
* @param \Jose\Util\Integer $n
* @internal The most naive approach to modular exponentiation has very unreasonable requirements, and
* and although the approach involving repeated squaring does vastly better, it, too, is impractical
* for our purposes. The reason being that division - by far the most complicated and time-consuming
* of the basic operations (eg. +,-,*,/) - occurs multiple times within it.
* Modular reductions resolve this issue. Although an individual modular reduction takes more time
* then an individual division, when performed in succession (with the same modulo), they're a lot faster.
* The two most commonly used modular reductions are Barrett and Montgomery reduction. Montgomery reduction,
* although faster, only works when the gcd of the modulo and of the base being used is 1. In RSA, when the
* base is a power of two, the modulo - a product of two primes - is always going to have a gcd of 1 (because
* the product of two odd numbers is odd), but what about when RSA isn't used?
* In contrast, Barrett reduction has no such constraint. As such, some bigint implementations perform a
* Barrett reduction after every operation in the modpow function. Others perform Barrett reductions when the
* modulo is even and Montgomery reductions when the modulo is odd. BigInteger.java's modPow method, however,
* uses a trick involving the Chinese Remainder Theorem to factor the even modulo into two numbers - one odd and
* the other, a power of two - and recombine them, later. This is the method that this modPow function uses.
* {@link http://islab.oregonstate.edu/papers/j34monex.pdf Montgomery Reduction with Even Modulus} elaborates.
public function modPow(BigInteger $e, BigInteger $n)
$n = $this->bitmask !== false && $this->bitmask->compare($n) < 0 ? $this->bitmask : $n->abs();
if ($e->compare(new static()) < 0) {
$e = $e->abs();
$temp = $this->modInverse($n);
if ($temp === false) {
return false;
return $this->_normalize($temp->modPow($e, $n));
if (MATH_BIGINTEGER_MODE == self::MODE_GMP) {
$temp->value = gmp_powm($this->value, $e->value, $n->value);
if ($this->compare(new static()) < 0 || $this->compare($n) > 0) {
list(, $temp) = $this->divide($n);
return $temp->modPow($e, $n);
if (defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
$components = [
'modulus' => $n->toBytes(true),
'publicExponent' => $e->toBytes(true),
'modulus' => pack('Ca*a*', 2, self::_encodeASN1Length(strlen($components['modulus'])), $components['modulus']),
'publicExponent' => pack('Ca*a*', 2, self::_encodeASN1Length(strlen($components['publicExponent'])), $components['publicExponent']),
$RSAPublicKey = pack(
'Ca*a*a*',
48,
self::_encodeASN1Length(strlen($components['modulus']) + strlen($components['publicExponent'])),
$components['modulus'],
$components['publicExponent']
$rsaOID = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00"; // hex version of MA0GCSqGSIb3DQEBAQUA
$RSAPublicKey = chr(0).$RSAPublicKey;
$RSAPublicKey = chr(3).self::_encodeASN1Length(strlen($RSAPublicKey)).$RSAPublicKey;
$encapsulated = pack(
'Ca*a*',
self::_encodeASN1Length(strlen($rsaOID.$RSAPublicKey)),
$rsaOID.$RSAPublicKey
$RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n".
chunk_split(base64_encode($encapsulated)).
'-----END PUBLIC KEY-----';
$plaintext = str_pad($this->toBytes(), strlen($n->toBytes(true)) - 1, "\0", STR_PAD_LEFT);
if (openssl_public_encrypt($plaintext, $result, $RSAPublicKey, OPENSSL_NO_PADDING)) {
return new static($result, 256);
if (MATH_BIGINTEGER_MODE == self::MODE_BCMATH) {
$temp->value = bcpowmod($this->value, $e->value, $n->value, 0);
if (empty($e->value)) {
if ($e->value == [1]) {
if ($e->value == [2]) {
$temp->value = self::_square($this->value);
list(, $temp) = $temp->divide($n);
return $this->_normalize($this->_slidingWindow($e, $n, self::BARRETT));
// the following code, although not callable, can be run independently of the above code
// although the above code performed better in my benchmarks the following could might
// perform better under different circumstances. in lieu of deleting it it's just been
// made uncallable
// is the modulo odd?
if ($n->value[0] & 1) {
return $this->_normalize($this->_slidingWindow($e, $n, self::MONTGOMERY));
// if it's not, it's even
// find the lowest set bit (eg. the max pow of 2 that divides $n)
for ($i = 0; $i < count($n->value); ++$i) {
if ($n->value[$i]) {
$temp = decbin($n->value[$i]);
$j = strlen($temp) - strrpos($temp, '1') - 1;
$j += 26 * $i;
// at this point, 2^$j * $n/(2^$j) == $n
$mod1 = clone $n;
$mod1->_rshift($j);
$mod2 = new static();
$mod2->value = [1];
$mod2->_lshift($j);
$part1 = ($mod1->value != [1]) ? $this->_slidingWindow($e, $mod1, self::MONTGOMERY) : new static();
$part2 = $this->_slidingWindow($e, $mod2, self::POWEROF2);
$y1 = $mod2->modInverse($mod1);
$y2 = $mod1->modInverse($mod2);
$result = $part1->multiply($mod2);
$result = $result->multiply($y1);
$temp = $part2->multiply($mod1);
$temp = $temp->multiply($y2);
$result = $result->add($temp);
list(, $result) = $result->divide($n);
* Alias for modPow().
public function powMod(BigInteger $e, BigInteger $n)
return $this->modPow($e, $n);
* Sliding Window k-ary Modular Exponentiation.
* Based on {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=27 HAC 14.85} /
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=210 MPM 7.7}. In a departure from those algorithims,
* however, this function performs a modular reduction after every multiplication and squaring operation.
* As such, this function has the same preconditions that the reductions being used do.
* @param int $mode
private function _slidingWindow($e, $n, $mode)
static $window_ranges = [7, 25, 81, 241, 673, 1793]; // from BigInteger.java's oddModPow function
//static $window_ranges = array(0, 7, 36, 140, 450, 1303, 3529); // from MPM 7.3.1
$e_value = $e->value;
$e_length = count($e_value) - 1;
$e_bits = decbin($e_value[$e_length]);
for ($i = $e_length - 1; $i >= 0; --$i) {
$e_bits .= str_pad(decbin($e_value[$i]), self::$base, '0', STR_PAD_LEFT);
$e_length = strlen($e_bits);
// calculate the appropriate window size.
// $window_size == 3 if $window_ranges is between 25 and 81, for example.
for ($i = 0, $window_size = 1; $i < count($window_ranges) && $e_length > $window_ranges[$i]; ++$window_size, ++$i) {
$n_value = $n->value;
// precompute $this^0 through $this^$window_size
$powers = [];
$powers[1] = self::_prepareReduce($this->value, $n_value, $mode);
$powers[2] = self::_squareReduce($powers[1], $n_value, $mode);
// we do every other number since substr($e_bits, $i, $j+1) (see below) is supposed to end
// in a 1. ie. it's supposed to be odd.
$temp = 1 << ($window_size - 1);
for ($i = 1; $i < $temp; ++$i) {
$powers[$i2 + 1] = self::_multiplyReduce($powers[$i2 - 1], $powers[2], $n_value, $mode);
$result = [1];
$result = self::_prepareReduce($result, $n_value, $mode);
for ($i = 0; $i < $e_length;) {
if (!$e_bits[$i]) {
$result = self::_squareReduce($result, $n_value, $mode);
for ($j = $window_size - 1; $j > 0; --$j) {
if (!empty($e_bits[$i + $j])) {
// eg. the length of substr($e_bits, $i, $j + 1)
for ($k = 0; $k <= $j; ++$k) {
$result = self::_multiplyReduce($result, $powers[bindec(substr($e_bits, $i, $j + 1))], $n_value, $mode);
$i += $j + 1;
$temp->value = self::_reduce($result, $n_value, $mode);
* Modular reduction.
* For most $modes this will return the remainder.
* @param array $n
private static function _reduce($x, $n, $mode)
switch ($mode) {
case self::MONTGOMERY:
return self::_montgomery($x, $n);
case self::BARRETT:
return self::_barrett($x, $n);
case self::POWEROF2:
$lhs->value = $x;
$rhs->value = $n;
return $x->_mod2($n);
case self::CLASSIC:
list(, $temp) = $lhs->divide($rhs);
return $temp->value;
case self::NONE:
return $x;
// an invalid $mode was provided
* Modular reduction preperation.
private static function _prepareReduce($x, $n, $mode)
if ($mode == self::MONTGOMERY) {
return self::_prepMontgomery($x, $n);
return self::_reduce($x, $n, $mode);
* Modular multiply.
* @param array $y
private static function _multiplyReduce($x, $y, $n, $mode)
return self::_montgomeryMultiply($x, $y, $n);
$temp = self::_multiply($x, false, $y, false);
return self::_reduce($temp[self::VALUE], $n, $mode);
* Modular square.
private static function _squareReduce($x, $n, $mode)
return self::_montgomeryMultiply($x, $x, $n);
return self::_reduce(self::_square($x), $n, $mode);
* Modulos for Powers of Two.
* Calculates $x%$n, where $n = 2**$e, for some $e. Since this is basically the same as doing $x & ($n-1),
* we'll just use this function as a wrapper for doing that.
* @param \Jose\Util\BigInteger
private function _mod2($n)
return $this->bitwise_and($n->subtract($temp));
* Barrett Modular Reduction.
* See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=14 HAC 14.3.3} /
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=165 MPM 6.2.5} for more information. Modified slightly,
* so as not to require negative numbers (initially, this script didn't support negative numbers).
* Employs "folding", as described at
* {@link http://www.cosic.esat.kuleuven.be/publications/thesis-149.pdf#page=66 thesis-149.pdf#page=66}. To quote from
* it, "the idea [behind folding] is to find a value x' such that x (mod m) = x' (mod m), with x' being smaller than x."
* Unfortunately, the "Barrett Reduction with Folding" algorithm described in thesis-149.pdf is not, as written, all that
* usable on account of (1) its not using reasonable radix points as discussed in
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=162 MPM 6.2.2} and (2) the fact that, even with reasonable
* radix points, it only works when there are an even number of digits in the denominator. The reason for (2) is that
* (x >> 1) + (x >> 1) != x / 2 + x / 2. If x is even, they're the same, but if x is odd, they're not. See the in-line
* comments for details.
* @param array $m
private static function _barrett($n, $m)
static $cache = [
self::VARIABLE => [],
self::DATA => [],
$m_length = count($m);
// if (self::_compare($n, self::_square($m)) >= 0) {
if (count($n) > 2 * $m_length) {
$lhs->value = $n;
$rhs->value = $m;
// if (m.length >> 1) + 2 <= m.length then m is too small and n can't be reduced
if ($m_length < 5) {
return self::_regularBarrett($n, $m);
// n = 2 * m.length
if (($key = array_search($m, $cache[self::VARIABLE])) === false) {
$key = count($cache[self::VARIABLE]);
$cache[self::VARIABLE][] = $m;
$lhs_value = &$lhs->value;
$lhs_value = self::_array_repeat(0, $m_length + ($m_length >> 1));
$lhs_value[] = 1;
list($u, $m1) = $lhs->divide($rhs);
$u = $u->value;
$m1 = $m1->value;
$cache[self::DATA][] = [
'u' => $u, // m.length >> 1 (technically (m.length >> 1) + 1)
'm1' => $m1, // m.length
extract($cache[self::DATA][$key]);
$cutoff = $m_length + ($m_length >> 1);
$lsd = array_slice($n, 0, $cutoff); // m.length + (m.length >> 1)
$msd = array_slice($n, $cutoff); // m.length >> 1
$lsd = self::_trim($lsd);
$temp = self::_multiply($msd, false, $m1, false);
$n = self::_add($lsd, false, $temp[self::VALUE], false); // m.length + (m.length >> 1) + 1
if ($m_length & 1) {
return self::_regularBarrett($n[self::VALUE], $m);
// (m.length + (m.length >> 1) + 1) - (m.length - 1) == (m.length >> 1) + 2
$temp = array_slice($n[self::VALUE], $m_length - 1);
// if even: ((m.length >> 1) + 2) + (m.length >> 1) == m.length + 2
// if odd: ((m.length >> 1) + 2) + (m.length >> 1) == (m.length - 1) + 2 == m.length + 1
$temp = self::_multiply($temp, false, $u, false);
// if even: (m.length + 2) - ((m.length >> 1) + 1) = m.length - (m.length >> 1) + 1
// if odd: (m.length + 1) - ((m.length >> 1) + 1) = m.length - (m.length >> 1)
$temp = array_slice($temp[self::VALUE], ($m_length >> 1) + 1);
// if even: (m.length - (m.length >> 1) + 1) + m.length = 2 * m.length - (m.length >> 1) + 1
// if odd: (m.length - (m.length >> 1)) + m.length = 2 * m.length - (m.length >> 1)
$temp = self::_multiply($temp, false, $m, false);
// at this point, if m had an odd number of digits, we'd be subtracting a 2 * m.length - (m.length >> 1) digit
// number from a m.length + (m.length >> 1) + 1 digit number. ie. there'd be an extra digit and the while loop
// following this comment would loop a lot (hence our calling _regularBarrett() in that situation).
$result = self::_subtract($n[self::VALUE], false, $temp[self::VALUE], false);
while (self::_compare($result[self::VALUE], $result[self::SIGN], $m, false) >= 0) {
$result = self::_subtract($result[self::VALUE], $result[self::SIGN], $m, false);
return $result[self::VALUE];
* (Regular) Barrett Modular Reduction.
* For numbers with more than four digits BigInteger::_barrett() is faster. The difference between that and this
* is that this function does not fold the denominator into a smaller form.
private static function _regularBarrett($x, $n)
$n_length = count($n);
if (count($x) > 2 * $n_length) {
if (($key = array_search($n, $cache[self::VARIABLE])) === false) {
$cache[self::VARIABLE][] = $n;
$lhs_value = self::_array_repeat(0, 2 * $n_length);
list($temp) = $lhs->divide($rhs); // m.length
$cache[self::DATA][] = $temp->value;
// 2 * m.length - (m.length - 1) = m.length + 1
$temp = array_slice($x, $n_length - 1);
// (m.length + 1) + m.length = 2 * m.length + 1
$temp = self::_multiply($temp, false, $cache[self::DATA][$key], false);
// (2 * m.length + 1) - (m.length - 1) = m.length + 2
$temp = array_slice($temp[self::VALUE], $n_length + 1);
// m.length + 1
$result = array_slice($x, 0, $n_length + 1);
$temp = self::_multiplyLower($temp, false, $n, false, $n_length + 1);
// $temp == array_slice(self::_multiply($temp, false, $n, false)->value, 0, $n_length + 1)
if (self::_compare($result, false, $temp[self::VALUE], $temp[self::SIGN]) < 0) {
$corrector_value = self::_array_repeat(0, $n_length + 1);
$corrector_value[count($corrector_value)] = 1;
$result = self::_add($result, false, $corrector_value, false);
$result = $result[self::VALUE];
// at this point, we're subtracting a number with m.length + 1 digits from another number with m.length + 1 digits
$result = self::_subtract($result, false, $temp[self::VALUE], $temp[self::SIGN]);
while (self::_compare($result[self::VALUE], $result[self::SIGN], $n, false) > 0) {
$result = self::_subtract($result[self::VALUE], $result[self::SIGN], $n, false);
* Performs long multiplication up to $stop digits.
* If you're going to be doing array_slice($product->value, 0, $stop), some cycles can be saved.
* @param int $stop
private static function _multiplyLower($x_value, $x_negative, $y_value, $y_negative, $stop)
for ($j = 0; $j < $x_length; ++$j) { // ie. $i = 0, $k = $i
if ($j < $stop) {
for ($j = 0, $k = $i; $j < $x_length && $k < $stop; ++$j, ++$k) {
if ($k < $stop) {
self::VALUE => self::_trim($product_value),
* Montgomery Modular Reduction.
* ($x->_prepMontgomery($n))->_montgomery($n) yields $x % $n.
* {@link http://math.libtomcrypt.com/files/tommath.pdf#page=170 MPM 6.3} provides insights on how this can be
* improved upon (basically, by using the comba method). gcd($n, 2) must be equal to one for this function
* to work correctly.
private static function _montgomery($x, $n)
$cache[self::VARIABLE][] = $x;
$cache[self::DATA][] = self::_modInverse67108864($n);
$k = count($n);
$result = [self::VALUE => $x];
for ($i = 0; $i < $k; ++$i) {
$temp = $result[self::VALUE][$i] * $cache[self::DATA][$key];
$temp = $temp - self::$baseFull * (self::$base === 26 ? intval($temp / 0x4000000) : ($temp >> 31));
$temp = self::_regularMultiply([$temp], $n);
$temp = array_merge($this->_array_repeat(0, $i), $temp);
$result = self::_add($result[self::VALUE], false, $temp, false);
$result[self::VALUE] = array_slice($result[self::VALUE], $k);
if (self::_compare($result, false, $n, false) >= 0) {
$result = self::_subtract($result[self::VALUE], false, $n, false);
* Montgomery Multiply.
* Interleaves the montgomery reduction and long multiplication algorithms together as described in
* {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36}
private static function _montgomeryMultiply($x, $y, $m)
return self::_montgomery($temp[self::VALUE], $m);
// the following code, a...self::DATA => array());
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of return, die or exit statements that have been added for debug purposes.
return
die
exit
function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; }
In the above example, the last return false will never be executed, because a return statement has already been met in every possible execution path.
return false
$cache[self::DATA][] = self::_modInverse67108864($m);
$n = max(count($x), count($y), count($m));
$x = array_pad($x, $n, 0);
$y = array_pad($y, $n, 0);
$m = array_pad($m, $n, 0);
$a = [self::VALUE => self::_array_repeat(0, $n + 1)];
for ($i = 0; $i < $n; ++$i) {
$temp = $a[self::VALUE][0] + $x[$i] * $y[0];
$temp = $temp * $cache[self::DATA][$key];
$temp = self::_add(self::_regularMultiply([$x[$i]], $y), false, self::_regularMultiply([$temp], $m), false);
$a = self::_add($a[self::VALUE], false, $temp[self::VALUE], false);
$a[self::VALUE] = array_slice($a[self::VALUE], 1);
if (self::_compare($a[self::VALUE], false, $m, false) >= 0) {
$a = self::_subtract($a[self::VALUE], false, $m, false);
return $a[self::VALUE];
* Prepare a number for use in Montgomery Modular Reductions.
private static function _prepMontgomery($x, $n)
$lhs->value = array_merge(self::_array_repeat(0, count($n)), $x);
* Modular Inverse of a number mod 2**26 (eg. 67108864).
* Based off of the bnpInvDigit function implemented and justified in the following URL:
* {@link http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js}
* The following URL provides more info:
* {@link http://groups.google.com/group/sci.crypt/msg/7a137205c1be7d85}
* As for why we do all the bitmasking... strange things can happen when converting from floats to ints. For
* instance, on some computers, var_dump((int) -4294967297) yields int(-1) and on others, it yields
* int(-2147483648). To avoid problems stemming from this, we use bitmasks to guarantee that ints aren't
* auto-converted to floats. The outermost bitmask is present because without it, there's no guarantee that
* the "residue" returned would be the so-called "common residue". We use fmod, in the last step, because the
* maximum possible $x is 26 bits and the maximum $result is 16 bits. Thus, we have to be able to handle up to
* 40 bits, which only 64-bit floating points will support.
* Thanks to Pedro Gimeno Fortea for input!
* @return int
private function _modInverse67108864($x) // 2**26 == 67,108,864
$x = -$x[0];
$result = $x & 0x3; // x**-1 mod 2**2
$result = ($result * (2 - $x * $result)) & 0xF; // x**-1 mod 2**4
$result = ($result * (2 - ($x & 0xFF) * $result)) & 0xFF; // x**-1 mod 2**8
$result = ($result * ((2 - ($x & 0xFFFF) * $result) & 0xFFFF)) & 0xFFFF; // x**-1 mod 2**16
$result = fmod($result * (2 - fmod($x * $result, self::$baseFull)), self::$baseFull); // x**-1 mod 2**26
return $result & self::$maxDigit;
* Calculates modular inverses.
* Say you have (30 mod 17 * x mod 17) mod 17 == 1. x can be found using modular inverses.
* $a = new \Jose\Util\teger(30);
* $b = new \Jose\Util\teger(17);
* $c = $a->modInverse($b);
* echo $c->toString(); // outputs 4
* $d = $a->multiply($c);
* list(, $d) = $d->divide($b);
* echo $d; // outputs 1 (as per the definition of modular inverse)
* @return \Jose\Util\eger|false
* @internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=21 HAC 14.64} for more information.
public function modInverse(BigInteger $n)
$temp->value = gmp_invert($this->value, $n->value);
return ($temp->value === false) ? false : $this->_normalize($temp);
static $zero, $one;
$one = new static(1);
// $x mod -$n == $x mod $n.
$n = $n->abs();
if ($this->compare($zero) < 0) {
$temp = $this->abs();
$temp = $temp->modInverse($n);
return $this->_normalize($n->subtract($temp));
extract($this->extendedGCD($n));
if (!$gcd->equals($one)) {
$x = $x->compare($zero) < 0 ? $x->add($n) : $x;
return $this->compare($zero) < 0 ? $this->_normalize($n->subtract($x)) : $this->_normalize($x);
* Calculates the greatest common divisor and Bezout's identity.
* Say you have 693 and 609. The GCD is 21. Bezout's identity states that there exist integers x and y such that
* 693*x + 609*y == 21. In point of fact, there are actually an infinite number of x and y combinations and which
* combination is returned is dependant upon which mode is in use. See
* {@link http://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity Bezout's identity - Wikipedia} for more information.
* $a = new \Jose\Util\eger(693);
* $b = new \Jose\Util\eger(609);
* extract($a->extendedGCD($b));
* echo $gcd->toString() . "\r\n"; // outputs 21
* echo $a->toString() * $x->toString() + $b->toString() * $y->toString(); // outputs 21
* @internal Calculates the GCD using the binary xGCD algorithim described in
* {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=19 HAC 14.61}. As the text above 14.61 notes,
* the more traditional algorithim requires "relatively costly multiple-precision divisions".
public function extendedGCD(BigInteger $n)
extract(gmp_gcdext($this->value, $n->value));
'gcd' => $this->_normalize(new static($g)),
'x' => $this->_normalize(new static($s)),
'y' => $this->_normalize(new static($t)),
// it might be faster to use the binary xGCD algorithim here, as well, but (1) that algorithim works
// best when the base is a power of 2 and (2) i don't think it'd make much difference, anyway. as is,
// the basic extended euclidean algorithim is what we're using.
$u = $this->value;
$v = $n->value;
$a = '1';
$b = '0';
$c = '0';
$d = '1';
while (bccomp($v, '0', 0) != 0) {
$q = bcdiv($u, $v, 0);
$temp = $u;
$u = $v;
$v = bcsub($temp, bcmul($v, $q, 0), 0);
$temp = $a;
$a = $c;
$c = bcsub($temp, bcmul($a, $q, 0), 0);
$temp = $b;
$b = $d;
$d = bcsub($temp, bcmul($b, $q, 0), 0);
'gcd' => $this->_normalize(new static($u)),
'x' => $this->_normalize(new static($a)),
'y' => $this->_normalize(new static($b)),
$y = clone $n;
$g = new static();
$g->value = [1];
while (!(($x->value[0] & 1) || ($y->value[0] & 1))) {
$x->_rshift(1);
$y->_rshift(1);
$g->_lshift(1);
$u = clone $x;
$v = clone $y;
$a = new static();
$b = new static();
$c = new static();
$d = new static();
$a->value = $d->value = $g->value = [1];
$b->value = $c->value = [];
while (!empty($u->value)) {
while (!($u->value[0] & 1)) {
$u->_rshift(1);
if ((!empty($a->value) && ($a->value[0] & 1)) || (!empty($b->value) && ($b->value[0] & 1))) {
$a = $a->add($y);
$b = $b->subtract($x);
$a->_rshift(1);
$b->_rshift(1);
while (!($v->value[0] & 1)) {
$v->_rshift(1);
if ((!empty($d->value) && ($d->value[0] & 1)) || (!empty($c->value) && ($c->value[0] & 1))) {
$c = $c->add($y);
$d = $d->subtract($x);
$c->_rshift(1);
$d->_rshift(1);
if ($u->compare($v) >= 0) {
$u = $u->subtract($v);
$a = $a->subtract($c);
$b = $b->subtract($d);
$v = $v->subtract($u);
$c = $c->subtract($a);
$d = $d->subtract($b);
'gcd' => $this->_normalize($g->multiply($v)),
'x' => $this->_normalize($c),
'y' => $this->_normalize($d),
* Calculates the greatest common divisor.
* Say you have 693 and 609. The GCD is 21.
* $gcd = a->extendedGCD($b);
public function gcd(BigInteger $n)
return $gcd;
* Absolute value.
public function abs()
$temp->value = gmp_abs($this->value);
$temp->value = (bccomp($this->value, '0', 0) < 0) ? substr($this->value, 1) : $this->value;
$temp->value = $this->value;
* Compares two numbers.
* Although one might think !$x->compare($y) means $x != $y, it, in fact, means the opposite. The reason for this is
* demonstrated thusly:
* $x > $y: $x->compare($y) > 0
* $x < $y: $x->compare($y) < 0
* $x == $y: $x->compare($y) == 0
* Note how the same comparison operator is used. If you want to test for equality, use $x->equals($y).
* @return int < 0 if $this is less than $y; > 0 if $this is greater than $y, and 0 if they are equal.
* @internal Could return $this->subtract($x), but that's not as fast as what we do do.
public function compare(BigInteger $y)
return gmp_cmp($this->value, $y->value);
return bccomp($this->value, $y->value, 0);
return self::_compare($this->value, $this->is_negative, $y->value, $y->is_negative);
private static function _compare($x_value, $x_negative, $y_value, $y_negative)
return (!$x_negative && $y_negative) ? 1 : -1;
$result = $x_negative ? -1 : 1;
if (count($x_value) != count($y_value)) {
return (count($x_value) > count($y_value)) ? $result : -$result;
$size = max(count($x_value), count($y_value));
$x_value = array_pad($x_value, $size, 0);
$y_value = array_pad($y_value, $size, 0);
for ($i = count($x_value) - 1; $i >= 0; --$i) {
if ($x_value[$i] != $y_value[$i]) {
return ($x_value[$i] > $y_value[$i]) ? $result : -$result;
return 0;
* Tests the equality of two numbers.
* If you need to see if one number is greater than or less than another number, use BigInteger::compare()
* @return bool
public function equals(BigInteger $x)
return gmp_cmp($this->value, $x->value) == 0;
return $this->value === $x->value && $this->is_negative == $x->is_negative;
* Set Precision.
* Some bitwise operations give different results depending on the precision being used. Examples include left
* shift, not, and rotates.
* @param int $bits
public function setPrecision($bits)
if ($bits < 1) {
$this->precision = -1;
$this->bitmask = false;
$this->precision = $bits;
if (MATH_BIGINTEGER_MODE != self::MODE_BCMATH) {
$this->bitmask = new static(chr((1 << ($bits & 0x7)) - 1).str_repeat(chr(0xFF), $bits >> 3), 256);
$this->bitmask = new static(bcpow('2', $bits, 0));
$temp = $this->_normalize($this);
* Get Precision.
public function getPrecision()
return $this->precision;
* Logical And.
* @internal Implemented per a request by Lluis Pamies i Juarez <lluis _a_ pamies.cat>
public function bitwise_and(BigInteger $x)
$temp->value = gmp_and($this->value, $x->value);
$left = $this->toBytes();
$right = $x->toBytes();
$length = max(strlen($left), strlen($right));
$left = str_pad($left, $length, chr(0), STR_PAD_LEFT);
$right = str_pad($right, $length, chr(0), STR_PAD_LEFT);
return $this->_normalize(new static($left & $right, 256));
$result = clone $this;
$length = min(count($x->value), count($this->value));
$result->value = array_slice($result->value, 0, $length);
for ($i = 0; $i < $length; ++$i) {
$result->value[$i] &= $x->value[$i];
* Logical Or.
public function bitwise_or(BigInteger $x)
$temp->value = gmp_or($this->value, $x->value);
return $this->_normalize(new static($left | $right, 256));
$length = max(count($this->value), count($x->value));
$result->value = array_pad($result->value, $length, 0);
$x->value = array_pad($x->value, $length, 0);
$result->value[$i] |= $x->value[$i];
* Logical Exclusive-Or.
public function bitwise_xor(BigInteger $x)
$temp->value = gmp_xor($this->value, $x->value);
return $this->_normalize(new static($left ^ $right, 256));
$result->value[$i] ^= $x->value[$i];
* Logical Not.
public function bitwise_not()
// calculuate "not" without regard to $this->precision
// (will always result in a smaller number. ie. ~1 isn't 1111 1110 - it's 0)
$temp = $this->toBytes();
if ($temp == '') {
return '';
$pre_msb = decbin(ord($temp[0]));
$temp = ~$temp;
$msb = decbin(ord($temp[0]));
if (strlen($msb) == 8) {
$msb = substr($msb, strpos($msb, '0'));
$temp[0] = chr(bindec($msb));
// see if we need to add extra leading 1's
$current_bits = strlen($pre_msb) + 8 * strlen($temp) - 8;
$new_bits = $this->precision - $current_bits;
if ($new_bits <= 0) {
return $this->_normalize(new static($temp, 256));
// generate as many leading 1's as we need to.
$leading_ones = chr((1 << ($new_bits & 0x7)) - 1).str_repeat(chr(0xFF), $new_bits >> 3);
self::_base256_lshift($leading_ones, $current_bits);
$temp = str_pad($temp, strlen($leading_ones), chr(0), STR_PAD_LEFT);
return $this->_normalize(new static($leading_ones | $temp, 256));
* Logical Right Shift.
* Shifts BigInteger's by $shift bits, effectively dividing by 2**$shift.
* @param int $shift
* @internal The only version that yields any speed increases is the internal version.
public function bitwise_rightShift($shift)
static $two;
if (!isset($two)) {
$two = gmp_init('2');
$temp->value = gmp_div_q($this->value, gmp_pow($two, $shift));
$temp->value = bcdiv($this->value, bcpow('2', $shift, 0), 0);
default: // could just replace _lshift with this, but then all _lshift() calls would need to be rewritten
// and I don't want to do that...
$temp->_rshift($shift);
* Logical Left Shift.
* Shifts BigInteger's by $shift bits, effectively multiplying by 2**$shift.
public function bitwise_leftShift($shift)
$temp->value = gmp_mul($this->value, gmp_pow($two, $shift));
$temp->value = bcmul($this->value, bcpow('2', $shift, 0), 0);
default: // could just replace _rshift with this, but then all _lshift() calls would need to be rewritten
$temp->_lshift($shift);
* Logical Left Rotate.
* Instead of the top x bits being dropped they're appended to the shifted bit string.
public function bitwise_leftRotate($shift)
$bits = $this->toBytes();
$precision = $this->precision;
$mask = $this->bitmask->subtract(new static(1));
$mask = $mask->toBytes();
$mask = $this->bitmask->toBytes();
$temp = ord($bits[0]);
for ($i = 0; $temp >> $i; ++$i) {
$precision = 8 * strlen($bits) - 8 + $i;
$mask = chr((1 << ($precision & 0x7)) - 1).str_repeat(chr(0xFF), $precision >> 3);
if ($shift < 0) {
$shift += $precision;
$shift %= $precision;
if (!$shift) {
return clone $this;
$left = $this->bitwise_leftShift($shift);
$left = $left->bitwise_and(new static($mask, 256));
$right = $this->bitwise_rightShift($precision - $shift);
$result = MATH_BIGINTEGER_MODE != self::MODE_BCMATH ? $left->bitwise_or($right) : $left->add($right);
* Logical Right Rotate.
* Instead of the bottom x bits being dropped they're prepended to the shifted bit string.
public function bitwise_rightRotate($shift)
return $this->bitwise_leftRotate(-$shift);
* Generates a random BigInteger.
* Byte length is equal to $length. Uses \phpseclib\Crypt\Random if it's loaded and mt_rand if it's not.
* @param int $length
private static function _random_number_helper($size)
if (class_exists('\phpseclib\Crypt\Random')) {
$random = random_bytes($size);
$random = '';
if ($size & 1) {
$random .= chr(mt_rand(0, 255));
$blocks = $size >> 1;
for ($i = 0; $i < $blocks; ++$i) {
// mt_rand(-2147483648, 0x7FFFFFFF) always produces -2147483648 on some systems
$random .= pack('n', mt_rand(0, 0xFFFF));
return new static($random, 256);
* Generate a random number.
* Returns a random number between $min and $max where $min and $max
* can be defined using one of the two methods:
* BigInteger::random($min, $max)
* BigInteger::random($max, $min)
* @param \Jose\Util\eger $arg1
* @param \Jose\Util\eger $arg2
public static function random(BigInteger $min, BigInteger $max)
$compare = $max->compare($min);
if (!$compare) {
return $this->_normalize($min);
} elseif ($compare < 0) {
// if $min is bigger then $max, swap $min and $max
$temp = $max;
$max = $min;
$min = $temp;
static $one;
if (!isset($one)) {
$max = $max->subtract($min->subtract($one));
$size = strlen(ltrim($max->toBytes(), chr(0)));
doing $random % $max doesn't work because some numbers will be more likely to occur than others.
eg. if $max is 140 and $random's max is 255 then that'd mean both $random = 5 and $random = 145
would produce 5 whereas the only value of random that could produce 139 would be 139. ie.
not all numbers would be equally likely. some would be more likely than others.
creating a whole new random number until you find one that is within the range doesn't work
because, for sufficiently small ranges, the likelihood that you'd get a number within that range
would be pretty small. eg. with $random's max being 255 and if your $max being 1 the probability
would be pretty high that $random would be greater than $max.
phpseclib works around this using the technique described here:
http://crypto.stackexchange.com/questions/5708/creating-a-small-number-from-a-cryptographically-secure-random-string
$random_max = new static(chr(1).str_repeat("\0", $size), 256);
$random = static::_random_number_helper($size);
list($max_multiple) = $random_max->divide($max);
$max_multiple = $max_multiple->multiply($max);
while ($random->compare($max_multiple) >= 0) {
$random = $random->subtract($max_multiple);
$random_max = $random_max->subtract($max_multiple);
$random = $random->bitwise_leftShift(8);
$random = $random->add(self::_random_number_helper(1));
$random_max = $random_max->bitwise_leftShift(8);
list(, $random) = $random->divide($max);
return $random->add($min);
* Generate a random prime number.
* If there's not a prime within the given range, false will be returned.
* If more than $timeout seconds have elapsed, give up and return false.
* @param \Jose\Util\teger $min
* @param \Jose\Util\teger $max
* @param int $timeout
* @return Math_BigInteger|false
* @internal See {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=15 HAC 4.44}.
public static function randomPrime(BigInteger $min, BigInteger $max, $timeout = false)
return $min->isPrime() ? $min : false;
static $one, $two;
$two = new static(2);
$start = time();
$x = self::random($min, $max);
// gmp_nextprime() requires PHP 5 >= 5.2.0 per <http://php.net/gmp-nextprime>.
if (MATH_BIGINTEGER_MODE == self::MODE_GMP && extension_loaded('gmp')) {
$p = new static();
$p->value = gmp_nextprime($x->value);
if ($p->compare($max) <= 0) {
return $p;
if (!$min->equals($x)) {
$x = $x->subtract($one);
return self::randomPrime($min, $x);
if ($x->equals($two)) {
$x->_make_odd();
if ($x->compare($max) > 0) {
// if $x > $max then $max is even and if $min == $max then no prime number exists between the specified range
if ($min->equals($max)) {
$x = clone $min;
$initial_x = clone $x;
while (true) {
if ($timeout !== false && time() - $start > $timeout) {
if ($x->isPrime()) {
$x = $x->add($two);
if ($x->equals($initial_x)) {
* Make the current number odd.
* If the current number is odd it'll be unchanged. If it's even, one will be added to it.
private function _make_odd()
gmp_setbit($this->value, 0);
if ($this->value[strlen($this->value) - 1] % 2 == 0) {
$this->value = bcadd($this->value, '1');
$this->value[0] |= 1;
* Checks a numer to see if it's prime.
* Assuming the $t parameter is not set, this function has an error rate of 2**-80. The main motivation for the
* $t parameter is distributability. BigInteger::randomPrime() can be distributed across multiple pageloads
* on a website instead of just one.
* @param \Jose\Util\Integer $t
* @internal Uses the
* {@link http://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test Miller-Rabin primality test}. See
* {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=8 HAC 4.24}.
public function isPrime($t = false)
$length = strlen($this->toBytes());
if (!$t) {
// see HAC 4.49 "Note (controlling the error probability)"
// @codingStandardsIgnoreStart
if ($length >= 163) {
$t = 2;
} // floor(1300 / 8)
elseif ($length >= 106) {
$t = 3;
} // floor( 850 / 8)
elseif ($length >= 81) {
$t = 4;
} // floor( 650 / 8)
elseif ($length >= 68) {
$t = 5;
} // floor( 550 / 8)
elseif ($length >= 56) {
$t = 6;
} // floor( 450 / 8)
elseif ($length >= 50) {
$t = 7;
} // floor( 400 / 8)
elseif ($length >= 43) {
$t = 8;
} // floor( 350 / 8)
elseif ($length >= 37) {
$t = 9;
} // floor( 300 / 8)
elseif ($length >= 31) {
$t = 12;
} // floor( 250 / 8)
elseif ($length >= 25) {
$t = 15;
} // floor( 200 / 8)
elseif ($length >= 18) {
$t = 18;
} // floor( 150 / 8)
else {
$t = 27;
// @codingStandardsIgnoreEnd
// ie. gmp_testbit($this, 0)
// ie. isEven() or !isOdd()
return gmp_prob_prime($this->value, $t) != 0;
if ($this->value === '2') {
return true;
if ($this->value == [2]) {
if (~$this->value[0] & 1) {
static $primes, $zero, $one, $two;
if (!isset($primes)) {
$primes = [
3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59,
61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137,
139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227,
229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313,
317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419,
421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509,
521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617,
619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727,
733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829,
839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947,
953, 967, 971, 977, 983, 991, 997,
for ($i = 0; $i < count($primes); ++$i) {
$primes[$i] = new static($primes[$i]);
if ($this->equals($one)) {
// see HAC 4.4.1 "Random search for probable primes"
foreach ($primes as $prime) {
list(, $r) = $this->divide($prime);
if ($r->equals($zero)) {
return $this->equals($prime);
$value = $this->value;
list(, $r) = self::_divide_digit($value, $prime);
if (!$r) {
return count($value) == 1 && $value[0] == $prime;
$n = clone $this;
$n_1 = $n->subtract($one);
$n_2 = $n->subtract($two);
$r = clone $n_1;
$r_value = $r->value;
// ie. $s = gmp_scan1($n, 0) and $r = gmp_div_q($n, gmp_pow(gmp_init('2'), $s));
$s = 0;
// if $n was 1, $r would be 0 and this would be an infinite loop, hence our $this->equals($one) check earlier
while ($r->value[strlen($r->value) - 1] % 2 == 0) {
$r->value = bcdiv($r->value, '2', 0);
++$s;
for ($i = 0, $r_length = count($r_value); $i < $r_length; ++$i) {
$temp = ~$r_value[$i] & 0xFFFFFF;
for ($j = 1; ($temp >> $j) & 1; ++$j) {
if ($j != 25) {
$s = 26 * $i + $j - 1;
$r->_rshift($s);
for ($i = 0; $i < $t; ++$i) {
$a = self::random($two, $n_2);
$y = $a->modPow($r, $n);
if (!$y->equals($one) && !$y->equals($n_1)) {
for ($j = 1; $j < $s && !$y->equals($n_1); ++$j) {
$y = $y->modPow($two, $n);
if ($y->equals($one)) {
if (!$y->equals($n_1)) {
* Shifts BigInteger's by $shift bits.
private function _lshift($shift)
if ($shift == 0) {
$num_digits = (int) ($shift / self::$base);
$shift %= self::$base;
$shift = 1 << $shift;
for ($i = 0; $i < count($this->value); ++$i) {
$temp = $this->value[$i] * $shift + $carry;
$this->value[$i] = (int) ($temp - $carry * self::$baseFull);
$this->value[count($this->value)] = $carry;
while ($num_digits--) {
array_unshift($this->value, 0);
private function _rshift($shift)
$carry_shift = self::$base - $shift;
$carry_mask = (1 << $shift) - 1;
if ($num_digits) {
$this->value = array_slice($this->value, $num_digits);
for ($i = count($this->value) - 1; $i >= 0; --$i) {
$temp = $this->value[$i] >> $shift | $carry;
$carry = ($this->value[$i] & $carry_mask) << $carry_shift;
$this->value[$i] = $temp;
$this->value = $this->_trim($this->value);
* Normalize.
* Removes leading zeros and truncates (if necessary) to maintain the appropriate precision
private function _normalize($result)
$result->precision = $this->precision;
$result->bitmask = $this->bitmask;
if ($this->bitmask !== false) {
$result->value = gmp_and($result->value, $result->bitmask->value);
if (!empty($result->bitmask->value)) {
$result->value = bcmod($result->value, $result->bitmask->value);
$value = &$result->value;
if (!count($value)) {
$value = $this->_trim($value);
$length = min(count($value), count($this->bitmask->value));
$value = array_slice($value, 0, $length);
$value[$i] = $value[$i] & $this->bitmask->value[$i];
* Trim.
* Removes leading zeros
private static function _trim($value)
for ($i = count($value) - 1; $i >= 0; --$i) {
if ($value[$i]) {
unset($value[$i]);
return $value;
* Array Repeat.
* @param $input Array
* @param $multiplier mixed
private static function _array_repeat($input, $multiplier)
return ($multiplier) ? array_fill(0, $multiplier, $input) : [];
* Shifts binary strings $shift bits, essentially multiplying by 2**$shift.
* @param $x String
* @param $shift Integer
private static function _base256_lshift(&$x, $shift)
$num_bytes = $shift >> 3; // eg. floor($shift/8)
$shift &= 7; // eg. $shift % 8
for ($i = strlen($x) - 1; $i >= 0; --$i) {
$temp = ord($x[$i]) << $shift | $carry;
$x[$i] = chr($temp);
$carry = $temp >> 8;
$carry = ($carry != 0) ? chr($carry) : '';
$x = $carry.$x.str_repeat(chr(0), $num_bytes);
* Shifts binary strings $shift bits, essentially dividing by 2**$shift and returning the remainder.
private static function _base256_rshift(&$x, $shift)
$x = ltrim($x, chr(0));
$remainder = '';
if ($num_bytes) {
$start = $num_bytes > strlen($x) ? -strlen($x) : -$num_bytes;
$remainder = substr($x, $start);
$x = substr($x, 0, -$num_bytes);
$carry_shift = 8 - $shift;
for ($i = 0; $i < strlen($x); ++$i) {
$temp = (ord($x[$i]) >> $shift) | $carry;
$carry = (ord($x[$i]) << $carry_shift) & 0xFF;
$remainder = chr($carry >> $carry_shift).$remainder;
return ltrim($remainder, chr(0));
// one quirk about how the following functions are implemented is that PHP defines N to be an unsigned long
// at 32-bits, while java's longs are 64-bits.
* Converts 32-bit integers to bytes.
* @param int $x
private static function _int2bytes($x)
return ltrim(pack('N', $x), chr(0));
* Converts bytes to 32-bit integers.
* @param string $x
private static function _bytes2int($x)
$temp = unpack('Nint', str_pad($x, 4, chr(0), STR_PAD_LEFT));
return $temp['int'];
* DER-encode an integer.
* The ability to DER-encode integers is needed to create RSA public keys for use with OpenSSL
private static function _encodeASN1Length($length)
if ($length <= 0x7F) {
return chr($length);
$temp = ltrim(pack('N', $length), chr(0));
return pack('Ca*', 0x80 | strlen($temp), $temp);
* Single digit division.
* Even if int64 is being used the division operator will return a float64 value
* if the dividend is not evenly divisible by the divisor. Since a float64 doesn't
* have the precision of int64 this is a problem so, when int64 is being used,
* we'll guarantee that the dividend is divisible by first subtracting the remainder.
* @param int $y
private static function _safe_divide($x, $y)
if (self::$base === 26) {
return (int) ($x / $y);
// self::$base === 31
return ($x - ($x % $y)) / $y;
Spomky-Labs /
jose
Spomky
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of
return,dieorexitstatements that have been added for debug purposes.In the above example, the last
return falsewill never be executed, because a return statement has already been met in every possible execution path.