-
Notifications
You must be signed in to change notification settings - Fork 151
/
e2_bls378.go
104 lines (93 loc) · 2.49 KB
/
e2_bls378.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
// Copyright 2020 ConsenSys AG
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package fptower
import "github.com/consensys/gnark-crypto/ecc/bls12-378/fp"
// Mul sets z to the E2-product of x,y, returns z
func (z *E2) Mul(x, y *E2) *E2 {
var a, b, c fp.Element
a.Add(&x.A0, &x.A1)
b.Add(&y.A0, &y.A1)
a.Mul(&a, &b)
b.Mul(&x.A0, &y.A0)
c.Mul(&x.A1, &y.A1)
z.A1.Sub(&a, &b).Sub(&z.A1, &c)
fp.MulBy5(&c)
z.A0.Sub(&b, &c)
return z
}
// Square sets z to the E2-product of x,x returns z
func (z *E2) Square(x *E2) *E2 {
//algo 22 https://eprint.iacr.org/2010/354.pdf
var c0, c2 fp.Element
c0.Add(&x.A0, &x.A1)
c2.Neg(&x.A1)
fp.MulBy5(&c2)
c2.Add(&c2, &x.A0)
c0.Mul(&c0, &c2) // (x1+x2)*(x1+(u**2)x2)
c2.Mul(&x.A0, &x.A1).Double(&c2)
z.A1 = c2
c2.Double(&c2)
z.A0.Add(&c0, &c2)
return z
}
// MulByNonResidue multiplies a E2 by (0,1)
func (z *E2) MulByNonResidue(x *E2) *E2 {
a := x.A0
b := x.A1 // fetching x.A1 in the function below is slower
fp.MulBy5(&b)
z.A0.Neg(&b)
z.A1 = a
return z
}
// MulByNonResidueInv multiplies a E2 by (0,1)^{-1}
func (z *E2) MulByNonResidueInv(x *E2) *E2 {
//z.A1.MulByNonResidueInv(&x.A0)
a := x.A1
fiveinv := fp.Element{
4714375566610504077,
585136512338283717,
16899133777167898908,
1882388787078723660,
12465292654455594957,
119042783712594200,
}
z.A1.Mul(&x.A0, &fiveinv).Neg(&z.A1)
z.A0 = a
return z
}
// Inverse sets z to the E2-inverse of x, returns z
func (z *E2) Inverse(x *E2) *E2 {
// Algorithm 8 from https://eprint.iacr.org/2010/354.pdf
//var a, b, t0, t1, tmp fp.Element
var t0, t1, tmp fp.Element
a := &x.A0 // creating the buffers a, b is faster than querying &x.A0, &x.A1 in the functions call below
b := &x.A1
t0.Square(a)
t1.Square(b)
tmp.Set(&t1)
fp.MulBy5(&tmp)
t0.Add(&t0, &tmp)
t1.Inverse(&t0)
z.A0.Mul(a, &t1)
z.A1.Mul(b, &t1).Neg(&z.A1)
return z
}
// norm sets x to the norm of z
func (z *E2) norm(x *fp.Element) {
var tmp fp.Element
x.Square(&z.A1)
tmp.Set(x)
fp.MulBy5(&tmp)
x.Square(&z.A0).Add(x, &tmp)
}