From 5e1c3fc2102c7847dba1736d50351a64deb3fcb3 Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Tue, 20 Oct 2020 11:43:18 +0900
Subject: [PATCH 1/4] [doc] modify how to build GMP

---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index b8fa264..c3f175d 100644
--- a/readme.md
+++ b/readme.md
@@ -105,7 +105,7 @@ env MCL_PROF=2 bin/bls12_test.exe
 
 ## How to build on 32-bit x86 Linux
 
-Build GMP and for 32-bit mode and install `<lib32>` at yourself.
+Build GMP for 32-bit mode (`env ABI=32 ./configure --enable-cxx ...`) and install `<lib32>` at yourself.
 
 ```
 make ARCH=x86 CFLAGS_USER="-I <lib32>/include" LDFLAGS_USER="-L <lib32>/lib -Wl,-rpath,<lib32>/lib"

From 776fab5ca6c108a56d06c721780636fb0a997a48 Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Wed, 21 Oct 2020 10:33:59 +0900
Subject: [PATCH 2/4] mulSmallUnit supports 12

---
 include/mcl/util.hpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/mcl/util.hpp b/include/mcl/util.hpp
index 0132405..8915c88 100644
--- a/include/mcl/util.hpp
+++ b/include/mcl/util.hpp
@@ -328,6 +328,7 @@ bool mulSmallUnit(T& z, const T& x, U y)
 	case 9: { T t; T::add(t, x, x); T::add(t, t, t); T::add(t, t, t); T::add(z, t, x); break; }
 	case 10: { T t; T::add(t, x, x); T::add(t, t, t); T::add(t, t, x); T::add(z, t, t); break; }
 	case 11: { T t; T::add(t, x, x); T::add(t, t, x); T::add(t, t, t); T::add(t, t, t); T::sub(z, t, x); break; }
+	case 12: { T t; T::add(t, x, x); T::add(t, t, t); T::add(z, t, t); T::add(z, z, t); break; }
 	default:
 		return false;
 	}

From 34fdf9a67ea818db590f43eea48684fc40f2b61b Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Wed, 21 Oct 2020 15:30:41 +0900
Subject: [PATCH 3/4] add addCTProj

---
 include/mcl/ec.hpp | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 test/ec_test.cpp   | 27 ++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)

diff --git a/include/mcl/ec.hpp b/include/mcl/ec.hpp
index e1db56d..7ae672a 100644
--- a/include/mcl/ec.hpp
+++ b/include/mcl/ec.hpp
@@ -424,6 +424,54 @@ void addJacobi(E& R, const E& P, const E& Q)
 	F::sub(R.y, U1, H3);
 }
 
+/*
+	accept P == Q
+	https://github.com/apache/incubator-milagro-crypto-c/blob/fa0a45a3/src/ecp.c.in#L767-L976
+*/
+template<class E>
+void addCTProj(E& R, const E& P, const E& Q)
+{
+	typedef typename E::Fp F;
+	assert(E::a_ == 0);
+	F b3;
+	F::add(b3, E::b_, E::b_);
+	b3 += E::b_;
+	F t0, t1, t2, t3, t4, x3, y3, z3;
+	F::mul(t0, P.x, Q.x);
+	F::mul(t1, P.y, Q.y);
+	F::mul(t2, P.z, Q.z);
+	F::add(t3, P.x, P.y);
+	F::add(t4, Q.x, Q.y);
+	F::mul(t3, t3, t4);
+	F::add(t4, t0, t1);
+	F::sub(t3, t3, t4);
+	F::add(t4, P.y, P.z);
+	F::add(x3, Q.y, Q.z);
+	F::mul(t4, t4, x3);
+	F::add(x3, t1, t2);
+	F::sub(t4, t4, x3);
+	F::add(x3, P.x, P.z);
+	F::add(y3, Q.x, Q.z);
+	F::mul(x3, x3, y3);
+	F::add(y3, t0, t2);
+	F::sub(y3, x3, y3);
+	F::add(x3, t0, t0);
+	F::add(t0, t0, x3);
+	t2 *= b3;
+	F::add(z3, t1, t2);
+	F::sub(t1, t1, t2);
+	y3 *= b3;
+	F::mul(x3, y3, t4);
+	F::mul(t2, t3, t1);
+	F::sub(R.x, t2, x3);
+	F::mul(y3, y3, t0);
+	F::mul(t1, t1, z3);
+	F::add(R.y, y3, t1);
+	F::mul(t0, t0, t3);
+	F::mul(z3, z3, t4);
+	F::add(R.z, z3, t0);
+}
+
 template<class E>
 void normalizeProj(E& P)
 {
diff --git a/test/ec_test.cpp b/test/ec_test.cpp
index 855ceba..1aa241f 100644
--- a/test/ec_test.cpp
+++ b/test/ec_test.cpp
@@ -491,6 +491,32 @@ struct Test {
 		CYBOZU_TEST_ASSERT(!(P1 < P1));
 		CYBOZU_TEST_ASSERT((P1 <= P1));
 	}
+	void addCT() const
+	{
+		if (Ec::getMode() != mcl::ec::Proj) return;
+		if (Ec::a_ != 0) return;
+		Fp x(para.gx);
+		Fp y(para.gy);
+		Ec P(x, y), Q, R, Zero;
+		Zero.clear();
+		mcl::ec::addCTProj(Q, P, P);
+		Ec::add(R, P, P);
+		CYBOZU_TEST_EQUAL(Q, R);
+		mcl::ec::addCTProj(Q, Q, P);
+		Ec::add(R, R, P);
+		CYBOZU_TEST_EQUAL(Q, R);
+/*
+		mcl::ec::addCTProj(Q, Q, Zero);
+		Ec::add(R, R, Zero);
+		CYBOZU_TEST_EQUAL(Q, R);
+		mcl::ec::addCTProj(Q, Zero, Q);
+		Ec::add(R, Zero, R);
+		CYBOZU_TEST_EQUAL(Q, R);
+*/
+		mcl::ec::addCTProj(Q, Zero, Zero);
+		Ec::add(R, Zero, Zero);
+		CYBOZU_TEST_EQUAL(Q, R);
+	}
 
 	template<class F>
 	void test(F f, const char *msg) const
@@ -532,6 +558,7 @@ mul 499.00usec
 		ioMode();
 		mulCT();
 		compare();
+		addCT();
 	}
 private:
 	Test(const Test&);

From ad59c9eff7fe7a83e966a42376643fb85f309c8f Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Sun, 25 Oct 2020 20:08:54 +0900
Subject: [PATCH 4/4] test addCTProj for Zero

---
 include/mcl/ec.hpp | 1 +
 test/ec_test.cpp   | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mcl/ec.hpp b/include/mcl/ec.hpp
index 7ae672a..d8a0fc1 100644
--- a/include/mcl/ec.hpp
+++ b/include/mcl/ec.hpp
@@ -427,6 +427,7 @@ void addJacobi(E& R, const E& P, const E& Q)
 /*
 	accept P == Q
 	https://github.com/apache/incubator-milagro-crypto-c/blob/fa0a45a3/src/ecp.c.in#L767-L976
+	(x, y, z) is zero <=> x = 0, y = 1, z = 0
 */
 template<class E>
 void addCTProj(E& R, const E& P, const E& Q)
diff --git a/test/ec_test.cpp b/test/ec_test.cpp
index 1aa241f..f544714 100644
--- a/test/ec_test.cpp
+++ b/test/ec_test.cpp
@@ -499,20 +499,19 @@ struct Test {
 		Fp y(para.gy);
 		Ec P(x, y), Q, R, Zero;
 		Zero.clear();
+		Zero.y = 1;
 		mcl::ec::addCTProj(Q, P, P);
 		Ec::add(R, P, P);
 		CYBOZU_TEST_EQUAL(Q, R);
 		mcl::ec::addCTProj(Q, Q, P);
 		Ec::add(R, R, P);
 		CYBOZU_TEST_EQUAL(Q, R);
-/*
 		mcl::ec::addCTProj(Q, Q, Zero);
 		Ec::add(R, R, Zero);
 		CYBOZU_TEST_EQUAL(Q, R);
 		mcl::ec::addCTProj(Q, Zero, Q);
 		Ec::add(R, Zero, R);
 		CYBOZU_TEST_EQUAL(Q, R);
-*/
 		mcl::ec::addCTProj(Q, Zero, Zero);
 		Ec::add(R, Zero, Zero);
 		CYBOZU_TEST_EQUAL(Q, R);