|
|
|
|
@ -108,6 +108,46 @@ bool getGoodRepl(Vec& v, const mpz_class& x) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
template<class Fp> |
|
|
|
|
struct HashMapToG1 { |
|
|
|
|
Fp c1; // sqrt(-3)
|
|
|
|
|
Fp c2; // (-1 + sqrt(-3)) / 2
|
|
|
|
|
HashMapToG1() |
|
|
|
|
{ |
|
|
|
|
if (!Fp::squareRoot(c1, -3)) throw cybozu::Exception("HashMapToG1:c1"); |
|
|
|
|
c2 = (c1 - 1) / 2; |
|
|
|
|
} |
|
|
|
|
int legendre(const Fp& x) const |
|
|
|
|
{ |
|
|
|
|
return gmp::legendre(x.getMpz(), Fp::getOp().mp); |
|
|
|
|
} |
|
|
|
|
/*
|
|
|
|
|
P.-A. Fouque and M. Tibouchi, |
|
|
|
|
"Indifferentiable hashing to Barreto Naehrig curves, " in Proc. Int. Conf. Cryptol. Inform. Security Latin Amer., 2012, vol. 7533, pp.1-17. |
|
|
|
|
algorithm 1 in "Software Implementation of an Attribute-Based Encryption Scheme", IEEE. trans. on computesr, vol. 64, No.5, May 2015 |
|
|
|
|
*/ |
|
|
|
|
void calc(mcl::EcT<Fp>& P, const Fp& t, int b) const |
|
|
|
|
{ |
|
|
|
|
Fp w = t * t + b; |
|
|
|
|
w = (t / (w + 1)) * c1; |
|
|
|
|
bool negative = legendre(t) < 0; |
|
|
|
|
Fp x, y; |
|
|
|
|
for (int i = 0; i < 3; i++) { |
|
|
|
|
switch (i) { |
|
|
|
|
case 0: x = c2 - t * w; break; |
|
|
|
|
case 1: x = -1 - x; break; |
|
|
|
|
case 2: x = 1 + 1 / (w * w); break; |
|
|
|
|
} |
|
|
|
|
y = x * x * x + b; |
|
|
|
|
if (Fp::squareRoot(y, y)) { |
|
|
|
|
if (negative) Fp::neg(y, y); |
|
|
|
|
P.set(x, y); |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
template<class Fp> |
|
|
|
|
struct ParamT { |
|
|
|
|
typedef Fp2T<Fp> Fp2; |
|
|
|
|
|
MITSUNARI Shigeo
8 years ago