From 13942ae25d8c9eddd2412a42c9cc1dcf9fdb2e5e Mon Sep 17 00:00:00 2001 From: MITSUNARI Shigeo Date: Sun, 12 Feb 2017 16:22:24 +0900 Subject: [PATCH] change the order of arguments of G1 and G2 --- include/mcl/bn.hpp | 43 +++++++++++++++++++++++-------------------- java/Bn256Test.java | 10 +++++----- java/bn256_impl.hpp | 10 +++++----- java/bn256_wrap.cxx | 14 +++++++------- readme.md | 2 +- sample/pairing.cpp | 24 ++++++++++++------------ test/bn_test.cpp | 34 +++++++++++++++++----------------- 7 files changed, 70 insertions(+), 67 deletions(-) diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index 3d48973..9da4b67 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -1025,10 +1025,6 @@ struct BNT { exp_d1(y, y); } static void millerLoop(Fp12& f, const G1& P, const G2& Q) - { - millerLoop(f, P, Q); - } - static void millerLoop(Fp12& f, const G2& Q, const G1& P) { P.normalize(); Q.normalize(); @@ -1073,18 +1069,14 @@ struct BNT { } static void pairing(Fp12& f, const G1& P, const G2& Q) { - pairing(f, Q, P); - } - static void pairing(Fp12& f, const G2& Q, const G1& P) - { - millerLoop(f, Q, P); + millerLoop(f, P, Q); finalExp(f, f); } /* - millerLoop(e, Q, P) is same as the following + millerLoop(e, P, Q) is same as the following std::vector Qcoeff; precomputeG2(Qcoeff, Q); - precomputedMillerLoop(e, Qcoeff, P); + precomputedMillerLoop(e, P, Qcoeff); */ static void precomputeG2(std::vector& Qcoeff, const G2& Q) { @@ -1128,10 +1120,6 @@ struct BNT { Qcoeff.push_back(e); } static void precomputedMillerLoop(Fp12& f, const G1& P, const std::vector& Qcoeff) - { - precomputedMillerLoop(f, P, Qcoeff); - } - static void precomputedMillerLoop(Fp12& f, const std::vector& Qcoeff, const G1& P) { P.normalize(); size_t idx = 0; @@ -1166,13 +1154,9 @@ struct BNT { f *= ft; } /* - f = MillerLoop((Q1, P1) x MillerLoop(Q2, P2) + f = MillerLoop(P1, Q1) x MillerLoop(P2, Q2) */ static void precomputedMillerLoop2(Fp12& f, const G1& P1, const std::vector& Q1coeff, const G1& P2, const std::vector& Q2coeff) - { - precomputedMillerLoop2(f, Q1coeff, P1, Q2coeff, P2); - } - static void precomputedMillerLoop2(Fp12& f, const std::vector& Q1coeff, const G1& P1, const std::vector& Q2coeff, const G1& P2) { P1.normalize(); P2.normalize(); @@ -1221,6 +1205,25 @@ struct BNT { f *= f1; f *= f2; } +#if 1 // duplicated later + // old order of P and Q + static void millerLoop(Fp12& f, const G2& Q, const G1& P) + { + millerLoop(f, P, Q); + } + static void pairing(Fp12& f, const G2& Q, const G1& P) + { + pairing(f, P, Q); + } + static void precomputedMillerLoop(Fp12& f, const std::vector& Qcoeff, const G1& P) + { + precomputedMillerLoop(f, P, Qcoeff); + } + static void precomputedMillerLoop2(Fp12& f, const std::vector& Q1coeff, const G1& P1, const std::vector& Q2coeff, const G1& P2) + { + precomputedMillerLoop2(f, P1, Q1coeff, P2, Q2coeff); + } +#endif }; template diff --git a/java/Bn256Test.java b/java/Bn256Test.java index 7657675..b1f9f6f 100644 --- a/java/Bn256Test.java +++ b/java/Bn256Test.java @@ -61,19 +61,19 @@ public class Bn256Test { } GT e = new GT(); - Bn256.pairing(e, Q, P); + Bn256.pairing(e, P, Q); GT e1 = new GT(); GT e2 = new GT(); Fr c = new Fr("1234567890123234928348230428394234"); G2 cQ = new G2(Q); Bn256.mul(cQ, Q, c); // cQ = Q * c - Bn256.pairing(e1, cQ, P); + Bn256.pairing(e1, P, cQ); Bn256.pow(e2, e, c); // e2 = e^c assertBool("e1 == e2", e1.equals(e2)); G1 cP = new G1(P); Bn256.mul(cP, P, c); // cP = P * c - Bn256.pairing(e1, Q, cP); + Bn256.pairing(e1, cP, Q); assertBool("e1 == e2", e1.equals(e2)); BLSsignature(Q); @@ -97,8 +97,8 @@ public class Bn256Test { GT e1 = new GT(); GT e2 = new GT(); - Bn256.pairing(e1, pub, H); // e1 = e(s Q, H) - Bn256.pairing(e2, Q, sign); // e2 = e(Q, s H); + Bn256.pairing(e1, H, pub); // e1 = e(H, s Q) + Bn256.pairing(e2, sign, Q); // e2 = e(s H, Q); assertBool("verify signature", e1.equals(e2)); } } diff --git a/java/bn256_impl.hpp b/java/bn256_impl.hpp index d0f6333..3023fe9 100644 --- a/java/bn256_impl.hpp +++ b/java/bn256_impl.hpp @@ -90,7 +90,7 @@ class G1 { friend void add(G1& z, const G1& x, const G1& y); friend void sub(G1& z, const G1& x, const G1& y); friend void mul(G1& z, const G1& x, const Fr& y); - friend void pairing(GT& e, const G2& Q, const G1& P); + friend void pairing(GT& e, const G1& P, const G2& Q); public: G1() {} G1(const G1& rhs) : self_(rhs.self_) {} @@ -155,7 +155,7 @@ class G2 { friend void add(G2& z, const G2& x, const G2& y); friend void sub(G2& z, const G2& x, const G2& y); friend void mul(G2& z, const G2& x, const Fr& y); - friend void pairing(GT& e, const G2& Q, const G1& P); + friend void pairing(GT& e, const G1& P, const G2& Q); public: G2() {} G2(const G2& rhs) : self_(rhs.self_) {} @@ -213,7 +213,7 @@ class GT { mcl::bn256::Fp12 self_; friend void mul(GT& z, const GT& x, const GT& y); friend void pow(GT& z, const GT& x, const Fr& y); - friend void pairing(GT& e, const G2& Q, const G1& P); + friend void pairing(GT& e, const G1& P, const G2& Q); public: GT() {} GT(const GT& rhs) : self_(rhs.self_) {} @@ -243,7 +243,7 @@ void pow(GT& z, const GT& x, const Fr& y) { mcl::bn256::Fp12::pow(z.self_, x.self_, y.self_); } -void pairing(GT& e, const G2& Q, const G1& P) +void pairing(GT& e, const G1& P, const G2& Q) { - mcl::bn256::BN::pairing(e.self_, Q.self_, P.self_); + mcl::bn256::BN::pairing(e.self_, P.self_, Q.self_); } diff --git a/java/bn256_wrap.cxx b/java/bn256_wrap.cxx index fac16f6..8b6a796 100644 --- a/java/bn256_wrap.cxx +++ b/java/bn256_wrap.cxx @@ -795,8 +795,8 @@ SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_sub_1_1SWIG_11(JNIEnv *jenv SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) { GT *arg1 = 0 ; - G2 *arg2 = 0 ; - G1 *arg3 = 0 ; + G1 *arg2 = 0 ; + G2 *arg3 = 0 ; (void)jenv; (void)jcls; @@ -808,17 +808,17 @@ SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclas SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null"); return ; } - arg2 = *(G2 **)&jarg2; + arg2 = *(G1 **)&jarg2; if (!arg2) { - SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null"); + SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null"); return ; } - arg3 = *(G1 **)&jarg3; + arg3 = *(G2 **)&jarg3; if (!arg3) { - SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null"); + SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null"); return ; } - pairing(*arg1,(G2 const &)*arg2,(G1 const &)*arg3); + pairing(*arg1,(G1 const &)*arg2,(G2 const &)*arg3); } diff --git a/readme.md b/readme.md index 88fc2b4..be2abbd 100644 --- a/readme.md +++ b/readme.md @@ -99,7 +99,7 @@ mcl::bn256::bn256init(cp); mcl::bn256::G1 P(...); mcl::bn256::G2 Q(...); mcl::bn256::Fp12 e; -mcl::bn256::BN::pairing(e, Q, P); +mcl::bn256::BN::pairing(e, P, Q); ``` 1. (CurveFp254BNb) a BN curve over the 254-bit prime p = 36z^4 + 36z^3 + 24z^2 + 6z + 1 where z = -(2^62 + 2^55 + 1). 2. (CurveSNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity. diff --git a/sample/pairing.cpp b/sample/pairing.cpp index 4be2906..51d3ca8 100644 --- a/sample/pairing.cpp +++ b/sample/pairing.cpp @@ -7,38 +7,38 @@ const char *ab = "41687836088149321545364279345098957822465737152979115539641713 const char *ba = "13891744915211034074451795021214165905772212241412891944830863846330766296736"; const char *bb = "7937318970632701341203597196594272556916396164729705624521405069090520231616"; -void minimum_sample(const G2& Q, const G1& P) +void minimum_sample(const G1& P, const G2& Q) { const mpz_class a = 123; const mpz_class b = 456; Fp12 e1, e2; - BN::pairing(e1, Q, P); + BN::pairing(e1, P, Q); G2 aQ; G1 bP; G2::mul(aQ, Q, a); G1::mul(bP, P, b); - BN::pairing(e2, aQ, bP); + BN::pairing(e2, aP, aQ); Fp12::pow(e1, e1, a * b); printf("%s\n", e1 == e2 ? "ok" : "ng"); } -void miller_and_finel_exp(const G2& Q, const G1& P) +void miller_and_finel_exp(const G1& P, const G2& Q) { Fp12 e1, e2; - BN::pairing(e1, Q, P); + BN::pairing(e1, P, Q); - BN::millerLoop(e2, Q, P); + BN::millerLoop(e2, P, Q); BN::finalExp(e2, e2); printf("%s\n", e1 == e2 ? "ok" : "ng"); } -void precomputed(const G2& Q, const G1& P) +void precomputed(const G1& P, const G2& Q) { Fp12 e1, e2; - BN::pairing(e1, Q, P); + BN::pairing(e1, P, Q); std::vector Qcoeff; BN::precomputeG2(Qcoeff, Q); - BN::precomputedMillerLoop(e2, Qcoeff, P); + BN::precomputedMillerLoop(e2, P, Qcoeff); BN::finalExp(e2, e2); printf("%s\n", e1 == e2 ? "ok" : "ng"); } @@ -49,8 +49,8 @@ int main() G2 Q(Fp2(aa, ab), Fp2(ba, bb)); G1 P(-1, 1); - minimum_sample(Q, P); - miller_and_finel_exp(Q, P); - precomputed(Q, P); + minimum_sample(P, Q); + miller_and_finel_exp(P, Q); + precomputed(P, Q); } diff --git a/test/bn_test.cpp b/test/bn_test.cpp index 363217a..740ba38 100644 --- a/test/bn_test.cpp +++ b/test/bn_test.cpp @@ -168,18 +168,18 @@ void testCompress() CYBOZU_TEST_EQUAL(b, c); } -void testPrecomputed(const G2& Q, const G1& P) +void testPrecomputed(const G1& P, const G2& Q) { Fp12 e1, e2; - BN::pairing(e1, Q, P); + BN::pairing(e1, P, Q); std::vector Qcoeff; BN::precomputeG2(Qcoeff, Q); - BN::precomputedMillerLoop(e2, Qcoeff, P); + BN::precomputedMillerLoop(e2, P, Qcoeff); BN::finalExp(e2, e2); CYBOZU_TEST_EQUAL(e1, e2); } -void testMillerLoop2(const G2& Q1, const G1& P1) +void testMillerLoop2(const G1& P1, const G2& Q1) { Fp12 e1, e2; mpz_class c1("12342342423442"); @@ -188,22 +188,22 @@ void testMillerLoop2(const G2& Q1, const G1& P1) G1 P2; G2::mul(Q2, Q1, c1); G1::mul(P2, P1, c2); - BN::pairing(e1, Q1, P1); - BN::pairing(e2, Q2, P2); + BN::pairing(e1, P1, Q1); + BN::pairing(e2, P2, Q2); e1 *= e2; std::vector Q1coeff, Q2coeff; BN::precomputeG2(Q1coeff, Q1); BN::precomputeG2(Q2coeff, Q2); - BN::precomputedMillerLoop2(e2, Q1coeff, P1, Q2coeff, P2); + BN::precomputedMillerLoop2(e2, P1, Q1coeff, P2, Q2coeff); BN::finalExp(e2, e2); CYBOZU_TEST_EQUAL(e1, e2); } -void testPairing(const G2& Q, const G1& P, const char *eStr) +void testPairing(const G1& P, const G2& Q, const char *eStr) { Fp12 e1; - BN::pairing(e1, Q, P); + BN::pairing(e1, P, Q); Fp12 e2; { std::stringstream ss(eStr); @@ -211,8 +211,8 @@ void testPairing(const G2& Q, const G1& P, const char *eStr) } CYBOZU_TEST_EQUAL(e1, e2); #if 0 - for (int i = 0; i < 1000; i++) BN::pairing(e1, Q, P); -// CYBOZU_BENCH_C("pairing", 1000, BN::pairing, e1, Q, P); // 2.4Mclk + for (int i = 0; i < 1000; i++) BN::pairing(e1, P, Q); +// CYBOZU_BENCH_C("pairing", 1000, BN::pairing, e1, P, Q); // 2.4Mclk #else { Fp12 e = e1, ea; @@ -228,14 +228,14 @@ void testPairing(const G2& Q, const G1& P, const char *eStr) Fp12::pow(ea, e, a); G1::mul(Pa, P, a); G2::mul(Qa, Q, a); - BN::pairing(e1, Q, Pa); - BN::pairing(e2, Qa, P); + BN::pairing(e1, Pa, Q); + BN::pairing(e2, P, Qa); CYBOZU_TEST_EQUAL(ea, e1); CYBOZU_TEST_EQUAL(ea, e2); a--; } } - CYBOZU_BENCH("pairing", BN::pairing, e1, Q, P); // 2.4Mclk + CYBOZU_BENCH("pairing", BN::pairing, e1, P, Q); // 2.4Mclk CYBOZU_BENCH("finalExp", BN::finalExp, e1, e1); // 1.3Mclk #endif } @@ -253,9 +253,9 @@ CYBOZU_TEST_AUTO(naive) testMapToG2(); testCyclotomic(); testCompress(); - testPairing(Q, P, ts.e); - testPrecomputed(Q, P); - testMillerLoop2(Q, P); + testPairing(P, Q, ts.e); + testPrecomputed(P, Q); + testMillerLoop2(P, Q); //break; } int count = (int)clk.getCount();